{"resultsPerPage":232,"startIndex":0,"totalResults":232,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-12T10:55:53.361","vulnerabilities":[{"cve":{"id":"CVE-2023-42789","sourceIdentifier":"psirt@fortinet.com","published":"2024-03-12T15:15:46.107","lastModified":"2026-07-08T13:16:23.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests."},{"lang":"es","value":"Una escritura fuera de límites en Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13 permite a un atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP especialmente manipuladas."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThanOrEqual":"2.0.13","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSASE","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisase:23.2.b:*:*:*:*:*:*:*"],"versions":[{"version":"23.2.b","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.1","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"},{"version":"6.2.0","lessThanOrEqual":"6.2.15","versionType":"semver","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortios","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.1","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"},{"version":"6.2.0","lessThanOrEqual":"6.2.15","versionType":"semver","status":"affected"}]},{"vendor":"fortinet","product":"fortipam","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.1.0","lessThanOrEqual":"1.1.2","versionType":"semver","status":"affected"},{"version":"1.0.0","lessThanOrEqual":"1.0.3","versionType":"semver","status":"affected"}]},{"vendor":"fortinet","product":"fortiproxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThanOrEqual":"2.0.13","versionType":"semver","status":"affected"}]},{"vendor":"fortinet","product":"fortiproxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-15T16:38:32.476430Z","id":"CVE-2023-42789","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.13","matchCriteriaId":"10E4FB93-7111-4F2A-8D5A-F276261D0E67"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.12","matchCriteriaId":"E5E2C1A7-AF13-4DBB-8EB4-49BE54EDABAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.6","matchCriteriaId":"3F8AA932-A965-4345-8151-9CACDEE114F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9010968B-B839-4B7C-BFB5-6BD9CBCEC166"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.15","matchCriteriaId":"7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndIncluding":"6.4.14","matchCriteriaId":"A2B52E22-C64D-4142-885E-6C44FA670574"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.12","matchCriteriaId":"BA582D59-C740-4AE7-83CA-C09A1D0EDA88"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.5","matchCriteriaId":"A6E44123-995C-4E08-84B5-FF8C76B67B29"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"61540F5B-080A-4D44-8BE0-75D7A0DCCB53"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"17FE168A-0EA4-467C-91D2-87EB6D83917A"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-328","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-23-328","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-42790","sourceIdentifier":"psirt@fortinet.com","published":"2024-03-12T15:15:46.293","lastModified":"2026-07-08T13:16:24.283","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests."},{"lang":"es","value":"Un desbordamiento de búfer en la región stack de la memoria  en Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13 permiten al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP especialmente manipuladas."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThanOrEqual":"2.0.13","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.1","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"},{"version":"6.2.0","lessThanOrEqual":"6.2.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-16T04:00:43.736004Z","id":"CVE-2023-42790","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.13","matchCriteriaId":"10E4FB93-7111-4F2A-8D5A-F276261D0E67"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.12","matchCriteriaId":"E5E2C1A7-AF13-4DBB-8EB4-49BE54EDABAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.6","matchCriteriaId":"3F8AA932-A965-4345-8151-9CACDEE114F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9010968B-B839-4B7C-BFB5-6BD9CBCEC166"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.15","matchCriteriaId":"7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndIncluding":"6.4.14","matchCriteriaId":"A2B52E22-C64D-4142-885E-6C44FA670574"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.12","matchCriteriaId":"BA582D59-C740-4AE7-83CA-C09A1D0EDA88"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.5","matchCriteriaId":"A6E44123-995C-4E08-84B5-FF8C76B67B29"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndIncluding":"7.4.1","matchCriteriaId":"2E2A5347-D536-4D43-A163-5B5A3AFE742C"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-328","source":"psirt@fortinet.com"},{"url":"https://fortiguard.com/psirt/FG-IR-23-328","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-23667","sourceIdentifier":"psirt@fortinet.com","published":"2024-06-03T10:15:13.100","lastModified":"2026-07-08T14:16:50.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."},{"lang":"es","value":"Una autorización inadecuada en Fortinet FortiWebManager versión 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP o CLI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiWebManager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"6.3.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.2.3:*:*:*:*:*:*:*"],"versions":[{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-03T16:49:28.332661Z","id":"CVE-2024-23667","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.5","matchCriteriaId":"C00F44FF-9533-4354-9060-A74E8F43E747"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"403F07C3-8D48-4403-B9EE-0076F8639CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A921BEEB-D912-471E-8176-8804F5CD5118"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C7475A8-52EB-413E-A196-6F43137B545F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-23668","sourceIdentifier":"psirt@fortinet.com","published":"2024-06-03T10:15:13.320","lastModified":"2026-07-08T14:16:50.493","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."},{"lang":"es","value":"Una autorización inadecuada en Fortinet FortiWebManager versión 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP o CLI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiWebManager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"6.3.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.2.3:*:*:*:*:*:*:*"],"versions":[{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-03T16:42:57.390397Z","id":"CVE-2024-23668","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.5","matchCriteriaId":"C00F44FF-9533-4354-9060-A74E8F43E747"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"403F07C3-8D48-4403-B9EE-0076F8639CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A921BEEB-D912-471E-8176-8804F5CD5118"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C7475A8-52EB-413E-A196-6F43137B545F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-23670","sourceIdentifier":"psirt@fortinet.com","published":"2024-06-03T10:15:13.523","lastModified":"2026-07-08T14:16:51.287","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."},{"lang":"es","value":"Una autorización inadecuada en Fortinet FortiWebManager versión 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP o CLI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiWebManager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"6.3.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.2.3:*:*:*:*:*:*:*"],"versions":[{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-03T16:51:43.637231Z","id":"CVE-2024-23670","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.5","matchCriteriaId":"C00F44FF-9533-4354-9060-A74E8F43E747"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"403F07C3-8D48-4403-B9EE-0076F8639CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A921BEEB-D912-471E-8176-8804F5CD5118"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C7475A8-52EB-413E-A196-6F43137B545F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-23669","sourceIdentifier":"psirt@fortinet.com","published":"2024-06-05T08:15:09.537","lastModified":"2026-07-08T14:16:50.870","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."},{"lang":"es","value":"Una autorización inadecuada en Fortinet FortiWebManager versión 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP o CLI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiWebManager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-05T14:06:39.473309Z","id":"CVE-2024-23669","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.5","matchCriteriaId":"C00F44FF-9533-4354-9060-A74E8F43E747"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"403F07C3-8D48-4403-B9EE-0076F8639CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A921BEEB-D912-471E-8176-8804F5CD5118"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C7475A8-52EB-413E-A196-6F43137B545F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-33503","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:29.517","lastModified":"2026-07-08T14:16:51.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands"},{"lang":"es","value":"Una gestión de privilegios incorrecta en Fortinet FortiManager versión 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiAnalyzer versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14 permite a los atacantes escalar privilegios a través de comandos de shell específicos."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiManager Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.1","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.1","lessThanOrEqual":"7.0.13","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-14T15:16:33.256242Z","id":"CVE-2024-33503","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"E6F162A7-0D01-43E0-99D8-D7B87B080853"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.2.7","matchCriteriaId":"38BFF3B9-3927-4B15-A573-4EDB20362841"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.3","matchCriteriaId":"40C3665B-3E49-4D0C-B924-266D49F1E510"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"71CC4AA3-04CC-49CA-A012-E28C4D1F11DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3AE9CAFD-5D5B-4799-8690-624225963595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndExcluding":"7.2.7","matchCriteriaId":"75DA0ED6-C606-4763-A7B0-575F8061237A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-127","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-35276","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:29.973","lastModified":"2026-07-08T14:16:52.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0.0 through 7.0.12, FortiAnalyzer 6.4.0 through 6.4.14, FortiAnalyzer Cloud 7.4.1 through 7.4.3, FortiAnalyzer Cloud 7.2.1 through 7.2.5, FortiAnalyzer Cloud 7.0.1 through 7.0.11, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0.1 through 7.0.11, FortiManager Cloud 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets."},{"lang":"es","value":"Un desbordamiento de búfer basado en pila en Fortinet FortiAnalyzer versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiManager versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiManager Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 a 7.0.11, 6.4.1 a 6.4.7, FortiAnalyzer Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 ...2, 6.4.0 a 6.4.14, FortiManager Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 a 7.0.12, 7.0.11, 6.4.1 a 6.4.7 permite a los atacantes ejecutar código o comandos no autorizados a través de paquetes especialmente manipulados."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.1","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.1","lessThanOrEqual":"7.0.11","versionType":"semver","status":"affected"},{"version":"6.4.1","lessThanOrEqual":"6.4.7","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortianalyzercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.1","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.1","lessThanOrEqual":"7.0.11","versionType":"semver","status":"affected"},{"version":"6.4.1","lessThanOrEqual":"6.4.7","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-14T15:15:20.448933Z","id":"CVE-2024-35276","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.15","matchCriteriaId":"34F71CF0-4C81-4261-BDA8-30287969D137"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.13","matchCriteriaId":"BFAF2532-DF9C-458E-B69B-59C29507F775"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.6","matchCriteriaId":"6FCEF6EE-A923-4DCE-A225-C6D1FB0123E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"E6F162A7-0D01-43E0-99D8-D7B87B080853"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.0.12","matchCriteriaId":"DD54E27E-172A-4F2D-A09A-862C4B5F4957"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.1","versionEndExcluding":"7.2.6","matchCriteriaId":"F8614C7F-FC4D-4686-9E7A-071830318813"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"6EA0888C-2D95-46ED-9BA9-F99072C02FE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.15","matchCriteriaId":"D2AD66B0-9C99-4F83-80AA-B54E6354ADFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.13","matchCriteriaId":"37456E27-0EE2-4AF8-B92F-A5284FEC0409"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.6","matchCriteriaId":"605795FE-4D3E-48D4-B2E6-AED4C79B405F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3AE9CAFD-5D5B-4799-8690-624225963595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.0.12","matchCriteriaId":"CDAE920D-C7A3-47B2-A737-1ECB2C9AFBEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.1","versionEndExcluding":"7.2.6","matchCriteriaId":"482363A8-9BE6-46F1-8795-6268F6B84FDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-165","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-48884","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:32.873","lastModified":"2026-07-08T14:16:53.563","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder"},{"lang":"es","value":"Una limitación incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal') en Fortinet FortiManager versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiOS versiones 7.6.0, 7.4.0 a 7.4.4, 7.2.5 a 7.2.9, 7.0.0 a 7.0.15, 6.4.0 a 6.4.15, FortiProxy 7.4.0 a 7.4.5, 7.2.0 a 7.2.11, 7.0.0 a 7.0.18, 2.0.0 a 2.0.14, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7, FortiManager Cloud versiones 7.4.1 hasta 7.4.3, FortiRecorder versiones 7.2.0 hasta 7.2.1, 7.0.0 hasta 7.0.4, FortiVoice versiones 7.0.0 hasta 7.0.4, 6.4.0 hasta 6.4.9, 6.0.0 hasta 6.0.12, FortiWeb 7.6.0, 7.4.0 hasta 7.4.4, 7.2.0 hasta 7.2.10, 7.0.0 hasta 7.0.10, 6.4.0 hasta 6.4.3 permite al atacante activar una escalada de privilegios a través de paquetes especialmente manipulados."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.1","versionType":"semver","status":"affected"},{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.11","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.18","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThanOrEqual":"2.0.14","versionType":"semver","status":"affected"},{"version":"1.2.0","lessThanOrEqual":"1.2.13","versionType":"semver","status":"affected"},{"version":"1.1.0","lessThanOrEqual":"1.1.6","versionType":"semver","status":"affected"},{"version":"1.0.0","lessThanOrEqual":"1.0.7","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.4","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.9","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.15","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.15","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-14T15:17:58.698254Z","id":"CVE-2024-48884","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"7269FDB6-A1D4-4912-8751-87BA52614FDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"241A8930-4ADA-4380-AA42-F10B28487595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"7.0.19","matchCriteriaId":"32CFAF1E-358A-4F6D-96CB-D7229F0D9D74"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.12","matchCriteriaId":"C8B93C73-1E94-4854-8405-C3689860A74C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.6","matchCriteriaId":"5B276403-CE85-445A-9E5D-BBFBD7AB7A68"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"CD60BA50-3F98-46BF-97E8-28AB207DE12A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.2","matchCriteriaId":"C0B0D078-2F52-46B4-B9C0-162447828E1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.4.10","matchCriteriaId":"BBF1E214-4BC5-47E8-BF02-072D6D830BAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.5","matchCriteriaId":"5EEE0DFA-DE31-4D26-AC98-6BCED8F008DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.5","matchCriteriaId":"CDB9CE13-AAF4-418C-BA26-1A0D53C5C1C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"28B43375-DA74-4C5F-BAEE-39F312EEF51F"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.16","matchCriteriaId":"B481963F-0415-42C8-BB38-C1A8BDF4B9F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.16","matchCriteriaId":"3EAE013D-7AE4-4C7A-81A0-296FE00F12CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.10","matchCriteriaId":"4D7D031B-221B-4738-AC83-4FB92A106528"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.5","matchCriteriaId":"A71AD879-997D-4787-A1E9-E4132AC521E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"44CE8EE3-D64A-49C8-87D7-C18B302F864A"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-259","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-55591","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:34.450","lastModified":"2026-07-08T14:16:53.953","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module."},{"lang":"es","value":"Una vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo [CWE-288] que afecta a FortiOS versión 7.0.0 a 7.0.16 y FortiProxy versión 7.0.0 a 7.0.19 y 7.2.0 a 7.2.12 permite que un atacante remoto obtenga privilegios de superadministrador mediante solicitudes manipuladas al módulo websocket Node.js."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","lessThanOrEqual":"7.2.12","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-23T04:55:44.336664Z","id":"CVE-2024-55591","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2025-01-14","cisaActionDue":"2025-01-21","cisaRequiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability","weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.20","matchCriteriaId":"1B14CD59-F557-48A0-8458-BECD3AD7DB3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.13","matchCriteriaId":"EDC18768-0891-465E-9900-3DF5D22A5CB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.17","matchCriteriaId":"BD357034-B2FD-4C2E-97FE-2C54D686D885"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535","source":"psirt@fortinet.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2024-45331","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-16T09:15:06.500","lastModified":"2026-07-08T14:16:53.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.2, FortiAnalyzer Cloud 7.2.1 through 7.2.6, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalate privilege via specific shell commands"},{"lang":"es","value":"Una asignación de privilegios incorrecta en las versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.15 de Fortinet FortiAnalyzer, las versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.15 de FortiManager, las versiones 7.4.1 a 7.4.2, 7.2.1 a 7.2.6, 7.0.1 a 7.0.13, 6.4.1 a 6.4.7 de FortiAnalyzer Cloud permite a un atacante escalar privilegios a través de comandos de shell específicos"}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiAnalyzer Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.2","versionType":"semver","status":"affected"},{"version":"7.2.1","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.1","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"},{"version":"6.4.1","lessThanOrEqual":"6.4.7","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.2","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.15","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-16T14:17:17.440183Z","id":"CVE-2024-45331","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"E6F162A7-0D01-43E0-99D8-D7B87B080853"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.2.7","matchCriteriaId":"38BFF3B9-3927-4B15-A573-4EDB20362841"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.3","matchCriteriaId":"40C3665B-3E49-4D0C-B924-266D49F1E510"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"71CC4AA3-04CC-49CA-A012-E28C4D1F11DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3AE9CAFD-5D5B-4799-8690-624225963595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndExcluding":"7.2.7","matchCriteriaId":"75DA0ED6-C606-4763-A7B0-575F8061237A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-127","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-48885","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-16T09:15:06.737","lastModified":"2026-07-08T14:16:53.783","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets."},{"lang":"es","value":" Una limitación incorrecta de una ruta de acceso a un directorio restringido (\"path traversal\") en Fortinet FortiRecorder versiones 7.2.0 a 7.2.1, 7.0.0 a 7.0.4, FortiWeb versiones 7.6.0, 7.4.0 a 7.4.4, 7.2.0 a 7.2.10, 7.0.0 a 7.0.10, 6.4.0 a 6.4.3, FortiVoice versiones 7.0.0 a 7.0.4, 6.4.0 a 6.4.9, 6.0.0 a 6.0.12 permite a un atacante escalar privilegios a través de paquetes especialmente manipulados."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiVoice","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.9","versionType":"semver","status":"affected"},{"version":"6.0.0","lessThanOrEqual":"6.0.12","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiRecorder","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","lessThanOrEqual":"7.2.1","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiWeb","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.4","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.12","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-16T14:15:57.157206Z","id":"CVE-2024-48885","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"CD60BA50-3F98-46BF-97E8-28AB207DE12A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.2","matchCriteriaId":"C0B0D078-2F52-46B4-B9C0-162447828E1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.4.10","matchCriteriaId":"BBF1E214-4BC5-47E8-BF02-072D6D830BAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.5","matchCriteriaId":"5EEE0DFA-DE31-4D26-AC98-6BCED8F008DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.5","matchCriteriaId":"CDB9CE13-AAF4-418C-BA26-1A0D53C5C1C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"28B43375-DA74-4C5F-BAEE-39F312EEF51F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-259","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-24472","sourceIdentifier":"psirt@fortinet.com","published":"2025-02-11T17:15:34.867","lastModified":"2026-07-08T14:16:54.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests."},{"lang":"es","value":"Una vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo [CWE-288] que afecta a FortiOS 7.0.0 a 7.0.16 y FortiProxy 7.2.0 a 7.2.12, 7.0.0 a 7.0.19 puede permitir que un atacante remoto obtenga privilegios de superadministrador a través de solicitudes de proxy CSF manipuladas."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","lessThanOrEqual":"7.2.12","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-18T18:32:10.857001Z","id":"CVE-2025-24472","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2025-03-18","cisaActionDue":"2025-04-08","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability","weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.20","matchCriteriaId":"1B14CD59-F557-48A0-8458-BECD3AD7DB3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.13","matchCriteriaId":"EDC18768-0891-465E-9900-3DF5D22A5CB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.17","matchCriteriaId":"BD357034-B2FD-4C2E-97FE-2C54D686D885"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24472","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2025-6170","sourceIdentifier":"secalert@redhat.com","published":"2025-06-16T16:15:20.430","lastModified":"2026-07-08T15:16:24.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections."},{"lang":"es","value":"Se detectó una falla en el shell interactivo de la herramienta de línea de comandos xmllint, utilizada para analizar archivos XML. Cuando un usuario introduce un comando demasiado largo, el programa no verifica correctamente el tamaño de entrada, lo que puede provocar un bloqueo. Este problema podría permitir a los atacantes ejecutar código dañino en configuraciones poco comunes sin protecciones modernas."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.gnome.org/GNOME/libxml2/","packageName":"libxml2","versions":[{"version":"0","lessThan":"2.14.5","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.9.7-21.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.9.7-21.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"libxml2-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.15.2-0.3.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Core Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"libxml2","cpes":["cpe:/a:redhat:jboss_core_services:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM RST2428P","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V4.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-16T16:05:03.613731Z","id":"CVE-2025-6170","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*","matchCriteriaId":"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xmlsoft:libxml2:-:*:*:*:*:*:*:*","matchCriteriaId":"61F6944D-0CFD-4525-8A80-3AB1360AE6F5"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36734","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7519","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-6170","source":"secalert@redhat.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372952","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/941","source":"secalert@redhat.com"},{"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-253495.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-31366","sourceIdentifier":"psirt@fortinet.com","published":"2025-10-14T16:15:37.423","lastModified":"2026-07-08T13:16:24.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSASE","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisase:25.2.a:*:*:*:*:*:*:*"],"versions":[{"version":"25.2.a","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.7","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.13","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.3","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.8","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.16","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.23","versionType":"semver","status":"affected"}]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM APE1808","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-10-14T16:45:04.804545Z","id":"CVE-2025-31366","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.9","matchCriteriaId":"1B6548FD-E370-45D7-81D5-6EF892810052"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"C1C30E0D-7F09-42D2-9EB1-E2196BD50D75"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.6.4","matchCriteriaId":"4DA70753-E996-4081-9C13-7F60AC993B09"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:feature:*:*:*","matchCriteriaId":"53197A72-5D08-4938-A415-72C573024BF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:mature:*:*:*","matchCriteriaId":"2603C391-AEC6-450A-A30A-4F8682F9565D"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-542","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-864900.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-47890","sourceIdentifier":"psirt@fortinet.com","published":"2025-10-14T16:15:38.667","lastModified":"2026-07-08T13:16:24.977","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.8","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.13","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.3","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.14","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.16","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.23","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSASE","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisase:25.2.a:*:*:*:*:*:*:*"],"versions":[{"version":"25.2.a","status":"affected"}]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM APE1808","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-10-16T17:27:26.292358Z","id":"CVE-2025-47890","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.9","matchCriteriaId":"1B6548FD-E370-45D7-81D5-6EF892810052"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"C1C30E0D-7F09-42D2-9EB1-E2196BD50D75"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.6.4","matchCriteriaId":"4DA70753-E996-4081-9C13-7F60AC993B09"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:feature:*:*:*","matchCriteriaId":"53197A72-5D08-4938-A415-72C573024BF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:mature:*:*:*","matchCriteriaId":"2603C391-AEC6-450A-A30A-4F8682F9565D"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-542","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-864900.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-69872","sourceIdentifier":"cve@mitre.org","published":"2026-02-11T19:15:50.360","lastModified":"2026-07-08T13:16:27.110","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache."},{"lang":"es","value":"DiskCache (python-diskcache) hasta la versión 5.6.3 utiliza Python pickle para la serialización por defecto. Un atacante con acceso de escritura al directorio de caché puede lograr ejecución de código arbitrario cuando una aplicación víctima lee de la caché."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-12T15:11:02.221552Z","id":"CVE-2025-69872","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md","source":"cve@mitre.org"},{"url":"https://github.com/grantjenks/python-diskcache","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2026:36350","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3713","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-69872","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439059","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69872.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2025-69196","sourceIdentifier":"security-advisories@github.com","published":"2026-03-16T19:16:14.397","lastModified":"2026-07-08T13:16:26.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization. This issue has been patched 2.14.2."},{"lang":"es","value":"FastMCP es el framework estándar para construir aplicaciones MCP. Antes de la versión 2.14.2, el servidor no respeta adecuadamente el parámetro de recurso enviado por el cliente en la solicitud de autorización y de token. En lugar de emitir el token explícitamente para el servidor MCP, el token se emite para la base_url pasada al OAuthProxy durante la inicialización. Este problema ha sido parcheado en 2.14.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jlowin","product":"fastmcp","versions":[{"version":"< 2.14.2","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:rhdh:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-16T19:09:19.463530Z","id":"CVE-2025-69196","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1220"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.14.2","matchCriteriaId":"D20B7869-1019-4F0B-9135-0EE29889FF4F"}]}]}],"references":[{"url":"https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-5h2m-4q8j-pqpj","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36350","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-69196","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448179","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69196.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-23401","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-01T09:16:15.260","lastModified":"2026-07-08T13:16:30.563","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE\n\nWhen installing an emulated MMIO SPTE, do so *after* dropping/zapping the\nexisting SPTE (if it's shadow-present).  While commit a54aa15c6bda3 was\nright about it being impossible to convert a shadow-present SPTE to an\nMMIO SPTE due to a _guest_ write, it failed to account for writes to guest\nmemory that are outside the scope of KVM.\n\nE.g. if host userspace modifies a shadowed gPTE to switch from a memslot\nto emulted MMIO and then the guest hits a relevant page fault, KVM will\ninstall the MMIO SPTE without first zapping the shadow-present SPTE.\n\n  ------------[ cut here ]------------\n  is_shadow_present_pte(*sptep)\n  WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292\n  Modules linked in: kvm_intel kvm irqbypass\n  CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #319 PREEMPT\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n  RIP: 0010:mark_mmio_spte+0xb2/0xc0 [kvm]\n  Call Trace:\n   <TASK>\n   mmu_set_spte+0x237/0x440 [kvm]\n   ept_page_fault+0x535/0x7f0 [kvm]\n   kvm_mmu_do_page_fault+0xee/0x1f0 [kvm]\n   kvm_mmu_page_fault+0x8d/0x620 [kvm]\n   vmx_handle_exit+0x18c/0x5a0 [kvm_intel]\n   kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm]\n   kvm_vcpu_ioctl+0x2d5/0x980 [kvm]\n   __x64_sys_ioctl+0x8a/0xd0\n   do_syscall_64+0xb5/0x730\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n  RIP: 0033:0x47fa3f\n   </TASK>\n  ---[ end trace 0000000000000000 ]---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/mmu/mmu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"20656cd1f243d3a154aac5dd1b823110b6906fe1","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"ed5909992f344a7d3f4024261e9f751d9618a27d","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"fd28c5618699180cd69619801e9ae6a5266c0a22","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"459158151a158a6703b49f3c9de0e536d8bd553f","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"695320de6eadb75aaed8be1787c4ce4c189e4c7b","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"bce7fe59d43531623f3e43779127bfb33804925d","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"aad885e774966e97b675dfe928da164214a71605","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/mmu/mmu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.131","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.80","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.21","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.11","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.0::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13.1","versionEndExcluding":"5.15.203","matchCriteriaId":"CC3F58C6-09EC-41E6-8E82-613F5965C0DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.131","matchCriteriaId":"CE6ED4D4-0046-4573-BFA9-D64143B6A89F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:*","matchCriteriaId":"8F0E7012-0BA3-4E6A-ADE9-57973CBDEE28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/20656cd1f243d3a154aac5dd1b823110b6906fe1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/459158151a158a6703b49f3c9de0e536d8bd553f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/695320de6eadb75aaed8be1787c4ce4c189e4c7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aad885e774966e97b675dfe928da164214a71605","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bce7fe59d43531623f3e43779127bfb33804925d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ed5909992f344a7d3f4024261e9f751d9618a27d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd28c5618699180cd69619801e9ae6a5266c0a22","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:13577","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13578","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13932","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13936","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14137","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14230","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14339","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:15883","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19521","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19568","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19569","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19875","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20593","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36530","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36531","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36533","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36534","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-23401","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453803","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23401.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-20042","sourceIdentifier":"psirt@cisco.com","published":"2026-04-01T17:28:26.173","lastModified":"2026-07-08T13:24:15.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.\r\n\r\nThis vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Nexus Dashboard","defaultStatus":"unknown","versions":[{"version":"1.1(3e)","status":"affected"},{"version":"1.1(3c)","status":"affected"},{"version":"1.1(3d)","status":"affected"},{"version":"1.1(0d)","status":"affected"},{"version":"1.1(2i)","status":"affected"},{"version":"2.0(1b)","status":"affected"},{"version":"1.1(2h)","status":"affected"},{"version":"1.1(0c)","status":"affected"},{"version":"1.1(3f)","status":"affected"},{"version":"2.1(1d)","status":"affected"},{"version":"2.1(1e)","status":"affected"},{"version":"2.0(2g)","status":"affected"},{"version":"2.0(2h)","status":"affected"},{"version":"2.1(2d)","status":"affected"},{"version":"2.0(1d)","status":"affected"},{"version":"2.2(1h)","status":"affected"},{"version":"2.2(1e)","status":"affected"},{"version":"2.2(2d)","status":"affected"},{"version":"2.1(2f)","status":"affected"},{"version":"2.3(1c)","status":"affected"},{"version":"2.3(2b)","status":"affected"},{"version":"2.3(2c)","status":"affected"},{"version":"2.3(2d)","status":"affected"},{"version":"2.3(2e)","status":"affected"},{"version":"3.0(1f)","status":"affected"},{"version":"3.0(1i)","status":"affected"},{"version":"3.1(1k)","status":"affected"},{"version":"3.1(1l)","status":"affected"},{"version":"3.2(1e)","status":"affected"},{"version":"3.2(1i)","status":"affected"},{"version":"3.3(1a)","status":"affected"},{"version":"3.3(1b)","status":"affected"},{"version":"3.3(2b)","status":"affected"},{"version":"4.0(1i)","status":"affected"},{"version":"3.3(2g)","status":"affected"},{"version":"3.2(2f)","status":"affected"},{"version":"3.2(2g)","status":"affected"},{"version":"3.2(2m)","status":"affected"},{"version":"3.1(1n)","status":"affected"},{"version":"4.1(1g)","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-01T00:00:00+00:00","id":"CVE-2026-20042","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.1","matchCriteriaId":"0045E301-38B4-4B35-96E4-A3F0F844AE3B"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20151","sourceIdentifier":"psirt@cisco.com","published":"2026-04-01T17:28:31.097","lastModified":"2026-07-08T13:25:32.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\n\r\nThis vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to elevate privileges on the affected system from low to administrative.\r\nTo exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of System User.\r\nNote: This vulnerability exposes information only about users who logged in to the Cisco SSM On-Prem host using the web interface and who are currently logged in. SSH sessions are not affected."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Smart Software Manager On-Prem","defaultStatus":"unknown","versions":[{"version":"7-202001","status":"affected"},{"version":"8-202004","status":"affected"},{"version":"8-202006","status":"affected"},{"version":"8-202012","status":"affected"},{"version":"8-202010","status":"affected"},{"version":"8-202008","status":"affected"},{"version":"9-202201","status":"affected"},{"version":"8-202102","status":"affected"},{"version":"8-202105","status":"affected"},{"version":"8-202108","status":"affected"},{"version":"8-202112","status":"affected"},{"version":"8-202201","status":"affected"},{"version":"8-202206","status":"affected"},{"version":"8-202212","status":"affected"},{"version":"8-202302","status":"affected"},{"version":"8-202303","status":"affected"},{"version":"8-202304","status":"affected"},{"version":"8-202308","status":"affected"},{"version":"8-202401","status":"affected"},{"version":"8-202404","status":"affected"},{"version":"9-202406","status":"affected"},{"version":"9-202407","status":"affected"},{"version":"9-202410","status":"affected"},{"version":"9-202412","status":"affected"},{"version":"9-202501","status":"affected"},{"version":"9-202502","status":"affected"},{"version":"9-202504","status":"affected"},{"version":"9-202507","status":"affected"},{"version":"9-202510","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-01T00:00:00+00:00","id":"CVE-2026-20151","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:smart_software_manager_on-prem:*:*:*:*:*:*:*:*","versionEndExcluding":"9-202601","matchCriteriaId":"D2F0EA7E-9F9D-4A2A-B64D-8335F4A169E3"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-32871","sourceIdentifier":"security-advisories@github.com","published":"2026-04-02T15:16:38.740","lastModified":"2026-07-08T13:16:36.240","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerability exists in the _build_url() method. When an OpenAPI operation defines path parameters (e.g., /api/v1/users/{user_id}), the system directly substitutes parameter values into the URL template string without URL-encoding. Subsequently, urllib.parse.urljoin() resolves the final URL. Since urljoin() interprets ../ sequences as directory traversal, an attacker controlling a path parameter can perform path traversal attacks to escape the intended API prefix and access arbitrary backend endpoints. This results in authenticated SSRF, as requests are sent with the authorization headers configured in the MCP provider. This issue has been patched in version 3.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"PrefectHQ","product":"fastmcp","versions":[{"version":"< 3.2.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-02T15:59:21.963304Z","id":"CVE-2026-32871","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.0","matchCriteriaId":"4247F36F-7D37-47DF-A475-E607F1BAD799"}]}]}],"references":[{"url":"https://github.com/PrefectHQ/fastmcp/commit/40bdfb6b1de0ce30609ee9ba5bb95ecd04a9fb71","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/PrefectHQ/fastmcp/pull/3507","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.2.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36350","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-32871","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454434","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32871.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-31402","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:39.283","lastModified":"2026-07-08T13:16:34.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/nfsd/nfs4xdr.c","fs/nfsd/state.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f9fcb4441f6c02bb20c2eb340101e27dfe23607c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2665887a69437a8a4f552f69509eecfb73d4aa19","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c9452c0797c95cf2378170df96cf4f4b3bca7eff","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8afb437ea1f70cacb4bbdf11771fb5c4d720b965","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"0f0e2a54a31a7f9ad2915db99156114872317388","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ae8498337dfdfda71bdd0b807c9a23a126011d76","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5133b61aaf437e5f25b1b396b14242a6bb0508e2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/nfsd/nfs4xdr.c","fs/nfsd/state.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.20","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.10","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux for Real Time (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_extras_rt_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.0::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.167","matchCriteriaId":"56D62904-7C85-4BED-9EC0-3982B880F72D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f0e2a54a31a7f9ad2915db99156114872317388","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2665887a69437a8a4f552f69509eecfb73d4aa19","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5133b61aaf437e5f25b1b396b14242a6bb0508e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8afb437ea1f70cacb4bbdf11771fb5c4d720b965","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae8498337dfdfda71bdd0b807c9a23a126011d76","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9452c0797c95cf2378170df96cf4f4b3bca7eff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f9fcb4441f6c02bb20c2eb340101e27dfe23607c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:10108","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11313","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13565","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13566","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13577","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13578","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13664","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13681","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13734","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13936","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14137","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14165","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14301","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14823","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14869","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14925","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:15883","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19568","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19569","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36530","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36531","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36533","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36534","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-31402","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454844","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31402.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5590","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-04-05T04:16:16.370","lastModified":"2026-07-08T13:38:21.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and dereferenced without validation, leading to a crash."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-06T14:21:53.207121Z","id":"CVE-2026-5590","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vqm-pw24-g9jp","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39848","sourceIdentifier":"security-advisories@github.com","published":"2026-04-09T22:16:34.407","lastModified":"2026-07-08T14:42:35.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"10ij","product":"dockyard","versions":[{"version":"< 1.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-10T13:54:19.256778Z","id":"CVE-2026-39848","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:10ij:dockyard:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.0","matchCriteriaId":"3015DA96-86AA-4CE0-B7E7-4C6E3159E02E"}]}]}],"references":[{"url":"https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g","source":"security-advisories@github.com","tags":["Broken Link"]},{"url":"https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-31419","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:11.447","lastModified":"2026-07-08T13:16:34.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix use-after-free in bond_xmit_broadcast()\n\nbond_xmit_broadcast() reuses the original skb for the last slave\n(determined by bond_is_last_slave()) and clones it for others.\nConcurrent slave enslave/release can mutate the slave list during\nRCU-protected iteration, changing which slave is \"last\" mid-loop.\nThis causes the original skb to be double-consumed (double-freed).\n\nReplace the racy bond_is_last_slave() check with a simple index\ncomparison (i + 1 == slaves_count) against the pre-snapshot slave\ncount taken via READ_ONCE() before the loop.  This preserves the\nzero-copy optimization for the last slave while making the \"last\"\ndetermination stable against concurrent list mutations.\n\nThe UAF can trigger the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in skb_clone\nRead of size 8 at addr ffff888100ef8d40 by task exploit/147\n\nCPU: 1 UID: 0 PID: 147 Comm: exploit Not tainted 7.0.0-rc3+ #4 PREEMPTLAZY\nCall Trace:\n <TASK>\n dump_stack_lvl (lib/dump_stack.c:123)\n print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n kasan_report (mm/kasan/report.c:597)\n skb_clone (include/linux/skbuff.h:1724 include/linux/skbuff.h:1792 include/linux/skbuff.h:3396 net/core/skbuff.c:2108)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5334)\n bond_start_xmit (drivers/net/bonding/bond_main.c:5567 drivers/net/bonding/bond_main.c:5593)\n dev_hard_start_xmit (include/linux/netdevice.h:5325 include/linux/netdevice.h:5334 net/core/dev.c:3871 net/core/dev.c:3887)\n __dev_queue_xmit (include/linux/netdevice.h:3601 net/core/dev.c:4838)\n ip6_finish_output2 (include/net/neighbour.h:540 include/net/neighbour.h:554 net/ipv6/ip6_output.c:136)\n ip6_finish_output (net/ipv6/ip6_output.c:208 net/ipv6/ip6_output.c:219)\n ip6_output (net/ipv6/ip6_output.c:250)\n ip6_send_skb (net/ipv6/ip6_output.c:1985)\n udp_v6_send_skb (net/ipv6/udp.c:1442)\n udpv6_sendmsg (net/ipv6/udp.c:1733)\n __sys_sendto (net/socket.c:730 net/socket.c:742 net/socket.c:2206)\n __x64_sys_sendto (net/socket.c:2209)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n </TASK>\n\nAllocated by task 147:\n\nFreed by task 147:\n\nThe buggy address belongs to the object at ffff888100ef8c80\n which belongs to the cache skbuff_head_cache of size 224\nThe buggy address is located 192 bytes inside of\n freed 224-byte region [ffff888100ef8c80, ffff888100ef8d60)\n\nMemory state around the buggy address:\n ffff888100ef8c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888100ef8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n>ffff888100ef8d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n                                                    ^\n ffff888100ef8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb\n ffff888100ef8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n=================================================================="}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/bonding/bond_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"2de5c8eea0a9db99dae7c36f4b541b74b41d3a04","versionType":"git","status":"affected"},{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"a0f661918edc79d7a75e468128af8d41e2a1a83a","versionType":"git","status":"affected"},{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"d4cc7e4c80b1634c7b1497574a2fdb18df6c026c","versionType":"git","status":"affected"},{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"f5b94654a4a19891a8108d66ef166de6c028c6cd","versionType":"git","status":"affected"},{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"2884bf72fb8f03409e423397319205de48adca16","versionType":"git","status":"affected"},{"version":"20949c3816463e97c6f8fe84c0280c7e5ae83a8d","versionType":"git","status":"affected"},{"version":"f1d206181f19b00b275b258fea1418718a2f4173","versionType":"git","status":"affected"},{"version":"c1f1691ef84fa6d38fa5e5148eca073145e97ffa","versionType":"git","status":"affected"},{"version":"5.10.94","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"5.15.17","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"5.16.3","lessThan":"5.17","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/bonding/bond_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.95","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.94","versionEndExcluding":"5.11","matchCriteriaId":"D97173A0-CD12-4773-B2F5-A9037AAB0383"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.17","versionEndExcluding":"5.16","matchCriteriaId":"FE141E86-782B-4D36-B214-2FB7AC66A083"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.3","versionEndExcluding":"5.17","matchCriteriaId":"7532EA4E-6958-4B4C-8270-4601DA8D95B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.12.86","matchCriteriaId":"E9F33D27-F3AA-49EF-8A71-D0AA86C50602"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2884bf72fb8f03409e423397319205de48adca16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2de5c8eea0a9db99dae7c36f4b541b74b41d3a04","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a0f661918edc79d7a75e468128af8d41e2a1a83a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d4cc7e4c80b1634c7b1497574a2fdb18df6c026c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5b94654a4a19891a8108d66ef166de6c028c6cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:13566","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19521","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21209","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22334","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22900","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22940","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23224","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25191","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25217","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27353","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27354","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35870","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36172","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36530","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36531","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36533","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36534","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-31419","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457829","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31419.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-21742","sourceIdentifier":"psirt@fortinet.com","published":"2026-04-14T16:16:35.930","lastModified":"2026-07-08T13:16:30.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured"}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSOAR on-premise","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.5.0","lessThanOrEqual":"7.5.1","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.3.0","lessThanOrEqual":"7.3.3","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSOAR PaaS","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.5.0","lessThanOrEqual":"7.5.1","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.3.0","lessThanOrEqual":"7.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-14T16:35:12.570489Z","id":"CVE-2026-21742","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndExcluding":"7.5.3","matchCriteriaId":"CD42D7DF-B095-44E1-B7E1-D203678DF740"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"6E11F916-A349-4C7F-8F39-2A3C9F2FB006"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-106","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-22155","sourceIdentifier":"psirt@fortinet.com","published":"2026-04-14T16:16:36.267","lastModified":"2026-07-08T13:16:30.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>"}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSOAR PaaS","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.3","versionType":"semver","status":"affected"},{"version":"7.5.0","lessThanOrEqual":"7.5.2","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.3.0","lessThanOrEqual":"7.3.3","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSOAR on-premise","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.5.0","lessThanOrEqual":"7.5.1","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.3.0","lessThanOrEqual":"7.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-14T16:34:58.769731Z","id":"CVE-2026-22155","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndExcluding":"7.5.3","matchCriteriaId":"CD42D7DF-B095-44E1-B7E1-D203678DF740"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"6E11F916-A349-4C7F-8F39-2A3C9F2FB006"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-106","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20147","sourceIdentifier":"psirt@cisco.com","published":"2026-04-15T17:17:02.410","lastModified":"2026-07-08T14:20:19.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.3 Patch 8","status":"affected"},{"version":"3.2 Patch 8","status":"affected"},{"version":"3.5 Patch 1","status":"affected"},{"version":"3.3 Patch 9","status":"affected"},{"version":"3.2 Patch 9","status":"affected"},{"version":"3.4 Patch 5","status":"affected"},{"version":"3.5 Patch 2","status":"affected"}]},{"vendor":"Cisco","product":"Cisco ISE Passive Identity Connector","defaultStatus":"unknown","versions":[{"version":"3.2.0","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T00:00:00+00:00","id":"CVE-2026-20147","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"BB8FD39E-819E-48CB-AD6C-2F9F6AEF600E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:-:*:*:*:*:*:*","matchCriteriaId":"006E0D77-534C-447F-8E97-EC0AB906D978"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch1:*:*:*:*:*:*","matchCriteriaId":"AC07A742-D194-425C-945C-3977E96B61B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch10:*:*:*:*:*:*","matchCriteriaId":"00D4B446-EDCE-41DC-A03B-97D8A371B0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch2:*:*:*:*:*:*","matchCriteriaId":"97787372-9A0D-4916-A7A2-19237B84419F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch3:*:*:*:*:*:*","matchCriteriaId":"2E2D9D7C-A36E-489D-A2E1-ACE9E9C399BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch4:*:*:*:*:*:*","matchCriteriaId":"3ABA57DA-78C9-489B-88E5-6E5275E53388"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2ABFB0CE-60CF-4969-A91E-186F457C8014"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B8CF7EF0-FBAA-47C7-8386-F67264CA8D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5F08ACD7-2867-428A-966C-6509283FCA10"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch8:*:*:*:*:*:*","matchCriteriaId":"B365970F-9239-45F8-80C6-DA426FCA2E32"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch9:*:*:*:*:*:*","matchCriteriaId":"5A66142F-712F-4EFA-9FC4-E499D3015DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"50D8B7DD-14A8-4C67-8B32-E1F9C7D9C01E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"CB65DFF8-33D8-4840-8A63-7C4797FF0B51"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"890FDA62-DED9-401B-9D44-26F3624118CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"604079BA-78F5-4D20-AF27-E7A9A899DA0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"25344C6F-8EB6-4709-A51B-DCA26AA885E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51DE5AD0-5DFA-460D-B22D-0F5E367A9A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"683F2E87-9759-4A98-B7C9-489E74837D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"22BF8687-84E4-4609-8100-FD2408DF3247"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch8:*:*:*:*:*:*","matchCriteriaId":"19F88640-BC3E-42D2-ADDC-59114974103C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch9:*:*:*:*:*:*","matchCriteriaId":"40A94055-EF01-4799-813D-7BFFDD13C685"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"3CA3315D-8A45-43F4-A0F0-094D325F285B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"B3736136-9FD8-4B12-B119-EA15201224D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"FB15AE6D-F4EF-40AD-A88E-D22612AEF2A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"654ED77E-22D3-4E76-9E6D-B1581F5982F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"A0648EE9-F042-479F-9AAB-C6B5DBC46511"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"83F3BA58-4F38-41C8-956F-38A2F44EECE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"6C30FA1D-91E2-48C5-B181-A88FDF668278"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"768215B1-80B7-40FF-8772-BA4C0B3913F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"40239DA8-43B6-466B-85B0-6D644D7027D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"9118B7ED-E678-47C3-9D17-F522D9362B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"C2ED3257-CB9D-4FD5-A482-3648CF292128"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"CC0525FD-C4D7-4B48-BF35-1791391AB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"68C96F6B-51EE-4D03-9598-CBFD16DA22EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"62F25185-D19E-4EC5-8A68-7AB669B76E90"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"C457D2EC-FB63-49B7-A90E-CE67ED763BAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"6566330F-A048-44A1-9821-7A5844C82CEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"1154F196-2CB3-4AC2-BE00-11A8942EA999"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2A7003EB-C578-4C02-B768-F8C4C8421382"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"16B32F60-CEB7-4816-AA7C-3130D1053DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"755761D7-8DDD-4219-8E37-FA535757710A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"3283F4AC-CAD8-49B7-956E-05B1C1672A42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*","matchCriteriaId":"7A789B44-7E6C-4FE9-BD40-702A871AB8AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*","matchCriteriaId":"93920663-445E-4456-A905-81CEC6CA1833"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch10:*:*:*:*:*:*","matchCriteriaId":"DF9CCBFA-0004-48F7-B142-6FDD4B3E1081"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*","matchCriteriaId":"33DA5BB8-4CFE-44BD-9CEB-BC26577E8477"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*","matchCriteriaId":"D3AEFA85-66B5-4145-A4AD-96D1FF86B46D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*","matchCriteriaId":"7A6A0697-6A9E-48EF-82D8-36C75E0CDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*","matchCriteriaId":"E939B65A-7912-4C36-8799-03A1526D7BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*","matchCriteriaId":"833B438F-0869-4C0D-9952-750C00702E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*","matchCriteriaId":"E8B2588D-01F9-450B-B2E3-ADC4125E354E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*","matchCriteriaId":"E41016C0-19E6-4BCC-A8DD-F6C9A2B0003E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*","matchCriteriaId":"654E946A-07C5-4036-BC54-85EF42B808DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"7932D5D5-83E1-4BEF-845A-D0783D4BB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"1B818846-4A6E-4256-B344-281E8C786C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"A44858A2-922A-425A-8B38-0C47DB911A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"53484A32-757B-42F8-B655-554C34222060"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"0CCAC61F-C273-49B3-A631-31D3AE3EB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B452B4F0-8510-475E-9AE8-B48FABB4D7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5733512D-12B5-4098-AF90-9D68217FAC27"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch8:*:*:*:*:*:*","matchCriteriaId":"4ED98020-7BAF-4E5E-8B7B-22537200C283"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch9:*:*:*:*:*:*","matchCriteriaId":"4C6839DC-F3A2-4133-BF60-2E678E6DD4A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"43F3A55D-D4FC-4D93-9513-94B64B21A2B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"D4B14684-EB9E-405B-85FA-B62E57CB292C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"22B752D1-9E8F-4FB7-8EEB-F9234492372B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"85A1CC7D-FE54-4AC0-B98F-972C4B1F3189"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"D3727619-E0CA-4CA9-BE35-0C732BCF1741"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2CFB7565-3930-409C-B5DB-CE77E6ED7C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2610FD35-BC4B-41B7-9C92-E6E5264FEE54"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"3FEE4377-B238-4442-9892-28CECFB2319E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"6598563B-7E32-43FB-96A7-88C53E4CE226"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20148","sourceIdentifier":"psirt@cisco.com","published":"2026-04-15T17:17:02.637","lastModified":"2026-07-08T14:20:10.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.3 Patch 8","status":"affected"},{"version":"3.2 Patch 8","status":"affected"},{"version":"3.5 Patch 1","status":"affected"},{"version":"3.3 Patch 9","status":"affected"},{"version":"3.2 Patch 9","status":"affected"}]},{"vendor":"Cisco","product":"Cisco ISE Passive Identity Connector","defaultStatus":"unknown","versions":[{"version":"3.2.0","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T16:50:58.114801Z","id":"CVE-2026-20148","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"742B3761-9FD6-4E67-BDDD-D4DD2C3111D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*","matchCriteriaId":"7A789B44-7E6C-4FE9-BD40-702A871AB8AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*","matchCriteriaId":"93920663-445E-4456-A905-81CEC6CA1833"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch10:*:*:*:*:*:*","matchCriteriaId":"DF9CCBFA-0004-48F7-B142-6FDD4B3E1081"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*","matchCriteriaId":"33DA5BB8-4CFE-44BD-9CEB-BC26577E8477"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*","matchCriteriaId":"D3AEFA85-66B5-4145-A4AD-96D1FF86B46D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*","matchCriteriaId":"7A6A0697-6A9E-48EF-82D8-36C75E0CDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*","matchCriteriaId":"E939B65A-7912-4C36-8799-03A1526D7BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*","matchCriteriaId":"833B438F-0869-4C0D-9952-750C00702E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*","matchCriteriaId":"E8B2588D-01F9-450B-B2E3-ADC4125E354E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*","matchCriteriaId":"E41016C0-19E6-4BCC-A8DD-F6C9A2B0003E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*","matchCriteriaId":"654E946A-07C5-4036-BC54-85EF42B808DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"7932D5D5-83E1-4BEF-845A-D0783D4BB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"1B818846-4A6E-4256-B344-281E8C786C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"A44858A2-922A-425A-8B38-0C47DB911A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"53484A32-757B-42F8-B655-554C34222060"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"0CCAC61F-C273-49B3-A631-31D3AE3EB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B452B4F0-8510-475E-9AE8-B48FABB4D7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5733512D-12B5-4098-AF90-9D68217FAC27"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch8:*:*:*:*:*:*","matchCriteriaId":"4ED98020-7BAF-4E5E-8B7B-22537200C283"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch9:*:*:*:*:*:*","matchCriteriaId":"4C6839DC-F3A2-4133-BF60-2E678E6DD4A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"43F3A55D-D4FC-4D93-9513-94B64B21A2B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"D4B14684-EB9E-405B-85FA-B62E57CB292C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"22B752D1-9E8F-4FB7-8EEB-F9234492372B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"85A1CC7D-FE54-4AC0-B98F-972C4B1F3189"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"D3727619-E0CA-4CA9-BE35-0C732BCF1741"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2CFB7565-3930-409C-B5DB-CE77E6ED7C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2610FD35-BC4B-41B7-9C92-E6E5264FEE54"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"3FEE4377-B238-4442-9892-28CECFB2319E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"6598563B-7E32-43FB-96A7-88C53E4CE226"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"BB8FD39E-819E-48CB-AD6C-2F9F6AEF600E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:-:*:*:*:*:*:*","matchCriteriaId":"006E0D77-534C-447F-8E97-EC0AB906D978"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch1:*:*:*:*:*:*","matchCriteriaId":"AC07A742-D194-425C-945C-3977E96B61B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch10:*:*:*:*:*:*","matchCriteriaId":"00D4B446-EDCE-41DC-A03B-97D8A371B0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch2:*:*:*:*:*:*","matchCriteriaId":"97787372-9A0D-4916-A7A2-19237B84419F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch3:*:*:*:*:*:*","matchCriteriaId":"2E2D9D7C-A36E-489D-A2E1-ACE9E9C399BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch4:*:*:*:*:*:*","matchCriteriaId":"3ABA57DA-78C9-489B-88E5-6E5275E53388"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2ABFB0CE-60CF-4969-A91E-186F457C8014"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B8CF7EF0-FBAA-47C7-8386-F67264CA8D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5F08ACD7-2867-428A-966C-6509283FCA10"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch8:*:*:*:*:*:*","matchCriteriaId":"B365970F-9239-45F8-80C6-DA426FCA2E32"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch9:*:*:*:*:*:*","matchCriteriaId":"5A66142F-712F-4EFA-9FC4-E499D3015DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"50D8B7DD-14A8-4C67-8B32-E1F9C7D9C01E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"CB65DFF8-33D8-4840-8A63-7C4797FF0B51"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"890FDA62-DED9-401B-9D44-26F3624118CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"604079BA-78F5-4D20-AF27-E7A9A899DA0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"25344C6F-8EB6-4709-A51B-DCA26AA885E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51DE5AD0-5DFA-460D-B22D-0F5E367A9A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"683F2E87-9759-4A98-B7C9-489E74837D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"22BF8687-84E4-4609-8100-FD2408DF3247"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch8:*:*:*:*:*:*","matchCriteriaId":"19F88640-BC3E-42D2-ADDC-59114974103C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch9:*:*:*:*:*:*","matchCriteriaId":"40A94055-EF01-4799-813D-7BFFDD13C685"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"3CA3315D-8A45-43F4-A0F0-094D325F285B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"B3736136-9FD8-4B12-B119-EA15201224D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"FB15AE6D-F4EF-40AD-A88E-D22612AEF2A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"654ED77E-22D3-4E76-9E6D-B1581F5982F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"A0648EE9-F042-479F-9AAB-C6B5DBC46511"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"83F3BA58-4F38-41C8-956F-38A2F44EECE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"6C30FA1D-91E2-48C5-B181-A88FDF668278"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"768215B1-80B7-40FF-8772-BA4C0B3913F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"40239DA8-43B6-466B-85B0-6D644D7027D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"9118B7ED-E678-47C3-9D17-F522D9362B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"C2ED3257-CB9D-4FD5-A482-3648CF292128"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"CC0525FD-C4D7-4B48-BF35-1791391AB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"68C96F6B-51EE-4D03-9598-CBFD16DA22EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"62F25185-D19E-4EC5-8A68-7AB669B76E90"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"C457D2EC-FB63-49B7-A90E-CE67ED763BAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"6566330F-A048-44A1-9821-7A5844C82CEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"1154F196-2CB3-4AC2-BE00-11A8942EA999"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2A7003EB-C578-4C02-B768-F8C4C8421382"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"16B32F60-CEB7-4816-AA7C-3130D1053DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"755761D7-8DDD-4219-8E37-FA535757710A"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20180","sourceIdentifier":"psirt@cisco.com","published":"2026-04-15T17:17:03.460","lastModified":"2026-07-08T14:24:46.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.2 Patch 8","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T00:00:00+00:00","id":"CVE-2026-20180","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.0","matchCriteriaId":"68181711-C28D-4464-8C67-0A4FA0F338BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"7932D5D5-83E1-4BEF-845A-D0783D4BB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"1B818846-4A6E-4256-B344-281E8C786C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"A44858A2-922A-425A-8B38-0C47DB911A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"53484A32-757B-42F8-B655-554C34222060"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"0CCAC61F-C273-49B3-A631-31D3AE3EB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B452B4F0-8510-475E-9AE8-B48FABB4D7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5733512D-12B5-4098-AF90-9D68217FAC27"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"D4B14684-EB9E-405B-85FA-B62E57CB292C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40938","sourceIdentifier":"security-advisories@github.com","published":"2026-04-21T21:16:46.283","lastModified":"2026-07-08T13:16:41.590","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"tektoncd","product":"pipeline","versions":[{"version":">= 1.0.0, < 1.0.2","status":"affected"},{"version":">= 1.2.0, < 1.3.4","status":"affected"},{"version":">= 1.4.0, < 1.6.2","status":"affected"},{"version":">= 1.7.0, < 1.9.3","status":"affected"},{"version":">= 1.10.0, < 1.11.1","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Builds 1.7.4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_builds:1.7::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Builds 1.8.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_builds:1.8::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Pipelines 1.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1.21::el9"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-22T18:31:54.871943Z","id":"CVE-2026-40938","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.11.0","matchCriteriaId":"64DC28D5-E9D3-4D6A-8006-ADDE91D144BA"}]}]}],"references":[{"url":"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:17546","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24359","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24484","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26519","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26538","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-40938","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460292","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40938.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-0711","sourceIdentifier":"security@zyxel.com.tw","published":"2026-04-28T03:16:02.167","lastModified":"2026-07-08T15:26:09.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device."}],"affected":[{"source":"security@zyxel.com.tw","affectedData":[{"vendor":"Zyxel","product":"DX3300-T0 firmware","defaultStatus":"unaffected","versions":[{"version":"<= 5.50(ABVY.7.1)C0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zyxel.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T00:00:00+00:00","id":"CVE-2026-0711","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zyxel.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nr5307_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.00\\(acjt.3\\)c0","matchCriteriaId":"E3CFB41B-C3A8-42FC-98F2-D0CA9FC4B2C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nr5307:-:*:*:*:*:*:*:*","matchCriteriaId":"27C408EF-36D8-4111-8CC5-C1278A884F67"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa515_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acpz.0\\)v0","matchCriteriaId":"82904F03-AE99-434C-AFDD-8AC6605269AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa515:-:*:*:*:*:*:*:*","matchCriteriaId":"7C814005-F021-4AFC-8043-0B00EED3FBA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"3D1FA8F1-2B41-41AA-82DD-97A8CE957A57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"6D3E176E-F728-4385-8533-4C694D43898A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"A30578C5-2232-4596-ADD3-3826D5AC7298"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"2456F691-C182-4BE6-A08F-5E1717366DCA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"4D323A56-1FC9-4B18-A73B-83369558039A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"3BBDC072-5D40-4130-9B5F-22FDA9BF909A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"333EADF7-021A-447E-A741-20924B05E874"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"B293E564-2C48-442A-A415-34383DF3ADBA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"A1166223-0BC7-44A9-9941-D22EFFEE903D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"AFE5C53C-4255-4AEE-A49E-36C1A2CF10F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acmu.3.1\\)c0","matchCriteriaId":"5C612237-6809-4820-97A2-D7A1E177971F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee3301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"6360F4D5-AFA7-4BE2-A3DE-8936453FF7ED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee5301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acld.3.1\\)c0","matchCriteriaId":"78231491-3C65-47AD-9F59-1CDD5EF3A381"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee5301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"B28CD570-8DF0-428D-9EF6-87B05DD019D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19\\(acjq.4.2\\)c0","matchCriteriaId":"CB6321BA-7B09-4758-A55C-55EBD73ED6B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*","matchCriteriaId":"CD4AE46D-E374-4224-9A66-4291B6A10C00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"6D365F50-DE02-4861-AB54-67CEBC7E634C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"9259E2F6-885D-4B44-8D40-20758DA599D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"8C47A92E-1595-4A9F-A10E-F6195CD4CD46"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"F3ECE0EB-C429-4716-ABFB-73540847EB9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C4E173F5-57FA-429E-8CAA-E47D6CA79436"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"137F8B94-4176-4D9B-8704-28525E7352D1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C41A2CEB-DD8A-4396-809A-F4C5259373B8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"F766221F-7478-4E39-B4CD-A2498ACEE754"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C413302B-9472-4C39-A5A2-3C3F18D8A4DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(achr.6\\)c0","matchCriteriaId":"94FC0334-D656-419E-9F6F-CE1F0BB63880"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"8714EB1B-38E5-4295-AD26-EE13E2161DEA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(achr.6\\)c0","matchCriteriaId":"38BB03D3-A558-484C-AB85-707763F8853F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"A98F76BD-0404-46DD-AE6A-EB630FEC8904"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acif.3\\)c0","matchCriteriaId":"4E52AF49-FF16-4A0F-9F50-6F8F9C0EFA7F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"D3BCC6A9-1CAE-459D-BE7D-AAB956BD1B92"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"F459F871-7B1A-4140-9202-CDEA9BF2CFE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"49F5F019-919C-4912-B2B6-4D6A5624F774"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"7213FA12-5CD6-4E9B-8387-A52AEF17EA10"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(aceg.5.5\\)c0","matchCriteriaId":"ECFF8291-4F5E-4E34-98C6-BC985DD98AFF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"F32FA3FB-CE89-4CC1-9D8D-765B90A122DF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acdz.6\\)c0","matchCriteriaId":"1659651E-11BA-4A5E-AC88-51B56FE951FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"ABFF2039-5DCC-4850-8BDA-3D418629C226"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acdz.6\\)c0","matchCriteriaId":"F416BF40-DB7A-4F78-A887-45E62E25B58D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"D629D4B6-B2F2-45F1-9295-71751570C231"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.18\\(achn.3.2\\)c0","matchCriteriaId":"4166B089-90E7-4B42-B968-6CB6336C5973"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex7501-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"1CE049DE-A5DA-4A4F-BA30-BBD09FF34DE0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"F35B4F0C-53E5-454F-B187-B9BDCDD7CABA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"BB5E8468-D12F-4CBE-AC7E-27D5A928A85A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"FD94B78C-9F9E-406C-A940-434B4DDE21E6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"C3535B63-318C-4EB5-ADC8-0AF3FB443DFC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abpc.7.2\\)c0","matchCriteriaId":"A402953C-88D0-4797-9B6C-D649E3CB4555"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"78473083-F702-4B81-AAA0-B66A0984FF6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abpc.7.2\\)c0","matchCriteriaId":"AA956C29-AA9E-433D-8613-D700B34C7C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"780BBA7D-7E2C-4624-AA15-8A51F3DF428F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:pe3301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acmt.3.1\\)c0","matchCriteriaId":"CFCE007D-5E4D-42ED-9F38-6909C7976745"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:pe3301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"B4171802-2480-4F21-A17A-49D8D0E3727A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:pe5301-01_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acoj.3.1\\)c0","matchCriteriaId":"30CBAF7B-4B7B-4764-9DDA-A4A2FC710B0C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:pe5301-01:-:*:*:*:*:*:*:*","matchCriteriaId":"8CFFB6F6-F8ED-4AFA-B1D7-4E9C5D1F7897"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:px5302-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(acnm.0.1\\)c0","matchCriteriaId":"B3888E31-CE3A-416E-B24A-E6AA160D3E4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:px5302-00:-:*:*:*:*:*:*:*","matchCriteriaId":"27CF1A98-893C-4586-A6EF-A205B2204645"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(ackb.0.7\\)c0","matchCriteriaId":"B23A6540-2FE2-4B4B-A86C-B3F16D32BA68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"7EBB4C27-DAEB-4297-98DC-3B22353B5184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:we3300-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acka.2\\)c0","matchCriteriaId":"B3DF52F9-8AF0-49BB-8482-82562BE1AAC5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:we3300-00:-:*:*:*:*:*:*:*","matchCriteriaId":"532CBEBB-0D42-42F7-9916-7D8E360E0776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:wx3100-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvl.4.10\\)c0","matchCriteriaId":"906387F0-9AC2-4355-A7CE-08E13C76EEB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"C2C56248-D12F-46DC-A52F-0607E4A5DCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:we4600-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.70\\(ackt.1\\)c0","matchCriteriaId":"DDA6A438-CDD1-41F0-9216-BC3C042D9CA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:we4600-00:-:*:*:*:*:*:*:*","matchCriteriaId":"39E894F1-DA55-4E1A-90F6-002271E55B88"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(aceb.6\\)c0","matchCriteriaId":"AB90CEA7-B554-49BF-9B23-C7B75AA5DAE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE"}]}]}],"references":[{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026","source":"security@zyxel.com.tw","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1460","sourceIdentifier":"security@zyxel.com.tw","published":"2026-04-28T03:16:02.313","lastModified":"2026-07-08T15:29:20.913","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device."}],"affected":[{"source":"security@zyxel.com.tw","affectedData":[{"vendor":"Zyxel","product":"DX3301-T0 firmware","defaultStatus":"unaffected","versions":[{"version":"<= 5.50(ABVY.7.1)C0","status":"affected"}]},{"vendor":"Zyxel","product":"EX3301-T0 firmware","defaultStatus":"unaffected","versions":[{"version":"<= 5.50(ABVY.7.1)C0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zyxel.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T00:00:00+00:00","id":"CVE-2026-1460","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zyxel.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa70_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.51\\(acrf.0\\)v0","matchCriteriaId":"ACA5EF54-F74E-49CC-B8C1-73ECCE348C40"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa70:-:*:*:*:*:*:*:*","matchCriteriaId":"5D6EB26F-F986-4051-A50F-46CB32096635"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa505_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acko.3\\)v0","matchCriteriaId":"830BF8ED-3CE2-476D-8529-CA55A8647CAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa505:-:*:*:*:*:*:*:*","matchCriteriaId":"5052039B-5273-4CDF-AFA5-609855801D24"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa510_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acgd.1\\)v0","matchCriteriaId":"CACF5A53-A5B5-40ED-90E1-EE95F7870BBD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa510:-:*:*:*:*:*:*:*","matchCriteriaId":"80B7099C-DAA5-4902-A62B-B680C9450575"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa515_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acpz.1\\)v0","matchCriteriaId":"54F76733-2D49-4888-9678-3E506FE8265E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa515:-:*:*:*:*:*:*:*","matchCriteriaId":"7C814005-F021-4AFC-8043-0B00EED3FBA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa710_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acgc.2\\)v0","matchCriteriaId":"C9934637-E668-45CF-8375-8A7C12E43646"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa710:-:*:*:*:*:*:*:*","matchCriteriaId":"92221518-C7EA-46D7-8037-A580CEA01093"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.18\\(acca.7\\)v0","matchCriteriaId":"EEEDA6F0-765C-4121-AAF7-9CE42CDAA853"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*","matchCriteriaId":"42297A6A-3E50-4E9E-ABF6-58C77F222DC1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_lte7461-m602_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.15\\(acev.4\\)v0","matchCriteriaId":"6AEE1A81-4D5C-42B2-B10B-BB1F9D106DF7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_lte7461-m602:-:*:*:*:*:*:*:*","matchCriteriaId":"44AA94AF-24B0-4C91-A990-9418EA5A5DAC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16\\(accg.1\\)v0","matchCriteriaId":"7D0775F7-602B-47A7-B07E-1BC4AB8BF29E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:*","matchCriteriaId":"F9F605B8-A892-4119-AB7A-D14CDC5DFC88"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16\\(accc.2\\)v0","matchCriteriaId":"A7D775A9-9D21-435D-A7AC-8F3D849554E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*","matchCriteriaId":"52096C1F-F73C-413E-9D37-82EFA4703AEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"3D1FA8F1-2B41-41AA-82DD-97A8CE957A57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"6D3E176E-F728-4385-8533-4C694D43898A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"A30578C5-2232-4596-ADD3-3826D5AC7298"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"2456F691-C182-4BE6-A08F-5E1717366DCA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"4D323A56-1FC9-4B18-A73B-83369558039A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"3BBDC072-5D40-4130-9B5F-22FDA9BF909A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"A1166223-0BC7-44A9-9941-D22EFFEE903D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"AFE5C53C-4255-4AEE-A49E-36C1A2CF10F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acmu.3.1\\)c0","matchCriteriaId":"5C612237-6809-4820-97A2-D7A1E177971F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee3301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"6360F4D5-AFA7-4BE2-A3DE-8936453FF7ED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee5301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acld.3.1\\)c0","matchCriteriaId":"78231491-3C65-47AD-9F59-1CDD5EF3A381"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee5301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"B28CD570-8DF0-428D-9EF6-87B05DD019D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19\\(acjq.4.2\\)c0","matchCriteriaId":"CB6321BA-7B09-4758-A55C-55EBD73ED6B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*","matchCriteriaId":"CD4AE46D-E374-4224-9A66-4291B6A10C00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"6D365F50-DE02-4861-AB54-67CEBC7E634C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"9259E2F6-885D-4B44-8D40-20758DA599D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"8C47A92E-1595-4A9F-A10E-F6195CD4CD46"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"F3ECE0EB-C429-4716-ABFB-73540847EB9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex2210-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(acdi.2.5\\)c0","matchCriteriaId":"6B8CDF27-C9F7-4B6F-925F-28B20AF606EB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex2210-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"A71E4E6F-357E-4DAA-B7D7-7CF44000F0CF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C4E173F5-57FA-429E-8CAA-E47D6CA79436"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"137F8B94-4176-4D9B-8704-28525E7352D1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C41A2CEB-DD8A-4396-809A-F4C5259373B8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"F766221F-7478-4E39-B4CD-A2498ACEE754"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C413302B-9472-4C39-A5A2-3C3F18D8A4DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(achr.6\\)c0","matchCriteriaId":"94FC0334-D656-419E-9F6F-CE1F0BB63880"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"8714EB1B-38E5-4295-AD26-EE13E2161DEA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(achr.6\\)c0","matchCriteriaId":"38BB03D3-A558-484C-AB85-707763F8853F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"A98F76BD-0404-46DD-AE6A-EB630FEC8904"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acif.3\\)c0","matchCriteriaId":"4E52AF49-FF16-4A0F-9F50-6F8F9C0EFA7F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"D3BCC6A9-1CAE-459D-BE7D-AAB956BD1B92"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"49F5F019-919C-4912-B2B6-4D6A5624F774"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"7213FA12-5CD6-4E9B-8387-A52AEF17EA10"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(aceg.5.5\\)c0","matchCriteriaId":"ECFF8291-4F5E-4E34-98C6-BC985DD98AFF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"F32FA3FB-CE89-4CC1-9D8D-765B90A122DF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acdz.6\\)c0","matchCriteriaId":"1659651E-11BA-4A5E-AC88-51B56FE951FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"ABFF2039-5DCC-4850-8BDA-3D418629C226"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acdz.6\\)c0","matchCriteriaId":"F416BF40-DB7A-4F78-A887-45E62E25B58D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"D629D4B6-B2F2-45F1-9295-71751570C231"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.18\\(achn.3.2\\)c0","matchCriteriaId":"4166B089-90E7-4B42-B968-6CB6336C5973"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex7501-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"1CE049DE-A5DA-4A4F-BA30-BBD09FF34DE0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex7710-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.18\\(acak.1.7\\)c0","matchCriteriaId":"6EE63106-FEEE-4722-A4BE-12A1BD3E407C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex7710-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"07727D9C-723B-4761-B6B6-07FE1784D3C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:gm4100-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.18\\(accl.2.1\\)c0","matchCriteriaId":"8543CC65-F1EA-4D19-97E9-8EFC028E212D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:gm4100-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"182AB7CA-DFD4-4C0A-958B-6794A39FFAEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"F35B4F0C-53E5-454F-B187-B9BDCDD7CABA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"BB5E8468-D12F-4CBE-AC7E-27D5A928A85A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg4005-b50a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abqa.3.3\\)c0","matchCriteriaId":"E62FCD44-DBBD-4809-ADD8-C6596AB9C71D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*","matchCriteriaId":"88F74228-AC0C-4150-974D-54D77BBF9A90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg4005-b60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abqa.3.3\\)c0","matchCriteriaId":"434F9EDF-91E2-4113-B358-A51E1B33D488"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*","matchCriteriaId":"30C1B91D-3EA0-4A1D-833A-6767A6C84DA3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"FD94B78C-9F9E-406C-A940-434B4DDE21E6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"C3535B63-318C-4EB5-ADC8-0AF3FB443DFC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:am7510-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acor.0.2\\)c0","matchCriteriaId":"753A36DC-BC06-408D-90B3-00D7CE5261F3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:am7510-00:-:*:*:*:*:*:*:*","matchCriteriaId":"0B70256B-4916-4CBC-ADCB-6CB31E805564"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abpc.7.2\\)c0","matchCriteriaId":"AA956C29-AA9E-433D-8613-D700B34C7C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"780BBA7D-7E2C-4624-AA15-8A51F3DF428F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:pe3301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acmt.3.1\\)c0","matchCriteriaId":"CFCE007D-5E4D-42ED-9F38-6909C7976745"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:pe3301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"B4171802-2480-4F21-A17A-49D8D0E3727A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:pe5301-01_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acoj.3.1\\)c0","matchCriteriaId":"30CBAF7B-4B7B-4764-9DDA-A4A2FC710B0C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:pe5301-01:-:*:*:*:*:*:*:*","matchCriteriaId":"8CFFB6F6-F8ED-4AFA-B1D7-4E9C5D1F7897"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(ackb.0.7\\)c0","matchCriteriaId":"B23A6540-2FE2-4B4B-A86C-B3F16D32BA68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"7EBB4C27-DAEB-4297-98DC-3B22353B5184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:px5302-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(acnm.0.1\\)c0","matchCriteriaId":"B3888E31-CE3A-416E-B24A-E6AA160D3E4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:px5302-00:-:*:*:*:*:*:*:*","matchCriteriaId":"27CF1A98-893C-4586-A6EF-A205B2204645"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:we3300-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acka.2\\)c0","matchCriteriaId":"B3DF52F9-8AF0-49BB-8482-82562BE1AAC5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:we3300-00:-:*:*:*:*:*:*:*","matchCriteriaId":"532CBEBB-0D42-42F7-9916-7D8E360E0776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:we4600-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.70\\(ackt.1\\)c0","matchCriteriaId":"DDA6A438-CDD1-41F0-9216-BC3C042D9CA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:we4600-00:-:*:*:*:*:*:*:*","matchCriteriaId":"39E894F1-DA55-4E1A-90F6-002271E55B88"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(aceb.6\\)c0","matchCriteriaId":"AB90CEA7-B554-49BF-9B23-C7B75AA5DAE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE"}]}]}],"references":[{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026","source":"security@zyxel.com.tw","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40355","sourceIdentifier":"cve@mitre.org","published":"2026-04-28T06:16:03.663","lastModified":"2026-07-08T12:48:28.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MIT","product":"Kerberos 5","defaultStatus":"unaffected","versions":[{"version":"1.18","lessThan":"1.22.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T12:53:15.785781Z","id":"CVE-2026-40355","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*","versionStartIncluding":"1.18.0","versionEndIncluding":"1.22.2","matchCriteriaId":"7A5665F4-71F4-4A71-A0A0-1E1F2BECA288"}]}]}],"references":[{"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","Patch"]},{"url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://web.mit.edu/kerberos/advisories/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-40356","sourceIdentifier":"cve@mitre.org","published":"2026-04-28T07:16:03.197","lastModified":"2026-07-08T12:48:10.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MIT","product":"Kerberos 5","defaultStatus":"unaffected","versions":[{"version":"1.18","lessThan":"1.22.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T13:10:05.740836Z","id":"CVE-2026-40356","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*","versionStartIncluding":"1.18.0","versionEndIncluding":"1.22.2","matchCriteriaId":"7A5665F4-71F4-4A71-A0A0-1E1F2BECA288"}]}]}],"references":[{"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","Patch"]},{"url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://web.mit.edu/kerberos/advisories/","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42997","sourceIdentifier":"cve@mitre.org","published":"2026-05-05T19:16:22.817","lastModified":"2026-07-08T13:16:44.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","versions":[{"version":"17.0.0","lessThan":"26.1.6","versionType":"semver","status":"affected"},{"version":"27.0.0","lessThan":"29.0.5","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThan":"32.0.1","versionType":"semver","status":"affected"},{"version":"33.0.0","lessThan":"35.0.1","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:17.1"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:18.0"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:16.2"]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-05T18:38:38.789483Z","id":"CVE-2026-42997","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-669"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0.0","versionEndExcluding":"26.1.6","matchCriteriaId":"175C310D-6E5A-49AE-94DA-7B0FCD5DA2E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"27.0.0","versionEndExcluding":"29.0.5","matchCriteriaId":"4F948886-9748-40E0-A3C2-2C95CCB2D498"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"30.0.0","versionEndExcluding":"32.0.1","matchCriteriaId":"23B410FC-0DC1-4BB8-98C2-6EB01DF839CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"33.0.0","versionEndExcluding":"35.0.1","matchCriteriaId":"40C73777-6AE0-4FAE-BBE6-C499CD51A3C0"}]}]}],"references":[{"url":"https://security.openstack.org/ossa/OSSA-2026-010.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2026/05/05/10","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/05/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-42997","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466844","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42997.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-43112","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:24.927","lastModified":"2026-07-08T13:16:44.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath\n\nWhen cifs_sanitize_prepath is called with an empty string or a string\ncontaining only delimiters (e.g., \"/\"), the current logic attempts to\ncheck *(cursor2 - 1) before cursor2 has advanced. This results in an\nout-of-bounds read.\n\nThis patch adds an early exit check after stripping prepended\ndelimiters. If no path content remains, the function returns NULL.\n\nThe bug was identified via manual audit and verified using a\nstandalone test case compiled with AddressSanitizer, which\ntriggered a SEGV on affected inputs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/client/fs_context.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c63433a09d6ae4c226fcbc66da4c58fc189fd746","lessThan":"a2ba20c17de8eb028f96b1d85f119d3d25655bd9","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"fbced33599653471b4581dfe1abc7b467031f126","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"5d4fe469fe7dbff7d874c196bb680a82f2625d95","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"86f9c23e0814cfdffda9eedf0c591c51ba209010","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"49b1ce6d7cfb6c5a49f68bf5ccfcfb6ba14e63c3","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"78ec5bf2f589ec7fd8f169394bfeca541b077317","versionType":"git","status":"affected"},{"version":"5.15.11","lessThan":"5.15.209","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/client/fs_context.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.136","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.83","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.24","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.14","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.1","versionEndExcluding":"6.6.136","matchCriteriaId":"005FE1BE-809A-4536-BE37-C2437DE0927E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*","matchCriteriaId":"FF588A58-013F-4DBF-A3AB-70EC054B1892"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc6:*:*:*:*:*:*","matchCriteriaId":"8A0915FE-A4AA-4C94-B783-CF29D81E7E54"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc7:*:*:*:*:*:*","matchCriteriaId":"4EAC2750-F7C6-4A4E-9C04-1E450722B853"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc8:*:*:*:*:*:*","matchCriteriaId":"ED611C74-E83A-4AFA-8688-9B829C02B038"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/49b1ce6d7cfb6c5a49f68bf5ccfcfb6ba14e63c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d4fe469fe7dbff7d874c196bb680a82f2625d95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78ec5bf2f589ec7fd8f169394bfeca541b077317","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86f9c23e0814cfdffda9eedf0c591c51ba209010","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2ba20c17de8eb028f96b1d85f119d3d25655bd9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fbced33599653471b4581dfe1abc7b467031f126","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://access.redhat.com/errata/RHSA-2026:34911","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36018","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36365","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36366","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-43112","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467015","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43112.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-43198","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:38.857","lastModified":"2026-07-08T13:16:45.187","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix potential race in tcp_v6_syn_recv_sock()\n\nCode in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock()\nis done too late.\n\nAfter tcp_v4_syn_recv_sock(), the child socket is already visible\nfrom TCP ehash table and other cpus might use it.\n\nSince newinet->pinet6 is still pointing to the listener ipv6_pinfo\nbad things can happen as syzbot found.\n\nMove the problematic code in tcp_v6_mapped_child_init()\nand call this new helper from tcp_v4_syn_recv_sock() before\nthe ehash insertion.\n\nThis allows the removal of one tcp_sync_mss(), since\ntcp_v4_syn_recv_sock() will call it with the correct\ncontext."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/inet_connection_sock.h","include/net/tcp.h","net/ipv4/syncookies.c","net/ipv4/tcp_fastopen.c","net/ipv4/tcp_ipv4.c","net/ipv4/tcp_minisocks.c","net/ipv6/tcp_ipv6.c","net/mptcp/subflow.c","net/smc/af_smc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"fe89b2f05b854847784f91127319172945c1fadd","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"7178e2a8027423b2af17ab95df73a749a5b72e5b","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"858d2a4f67ff69e645a43487ef7ea7f28f06deae","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/inet_connection_sock.h","include/net/tcp.h","net/ipv4/syncookies.c","net/ipv4/tcp_fastopen.c","net/ipv4/tcp_ipv4.c","net/ipv4/tcp_minisocks.c","net/ipv6/tcp_ipv6.c","net/mptcp/subflow.c","net/smc/af_smc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-821"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"6.18.16","matchCriteriaId":"0565F020-6741-42F7-A887-6FEBC0627804"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7178e2a8027423b2af17ab95df73a749a5b72e5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/858d2a4f67ff69e645a43487ef7ea7f28f06deae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe89b2f05b854847784f91127319172945c1fadd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:30129","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33215","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33285","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34094","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34443","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35863","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35894","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35896","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35904","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36073","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36348","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36349","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-43198","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467228","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43198.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-20035","sourceIdentifier":"psirt@cisco.com","published":"2026-05-06T17:16:20.280","lastModified":"2026-07-08T13:15:03.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Unity Connection","defaultStatus":"unknown","versions":[{"version":"12.5(1)","status":"affected"},{"version":"12.5(1)SU1","status":"affected"},{"version":"12.5(1)SU2","status":"affected"},{"version":"12.5(1)SU3","status":"affected"},{"version":"12.5(1)SU4","status":"affected"},{"version":"14","status":"affected"},{"version":"12.5(1)SU5","status":"affected"},{"version":"14SU1","status":"affected"},{"version":"12.5(1)SU6","status":"affected"},{"version":"14SU2","status":"affected"},{"version":"12.5(1)SU7","status":"affected"},{"version":"14SU3","status":"affected"},{"version":"12.5(1)SU8","status":"affected"},{"version":"14SU3a","status":"affected"},{"version":"12.5(1)SU8a","status":"affected"},{"version":"15","status":"affected"},{"version":"15SU1","status":"affected"},{"version":"14SU4","status":"affected"},{"version":"12.5(1)SU9","status":"affected"},{"version":"15SU2","status":"affected"},{"version":"15SU3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-06T17:27:15.669186Z","id":"CVE-2026-20035","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","matchCriteriaId":"6313AB2B-8CBB-48FF-BCBF-B24DE98855EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14.0:*:*:*:*:*:*:*","matchCriteriaId":"A85D56C0-D4A3-43A7-9CD1-FCEB6C8AEF66"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14su1:*:*:*:*:*:*:*","matchCriteriaId":"774C01A1-9328-45E8-9BDD-470A10BC3C2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14su2:*:*:*:*:*:*:*","matchCriteriaId":"CD8AB4B5-12C2-4F02-A4C3-4B8C06AFFD53"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14su3:*:*:*:*:*:*:*","matchCriteriaId":"181866CE-6279-4422-8EF8-7A12DB5B21F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14su4:*:*:*:*:*:*:*","matchCriteriaId":"D09F3655-B513-48F6-82A8-F0F946C52D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:15.0:*:*:*:*:*:*:*","matchCriteriaId":"97CC6719-1A7F-48BA-8014-802E235ED80D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:15su1:*:*:*:*:*:*:*","matchCriteriaId":"2C9412EC-282C-4926-83F8-932E24E0FC22"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:15su2:*:*:*:*:*:*:*","matchCriteriaId":"37EFE547-7D3C-4D71-8D46-2C5734B9D64B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:15su3:*:*:*:*:*:*:*","matchCriteriaId":"CE6AF25B-E6F9-4E15-902D-4516DFE8C8E2"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42010","sourceIdentifier":"secalert@redhat.com","published":"2026-05-07T12:16:17.977","lastModified":"2026-07-08T13:16:42.610","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream","cpe:/o:redhat:rhel_e4s:9.4::baseos"],"versions":[{"version":"0:3.8.3-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:3.8.3-6.el9_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"4.20.9.6.202607010620-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"4.21.9.6.202607011303-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.22::el9"],"versions":[{"version":"4.22.9.8.202606301732-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951051","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951012","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-07T13:47:12.364306Z","id":"CVE-2026-42010","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-170"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-626"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-170"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*","matchCriteriaId":"33A22858-21E1-479F-A9C4-AD2EFD059B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34790","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42010","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467289","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34790","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42010","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467289","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42010.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-1677","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-05-11T06:16:08.683","lastModified":"2026-07-08T13:36:24.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello advertises both versions and the peer can establish TLS 1.2, so applications that assumed `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses. As a workaround, the `TLS_CIPHERSUITE_LIST` socket option can be restricted to TLS 1.3-only cipher suites."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-11T16:31:12.694213Z","id":"CVE-2026-1677","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-757"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-23r2-m5wx-4rvq","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory","Mitigation"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-23r2-m5wx-4rvq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-1681","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-05-12T07:16:09.843","lastModified":"2026-07-08T13:34:13.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-12T13:15:37.113227Z","id":"CVE-2026-1681","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-6fcc-8rwr-w7xx","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-53680","sourceIdentifier":"psirt@fortinet.com","published":"2026-05-12T18:16:35.687","lastModified":"2026-07-08T14:16:54.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an OS command (\"OS Command Injection\") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiAP-U","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiap-u:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.5","versionType":"semver","status":"affected"},{"version":"6.2.0","lessThanOrEqual":"6.2.6","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAP-W2","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.4","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.8","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAP","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.7","versionType":"semver","status":"affected"},{"version":"6.4.3","lessThanOrEqual":"6.4.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-12T00:00:00+00:00","id":"CVE-2025-53680","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.6","matchCriteriaId":"18EEF706-844E-42A4-A8A7-A76EDFD75CA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.3","matchCriteriaId":"4CC1B150-4BDE-473A-833E-C680933B585F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.6","matchCriteriaId":"3A204363-7F30-46EB-AB10-9A40235EE24F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.4.5","matchCriteriaId":"D0616584-0837-4800-9A3D-90D0F0F43278"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-131","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-26083","sourceIdentifier":"psirt@fortinet.com","published":"2026-05-12T18:16:39.817","lastModified":"2026-07-08T14:16:57.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSandbox","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.0","lessThanOrEqual":"5.0.1","versionType":"semver","status":"affected"},{"version":"4.4.0","lessThanOrEqual":"4.4.8","versionType":"semver","status":"affected"},{"version":"4.2.1","lessThanOrEqual":"4.2.8","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSandbox PaaS","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*"],"versions":[{"version":"23.4.4374","status":"affected"},{"version":"23.4.4350","status":"affected"},{"version":"23.3.4329","status":"affected"},{"version":"23.1.4245","status":"affected"},{"version":"22.2.4151","status":"affected"},{"version":"22.2.4134","status":"affected"},{"version":"22.1.4113","status":"affected"},{"version":"21.4.4072","status":"affected"},{"version":"21.3.4055","status":"affected"},{"version":"5.0.0","lessThanOrEqual":"5.0.1","versionType":"semver","status":"affected"},{"version":"4.4.5","lessThanOrEqual":"4.4.8","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSandbox Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandboxcloud:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:4.4.5:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.0","lessThanOrEqual":"5.0.1","versionType":"semver","status":"affected"},{"version":"4.4.5","lessThanOrEqual":"4.4.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-12T00:00:00+00:00","id":"CVE-2026-26083","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.9","matchCriteriaId":"0025C9C0-8D61-4563-96F9-F4E09DD83B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.2","matchCriteriaId":"42640C50-5490-4B50-840B-D35031671C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.2","versionEndExcluding":"5.0.6","matchCriteriaId":"BB973322-626C-4821-882A-125DD5177251"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"23.1.4245","versionEndIncluding":"23.4.4374","matchCriteriaId":"7100CD0B-358B-4610-BB84-6E378571176D"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:24.1.4436:*:*:*:*:*:*:*","matchCriteriaId":"529FB46C-C0E5-43F5-A753-DD9E928FD4E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.5","versionEndExcluding":"4.4.9","matchCriteriaId":"251F88A0-B42A-475B-80BA-1A6B53620EF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.2","matchCriteriaId":"704EB14E-435A-4AC6-9FBC-C8A926BA22F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*","versionStartIncluding":"21.3.4055","versionEndIncluding":"23.4.4374","matchCriteriaId":"594E2353-2D20-400E-B9EA-7A08A49104B3"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-136","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42009","sourceIdentifier":"secalert@redhat.com","published":"2026-05-18T13:16:32.707","lastModified":"2026-07-08T13:16:42.117","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:3.3.29-9.el7_9.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream","cpe:/o:redhat:rhel_e4s:9.4::baseos"],"versions":[{"version":"0:3.8.3-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:3.8.3-6.el9_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"4.20.9.6.202607010620-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"4.21.9.6.202607011303-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.22::el9"],"versions":[{"version":"4.22.9.8.202606230855-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951051","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951012","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-18T19:05:03.965288Z","id":"CVE-2026-42009","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-475"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-475"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*","matchCriteriaId":"33A22858-21E1-479F-A9C4-AD2EFD059B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:arm64:*","matchCriteriaId":"07670103-FC39-4797-AF5F-1604DA1E6BF5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:x64:*","matchCriteriaId":"C22199FA-BF64-4181-86AE-C0F2DAABF9FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:8.10:*:*:*:*:*:arm64:*","matchCriteriaId":"376CC134-BC5D-4454-B9B5-5D929E24014A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:8.10:*:*:*:*:*:x64:*","matchCriteriaId":"75F13C81-5F6A-47FE-9CB0-44DE040B80F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"32AF225E-94C0-4D07-900C-DD868C05F554"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_els:8.10:*:*:*:*:*:*:*","matchCriteriaId":"33BA8164-7E51-4A33-9409-795AFA2B8572"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"23D471AC-7DCA-4425-AD91-E5D928753A8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_els:8.10:*:*:*:*:*:*:*","matchCriteriaId":"6C663446-AA2F-44FE-8520-E4F9460EA401"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:arm64:*","matchCriteriaId":"153FA4D1-CEA5-4D70-A452-22D492C2E419"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:x64:*","matchCriteriaId":"4E76AE2B-667E-4A9A-AC4B-CC8CFA9B159E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.8:*:*:*:*:*:arm64:*","matchCriteriaId":"FEDF9ADA-C9F7-4FB5-9180-DA7C45426231"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:9.8:*:*:*:*:*:arm64:*","matchCriteriaId":"EB5DCB28-C27E-45A1-8B2E-A129FE2CA419"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:9.8:*:*:*:*:*:x64:*","matchCriteriaId":"DF68EF0A-21CD-4914-B888-CFF8C7E7F4A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_eus:9.8:*:*:*:*:*:arm64:*","matchCriteriaId":"5DE13BC8-C141-4E3A-9C45-5FB35F03E411"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_eus:9.8:*:*:*:*:*:x64:*","matchCriteriaId":"A97CC58D-4A37-4B58-A718-BB9A5B5B1A19"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FB056B47-1F45-4CE4-81F6-872F66C24C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_els:9.8:*:*:*:*:*:*:*","matchCriteriaId":"19942CC8-3B44-416B-92FB-3AE705E57D34"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.8:*:*:*:*:*:*:*","matchCriteriaId":"AF3926BD-3724-4870-98F9-274FBC575EC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_els:9.8:*:*:*:*:*:*:*","matchCriteriaId":"5C5E1710-FD30-4A31-895F-FD91A5B55F4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.8:*:*:*:*:*:*:*","matchCriteriaId":"DDBCD07C-C8A3-488F-B000-DBBCAEE78811"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_update_services_for_sap_solutions:9.8:*:*:*:*:*:x64:*","matchCriteriaId":"1229A296-33D0-4C29-A50B-69BD84B32D99"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.8:*:*:*:*:*:*:*","matchCriteriaId":"C3A304C9-C1CB-40FE-9A8B-EC3AB507BDAD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:arm64:*","matchCriteriaId":"63D81CCC-AECF-436A-B019-B3149585F92C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:x64:*","matchCriteriaId":"472208E5-9850-47CD-8C7D-E1EBF7FDB2C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.2:*:*:*:*:*:arm64:*","matchCriteriaId":"4DBA7603-2980-42BE-981C-FAE97568B00B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.2:*:*:*:*:*:x64:*","matchCriteriaId":"D28BC9F4-ECC6-411B-B445-B247FACD9530"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:10.2:*:*:*:*:*:arm64:*","matchCriteriaId":"C78AA720-6EBB-4CA7-8831-22A7CBFE7A1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:10.2:*:*:*:*:*:x64:*","matchCriteriaId":"1D055CB8-FA3A-4DB8-AB58-9B17F7EC552B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_eus:10.2:*:*:*:*:*:arm64:*","matchCriteriaId":"ADFDF403-9B07-48CF-8BB2-11054879BCF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_eus:10.2:*:*:*:*:*:x64:*","matchCriteriaId":"E7AB6D4F-D513-45F8-BC00-5F6C93D0002D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FB056B47-1F45-4CE4-81F6-872F66C24C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.2:*:*:*:*:*:*:*","matchCriteriaId":"157996FE-FC8B-4D4E-9538-E14BC0D8466F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_els:10.2:*:*:*:*:*:*:*","matchCriteriaId":"1B8AC302-55C1-44FB-B66C-C6D0D6F5DBFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.2:*:*:*:*:*:*:*","matchCriteriaId":"F7F02954-7CB7-46F9-BBF1-3FAD6736F712"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0:*:*:*:*:*:*:*","matchCriteriaId":"06A3271F-112F-4FB7-A2F7-6401A365FCBA"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.2:*:*:*:*:*:*:*","matchCriteriaId":"D6F30042-532F-4A7C-897B-1084C0587957"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_els:10.2:*:*:*:*:*:*:*","matchCriteriaId":"9BB0DAF9-794A-4DAF-A4C6-3DDD8E42F48D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.2:*:*:*:*:*:*:*","matchCriteriaId":"DDDCBC52-F003-4776-8D21-B525CF8D8B8D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29794","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34372","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42009","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467279","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29794","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34372","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42009","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467279","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42009.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5072","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-05-22T08:16:15.027","lastModified":"2026-07-08T13:31:40.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-22T16:27:18.853870Z","id":"CVE-2026-5072","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1335"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3v98-458v-388r","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40033","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-26T15:16:34.480","lastModified":"2026-07-08T13:16:41.350","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.26.0","versionType":"semver","status":"affected"},{"version":"3.26.0","versionType":"semver","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-26T00:00:00+00:00","id":"CVE-2026-40033","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/commit/d7508ebcd82842a691ae4941e5104d14240a89ae","source":"disclosure@vulncheck.com"},{"url":"https://github.com/FreeRDP/FreeRDP/pull/12713","source":"disclosure@vulncheck.com"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"disclosure@vulncheck.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/freerdp-heap-buffer-overflow-in-gdi-cachetosurface-via-rectangle-validation-bypass","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-40033","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481473","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40033.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46181","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:33.743","lastModified":"2026-07-08T13:16:48.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()\n\nSashiko points out the radix_tree itself is RCU safe, but nothing ever\nfrees the mlx4_srq struct with RCU, and it isn't even accessed within the\nRCU critical section. It also will crash if an event is delivered before\nthe srq object is finished initializing.\n\nUse the spinlock since it isn't easy to make RCU work, use\nrefcount_inc_not_zero() to protect against partially initialized objects,\nand order the refcount_set() to be after the srq is fully initialized."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/mellanox/mlx4/srq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"30353bfc43a1602c020f31d95cf27182ffd23824","lessThan":"1e2a44875b6afb4add1115f7f3351dcbeb6f273d","versionType":"git","status":"affected"},{"version":"30353bfc43a1602c020f31d95cf27182ffd23824","lessThan":"8b7833f3bce35cb0d01c1503781523c099c675f0","versionType":"git","status":"affected"},{"version":"30353bfc43a1602c020f31d95cf27182ffd23824","lessThan":"c9341307ea16b9395c2e4c9c94d8499d91fe31d0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/mellanox/mlx4/srq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-366"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.18.30","matchCriteriaId":"30E456CE-E137-4419-A5F0-4A21EECAC362"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1e2a44875b6afb4add1115f7f3351dcbeb6f273d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b7833f3bce35cb0d01c1503781523c099c675f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9341307ea16b9395c2e4c9c94d8499d91fe31d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:25120","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25121","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25217","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33900","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34094","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34095","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34443","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35863","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35894","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35896","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46181","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46181.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44420","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T20:16:24.383","lastModified":"2026-07-08T13:16:45.760","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","versions":[{"version":"< 3.26.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T00:00:00+00:00","id":"CVE-2026-44420","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-131"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvpx-xj7r-3p3r","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44420","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483480","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h6wq-j5mv-f3q8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44420.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44421","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T20:16:24.513","lastModified":"2026-07-08T13:16:45.947","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX, but then performs the copy using the original cacheEntry->width/height. This can cause a large out-of-bounds heap write and may lead to client crashes or code execution. This bug is reachable from a malicious RDP server, but only when the client has RDPGFX enabled. This vulnerability is fixed in 3.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","versions":[{"version":"< 3.26.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T00:00:00+00:00","id":"CVE-2026-44421","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44421","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483471","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44421.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44422","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T20:16:24.660","lastModified":"2026-07-08T13:16:46.123","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two pointer fields, the parser assigns the same heap object to both output fields. The generic destructor later walks each field independently and destroys/frees both pointers. This causes a malicious-server-triggerable heap use-after-free / double-free in the FreeRDP client's RDPEAR authentication-redirection path. This vulnerability is fixed in 3.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","versions":[{"version":"< 3.26.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T00:00:00+00:00","id":"CVE-2026-44422","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"},{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j9q5-7g8m-jc9v","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44422","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483467","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j9q5-7g8m-jc9v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44422.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5071","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-05-30T08:16:16.370","lastModified":"2026-07-08T13:30:31.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socketcan_to_can_frame(). In production builds where assertions are disabled, a userspace application that controls the length passed to a sendto syscall can supply an incomplete or truncated frame, causing socketcan_to_can_frame() to dereference fields beyond the end of the buffer. This results in an out-of-bounds read that can cause denial-of-service crashes or, because the parsed frame contents are transmitted on the network, leak adjacent memory."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T13:51:23.839460Z","id":"CVE-2026-5071","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3w6-x7m3-3c58","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41283","sourceIdentifier":"cve@mitre.org","published":"2026-06-04T04:17:12.700","lastModified":"2026-07-08T13:16:41.930","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Mistral","defaultStatus":"unaffected","versions":[{"version":"20.0.0","lessThan":"20.1.1","versionType":"semver","status":"affected"},{"version":"21.0.0","versionType":"semver","status":"affected"},{"version":"22.0.0","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:16.2"]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T13:09:33.475751Z","id":"CVE-2026-41283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-749"}]}],"references":[{"url":"https://github.com/openstack/mistral/tags","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-020.html","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2026/06/03/14","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/03/14","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2026-41283","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484607","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41283.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-10840","sourceIdentifier":"secalert@redhat.com","published":"2026-06-04T12:16:24.813","lastModified":"2026-07-08T13:16:27.410","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Builds 1.7.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-builds/openshift-builds-rhel9-operator","cpes":["cpe:/a:redhat:openshift_builds:1.7::el9"],"versions":[{"version":"1783341609","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-operator-proxy-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-operator-proxy-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-operator-webhook-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-operator-webhook-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-rhel8-operator","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-rhel9-operator","cpes":["cpe:/a:redhat:openshift_pipelines:1"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Builds 1.7.4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_builds:1.7::el9"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T13:11:57.092142Z","id":"CVE-2026-10840","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36648","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-10840","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484720","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36648","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-10840","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484720","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10840.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5589","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-04T20:16:58.540","lastModified":"2026-07-08T13:28:55.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an attacker-controlled length byte (reported_len) and computes reported_len - 3 without checking that reported_len >= 3. When reported_len is less than 3, the subtraction is performed in signed int arithmetic and yields a negative value that bypasses the length guard and is then implicitly converted to a very large size_t when passed to net_buf_simple_pull_mem(). In builds without assertions, this wraps the buffer length and advances the data pointer far out of bounds, so subsequent reads dereference invalid memory. A nearby BLE device can trigger this with a non-connectable advertisement carrying a UUID16 AD structure and a crafted length byte, with no pairing or prior association required, potentially leading to denial of service or arbitrary code execution."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-05T18:27:34.569513Z","id":"CVE-2026-5589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4pm9-4v7f-x6gr","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5066","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-04T21:16:30.907","lastModified":"2026-07-08T13:27:57.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() and tls_session_restore() memcpy the caller-supplied address into a fixed-size buffer using the caller-controlled addrlen value without validating it against the destination size. struct net_sockaddr is an opaque type, so an application can pass an addrlen larger than sizeof(struct net_sockaddr) (for example 128 bytes into a 24-byte stack buffer), causing the memcpy to read and write past the end of the address memory used by the TLS session cache. This out-of-bounds write can lead to a crash and denial of service, and potentially to arbitrary code execution."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-05T18:26:28.322491Z","id":"CVE-2026-5066","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgrc-jrf6-24f3","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgrc-jrf6-24f3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50589","sourceIdentifier":"cve@mitre.org","published":"2026-06-05T00:17:09.213","lastModified":"2026-07-08T13:16:53.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","repo":"https://opendev.org/openstack/ironic","versions":[{"version":"32.0.0","lessThan":"37.0.0","versionType":"semver","status":"unknown"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:16.2"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:17.1"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:18.0"]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T15:08:27.511506Z","id":"CVE-2026-50589","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"32.0.0","versionEndExcluding":"37.0.0","matchCriteriaId":"481D4CB3-6333-4EEB-A4E0-BCF17129F83A"}]}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2154288","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation"]},{"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0099","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-50589","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugs.launchpad.net/ironic/+bug/2154288","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Mitigation"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485353","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50589.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2025-71315","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T16:16:33.500","lastModified":"2026-07-08T14:42:50.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Convert to DRM's vblank timer\n\nReplace vkms' vblank timer with the DRM implementation. The DRM\ncode is identical in concept, but differs in implementation.\n\nVblank timers are covered in vblank helpers and initializer macros,\nso remove the corresponding hrtimer in struct vkms_output. The\nvblank timer calls vkms' custom timeout code via handle_vblank_timeout\nin struct drm_crtc_helper_funcs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/vkms/vkms_crtc.c","drivers/gpu/drm/vkms/vkms_drv.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3a0709928b172a4123a76078f70e0a706265690c","lessThan":"a0582cc923985c6b72fe871b5f7aa7c682bfc230","versionType":"git","status":"affected"},{"version":"3a0709928b172a4123a76078f70e0a706265690c","lessThan":"02e2681ffe1addde1fc8c35d05657b16bfa79613","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/vkms/vkms_crtc.c","drivers/gpu/drm/vkms/vkms_drv.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.18.34","matchCriteriaId":"BDE475CD-6157-49FF-8571-10BDC3180DF3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/02e2681ffe1addde1fc8c35d05657b16bfa79613","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0582cc923985c6b72fe871b5f7aa7c682bfc230","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46274","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T16:16:40.707","lastModified":"2026-07-08T14:46:03.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: check that the predecessor is hashed in io_wq_remove_pending()\n\nio_wq_remove_pending() needs to fix up wq->hash_tail[] if the cancelled\nwork was the tail of its hash bucket. When doing this, it checks whether\nthe preceding entry in acct->work_list has the same hash value, but\nnever checks that the predecessor is hashed at all. io_get_work_hash()\nis simply atomic_read(&work->flags) >> IO_WQ_HASH_SHIFT, and the hash\nbits are never set for non-hashed work, so it returns 0. Thus, when a\nhashed bucket-0 work is cancelled while a non-hashed work is its list\npredecessor, the check spuriously passes and a pointer to the non-hashed\nio_kiocb is stored in wq->hash_tail[0].\n\nBecause non-hashed work is dequeued via the fast path in\nio_get_next_work(), which never touches hash_tail[], the stale pointer\nis never cleared. Therefore, after the non-hashed io_kiocb completes and\nis freed back to req_cachep, wq->hash_tail[0] is a dangling pointer. The\nio_wq is per-task (tctx->io_wq) and survives ring open/close, so the\ndangling pointer persists for the lifetime of the task; the next hashed\nbucket-0 enqueue dereferences it in io_wq_insert_work() and\nwq_list_add_after() writes through freed memory.\n\nAdd the missing io_wq_is_hashed() check so a non-hashed predecessor\nnever inherits a hash_tail[] slot."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["io_uring/io-wq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"d6bda9df0c0a3080804181464d5c0f4d78a4e769","versionType":"git","status":"affected"},{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"5a20ebf0c81b61f5ea3b1b529c100cad69b9f603","versionType":"git","status":"affected"},{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"252c5051dba9c709b6a72f2866f93e5e618b3f06","versionType":"git","status":"affected"},{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"d376c131af7c7739a87ff037ed2fdb67c2542c8a","versionType":"git","status":"affected"},{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"d6a2d7b04b5a093021a7a0e2e69e9d5237dfa8cc","versionType":"git","status":"affected"},{"version":"13f35a2c0fd5c6a4fcd8903542b053bcc914fcf5","versionType":"git","status":"affected"},{"version":"5.8.6","lessThan":"5.9","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["io_uring/io-wq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.9","status":"affected"},{"version":"0","lessThan":"5.9","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.6","versionEndExcluding":"5.9","matchCriteriaId":"D1A2FB6C-A45E-4E1B-8FE3-D0CDD7BE36C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.1","versionEndExcluding":"6.6.141","matchCriteriaId":"971F5EF2-3F57-4AF7-8366-2D4437ABE0FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:-:*:*:*:*:*:*","matchCriteriaId":"F79A2EB6-623E-4749-AEE0-DCB58C4C42F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc3:*:*:*:*:*:*","matchCriteriaId":"A52A4ABE-5C24-4CD4-A348-E303B7F23C71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc4:*:*:*:*:*:*","matchCriteriaId":"12019CF2-FD8E-4D59-BA4C-7093DF0BB091"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc5:*:*:*:*:*:*","matchCriteriaId":"9B1AB90E-C0C6-4027-B27D-BA214BE33561"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc6:*:*:*:*:*:*","matchCriteriaId":"103FE5BA-7315-4263-9C95-EABEAD7E174F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc7:*:*:*:*:*:*","matchCriteriaId":"47E31D6A-31EC-4F63-9CAE-B7A52B58E149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc8:*:*:*:*:*:*","matchCriteriaId":"3497462B-A3DA-47CC-A5DD-C1C2D2E6DFDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/252c5051dba9c709b6a72f2866f93e5e618b3f06","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a20ebf0c81b61f5ea3b1b529c100cad69b9f603","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d376c131af7c7739a87ff037ed2fdb67c2542c8a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6a2d7b04b5a093021a7a0e2e69e9d5237dfa8cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6bda9df0c0a3080804181464d5c0f4d78a4e769","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46275","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T16:16:40.863","lastModified":"2026-07-08T14:46:18.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_uart: fix UAFs and race conditions in close and init paths\n\nVulnerabilities leading to Use-After-Free (UAF) and Null Pointer\nDereference (NPD) conditions were observed in the lifecycle management\nof hci_uart.\n\nThe primary issue arises because the workqueues (init_ready and\nwrite_work) are only flushed/cancelled if the HCI_UART_PROTO_READY\nflag is set during TTY close. If a hangup occurs before setup completes,\nhci_uart_tty_close() skips the teardown of these workqueues and\nproceeds to free the `hu` struct. When the scheduled work executes\nlater, it blindly dereferences the freed `hu` struct.\n\nFurthermore, several data races and UAFs were identified in the teardown\nsequence:\n1. Calling hci_uart_flush() from hci_uart_close() without effectively\n   disabling write_work causes a race condition where both can concurrently\n   double-free hu->tx_skb. This happens because protocol timers can\n   concurrently invoke hci_uart_tx_wakeup() and requeue write_work.\n2. Calling hci_free_dev(hdev) before hu->proto->close(hu) causes a UAF\n   when vendor specific protocol close callbacks dereference hu->hdev.\n3. In the initialization error paths, failing to take the proto_lock\n   write lock before clearing PROTO_READY leads to races with active\n   readers. Additionally, hci_uart_tty_receive() accesses hu->hdev\n   outside the read lock, leading to UAFs if the initialization error\n   path frees hdev concurrently.\n\nFix these synchronization and lifecycle issues by:\n1. Re-ordering hci_uart_tty_close() to clear HCI_UART_PROTO_READY first,\n   followed immediately by a cancel_work_sync(&hu->write_work). Clearing\n   the flag locks out concurrent protocol timers from successfully invoking\n   hci_uart_tx_wakeup(), effectively rendering the cancellation permanent\n   and preventing the tx_skb double-free.\n2. Note: Clearing PROTO_READY early causes hci_uart_close() to skip\n   hu->proto->flush(). This is perfectly safe in the tty_close path\n   because hu->proto->close() executes shortly after, which intrinsically\n   purges all protocol SKB queues and tears down the state.\n3. Relocating hu->proto->close(hu) strictly prior to hci_free_dev(hdev)\n   across all close and error paths to prevent vendor-level UAFs.\n4. Moving the hdev->stat.byte_rx increment in hci_uart_tty_receive()\n   inside the proto_lock read-side critical section to safely synchronize\n   with device unregistration.\n5. Adding cancel_work_sync(&hu->write_work) to hci_uart_close() to safely\n   flush the workqueue before hci_uart_flush() is invoked via the HCI core.\n6. Utilizing cancel_work_sync() instead of disable_work_sync() across\n   all paths to prevent permanently breaking user-space retry capabilities."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/bluetooth/hci_ldisc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"78aad93e938f013d9272fe0ee168f27883afa95c","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"e2d19969c8d9198ecc3090bcd5312ecd503a3339","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"c85cff648a2bc92322912db5f1727ad05afae7b6","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"9d20d48be2c4a071fb015eb09bda2cecd25daf34","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"81c7a3c22a0f2808cf4ae0b4908f59763b23606d","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"192cb0f1ca706d9a1bc36ae0ad5f666d1e4fd894","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"7338031946bd06f6dff149e67b60c4cd083bfea8","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"c1bb9336ae6b54a5f6a353c4bd4ed9a4307e429b","versionType":"git","status":"affected"},{"version":"cd27019bc149f20f12ebec943c2b4c775745a5a0","versionType":"git","status":"affected"},{"version":"aea63181b6fcb6b9ccde1ada9ea51be19c4015af","versionType":"git","status":"affected"},{"version":"0d234d1135dcd8876de0576dac68efd0a87eef87","versionType":"git","status":"affected"},{"version":"3fe978892ab46efc2f3830d9abc015eff72caaf9","versionType":"git","status":"affected"},{"version":"0d987e14bebaf0f67ee7dbefaf6165c62cd1d27f","versionType":"git","status":"affected"},{"version":"4.14.203","lessThan":"4.15","versionType":"semver","status":"affected"},{"version":"4.19.153","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"5.4.73","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.8.17","lessThan":"5.9","versionType":"semver","status":"affected"},{"version":"5.9.2","lessThan":"5.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/bluetooth/hci_ldisc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.203","versionEndExcluding":"4.15","matchCriteriaId":"27A7D190-0093-49D0-BC13-C06D04205CB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.153","versionEndExcluding":"4.20","matchCriteriaId":"F9F8E966-D84B-4A94-8A67-E1B47A05557F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.73","versionEndExcluding":"5.5","matchCriteriaId":"886AB560-B760-44F0-AD89-3F275E4C0F58"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.17","versionEndExcluding":"5.9","matchCriteriaId":"BEFC3ACE-365D-48E7-9C0A-019C74CC0725"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.2","versionEndExcluding":"5.10.258","matchCriteriaId":"38EA52EA-57DE-4180-953C-1512932A936A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/192cb0f1ca706d9a1bc36ae0ad5f666d1e4fd894","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7338031946bd06f6dff149e67b60c4cd083bfea8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78aad93e938f013d9272fe0ee168f27883afa95c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81c7a3c22a0f2808cf4ae0b4908f59763b23606d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9d20d48be2c4a071fb015eb09bda2cecd25daf34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1bb9336ae6b54a5f6a353c4bd4ed9a4307e429b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c85cff648a2bc92322912db5f1727ad05afae7b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2d19969c8d9198ecc3090bcd5312ecd503a3339","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46276","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.103","lastModified":"2026-07-08T14:55:24.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix zero-size GDS range init on RDNA4\n\nRDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory\nresources. The gfx_v12_0 initialisation code correctly leaves\nadev->gds.gds_size, adev->gds.gws_size, and adev->gds.oa_size at\nzero to reflect this.\n\namdgpu_ttm_init() unconditionally calls amdgpu_ttm_init_on_chip() for\neach of these resources regardless of size. When the size is zero,\namdgpu_ttm_init_on_chip() forwards the call to ttm_range_man_init(),\nwhich calls drm_mm_init(mm, 0, 0). drm_mm_init() immediately fires\nDRM_MM_BUG_ON(start + size <= start) -- trivially true when size is\nzero -- crashing the kernel during modprobe of amdgpu on an RX 9070 XT.\n\nGuard against this by returning 0 early from\namdgpu_ttm_init_on_chip() when size_in_page is zero. This skips TTM\nresource manager registration for hardware resources that are absent,\nwithout affecting any other GPU type.\n\nDRM_MM_BUG_ON() only asserts if CONFIG_DRM_DEBUG_MM is enabled in\nthe kernel config.  This is apparently rarely enabled as these chips\nhave been in the market for over a year and this issue was only reported\nnow.\n\nOops-Analysis: http://oops.fenrus.org/reports/bugzilla.korg/221376/report.html\n(cherry picked from commit 5719ce5865279cad4fd5f01011fe037168503f2d)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"1f5d33e7b0a9a2a140f46e22fb52eede323c5946","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"9bc925759c05feae7dfa9570e77131d54729c8ea","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"36f9602fb22ede69fcc8b422be0cf8105bf655ad","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"be0376affcafa0bbb371bb501579a825eae32281","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"0e21db1a77967bc15df662efdca8ea8a61d124ea","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"30c000a49094ec568c9b51b7421f7a4a3f0b0298","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"3e26c76891ab99fa173e9c501119fbb5c9f4600f","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"095a8b0ad3c3b5cdc3850d961adb8a8f735220bb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.258","matchCriteriaId":"719A9C48-4A93-46A1-8B53-2D668FEF05E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/095a8b0ad3c3b5cdc3850d961adb8a8f735220bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0e21db1a77967bc15df662efdca8ea8a61d124ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f5d33e7b0a9a2a140f46e22fb52eede323c5946","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30c000a49094ec568c9b51b7421f7a4a3f0b0298","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36f9602fb22ede69fcc8b422be0cf8105bf655ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e26c76891ab99fa173e9c501119fbb5c9f4600f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bc925759c05feae7dfa9570e77131d54729c8ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be0376affcafa0bbb371bb501579a825eae32281","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46277","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.277","lastModified":"2026-07-08T14:58:31.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/zone_device: do not touch device folio after calling ->folio_free()\n\nThe contents of a device folio can immediately change after calling\n->folio_free(), as the folio may be reallocated by a driver with a\ndifferent order.  Instead of touching the folio again to extract the\npgmap, use the local stack variable when calling percpu_ref_put_many()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/memremap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d245f9b4ab806733a77e51a218ca7b8bc3135cd9","lessThan":"85be0a262e39c706edb53c88af8afde2e98222ba","versionType":"git","status":"affected"},{"version":"d245f9b4ab806733a77e51a218ca7b8bc3135cd9","lessThan":"39928984956037cabd304321cb8f342e47421db5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/memremap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/39928984956037cabd304321cb8f342e47421db5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85be0a262e39c706edb53c88af8afde2e98222ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46278","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.390","lastModified":"2026-07-08T14:59:16.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix segfault when updating ftrace mask\n\nFix invalid data access by passing right data for debugfs entry.\n\n[  171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[  171.559248] Mem abort info:\n[  171.562173]   ESR = 0x0000000096000044\n[  171.566227]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  171.573108]   SET = 0, FnV = 0\n[  171.576448]   EA = 0, S1PTW = 0\n[  171.579745]   FSC = 0x04: level 0 translation fault\n[  171.584760] Data abort info:\n[  171.588012]   ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000\n[  171.593734]   CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[  171.598962]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000\n[  171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[  171.618500] Internal error: Oops: 0000000096000044 [#1]  SMP\n[  171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm...\n[  171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT\n[  171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT)\n[  171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr]\n[  171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr]\n[  171.689593] sp : ffff8000835ebb90\n[  171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000\n[  171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000\n[  171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000\n[  171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000\n[  171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580\n[  171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30\n[  171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff\n[  171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a\n[  171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010\n[  171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0\n[  171.764871] Call trace:\n[  171.767342]  pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P)\n[  171.772984]  simple_attr_write_xsigned.isra.0+0xe0/0x19c\n[  171.778341]  simple_attr_write+0x18/0x24\n[  171.782296]  debugfs_attr_write+0x50/0x98\n[  171.786341]  full_proxy_write+0x6c/0xa8\n[  171.790208]  vfs_write+0xd4/0x350\n[  171.793561]  ksys_write+0x70/0x108\n[  171.796995]  __arm64_sys_write+0x1c/0x28\n[  171.800952]  invoke_syscall+0x48/0x10c\n[  171.804740]  el0_svc_common.constprop.0+0x40/0xe0\n[  171.809487]  do_el0_svc+0x1c/0x28\n[  171.812834]  el0_svc+0x34/0x108\n[  171.816013]  el0t_64_sync_handler+0xa0/0xe4\n[  171.820237]  el0t_64_sync+0x198/0x19c\n[  171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036)\n[  171.830073] ---[ end trace 0000000000000000 ]---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/imagination/pvr_fw_trace.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a331631496a0af9a6f4e7e1860983afd8b1bb013","lessThan":"ba422758981b61585c7da6429f50ef1c58d326f7","versionType":"git","status":"affected"},{"version":"a331631496a0af9a6f4e7e1860983afd8b1bb013","lessThan":"5dfd429591f8d7185bf63a08b5c30863fb605611","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/imagination/pvr_fw_trace.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"7.0.4","matchCriteriaId":"37C6A06A-578A-467F-8EE4-E50B9A46C871"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5dfd429591f8d7185bf63a08b5c30863fb605611","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba422758981b61585c7da6429f50ef1c58d326f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46279","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.530","lastModified":"2026-07-08T14:59:41.053","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/alloc_tag: clear codetag for pages allocated before page_ext initialization\n\nDue to initialization ordering, page_ext is allocated and initialized\nrelatively late during boot.  Some pages have already been allocated and\nfreed before page_ext becomes available, leaving their codetag\nuninitialized.\n\nA clear example is in init_section_page_ext(): alloc_page_ext() calls\nkmemleak_alloc().  If the slab cache has no free objects, it falls back to\nthe buddy allocator to allocate memory.  However, at this point page_ext\nis not yet fully initialized, so these newly allocated pages have no\ncodetag set.  These pages may later be reclaimed by KASAN, which causes\nthe warning to trigger when they are freed because their codetag ref is\nstill empty.\n\nUse a global array to track pages allocated before page_ext is fully\ninitialized.  The array size is fixed at 8192 entries, and will emit a\nwarning if this limit is exceeded.  When page_ext initialization\ncompletes, set their codetag to empty to avoid warnings when they are\nfreed later.\n\nThis warning is only observed with CONFIG_MEM_ALLOC_PROFILING_DEBUG=Y and\nmem_profiling_compressed disabled:\n\n[    9.582133] ------------[ cut here ]------------\n[    9.582137] alloc_tag was not set\n[    9.582139] WARNING: ./include/linux/alloc_tag.h:164 at __pgalloc_tag_sub+0x40f/0x550, CPU#5: systemd/1\n[    9.582190] CPU: 5 UID: 0 PID: 1 Comm: systemd Not tainted 7.0.0-rc4 #1 PREEMPT(lazy)\n[    9.582192] Hardware name: Red Hat KVM, BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[    9.582194] RIP: 0010:__pgalloc_tag_sub+0x40f/0x550\n[    9.582196] Code: 00 00 4c 29 e5 48 8b 05 1f 88 56 05 48 8d 4c ad 00 48 8d 2c c8 e9 87 fd ff ff 0f 0b 0f 0b e9 f3 fe ff ff 48 8d 3d 61 2f ed 03 <67> 48 0f b9 3a e9 b3 fd ff ff 0f 0b eb e4 e8 5e cd 14 02 4c 89 c7\n[    9.582197] RSP: 0018:ffffc9000001f940 EFLAGS: 00010246\n[    9.582200] RAX: dffffc0000000000 RBX: 1ffff92000003f2b RCX: 1ffff110200d806c\n[    9.582201] RDX: ffff8881006c0360 RSI: 0000000000000004 RDI: ffffffff9bc7b460\n[    9.582202] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff3a62324\n[    9.582203] R10: ffffffff9d311923 R11: 0000000000000000 R12: ffffea0004001b00\n[    9.582204] R13: 0000000000002000 R14: ffffea0000000000 R15: ffff8881006c0360\n[    9.582206] FS:  00007ffbbcf2d940(0000) GS:ffff888450479000(0000) knlGS:0000000000000000\n[    9.582208] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    9.582210] CR2: 000055ee3aa260d0 CR3: 0000000148b67005 CR4: 0000000000770ef0\n[    9.582211] PKRU: 55555554\n[    9.582212] Call Trace:\n[    9.582213]  <TASK>\n[    9.582214]  ? __pfx___pgalloc_tag_sub+0x10/0x10\n[    9.582216]  ? check_bytes_and_report+0x68/0x140\n[    9.582219]  __free_frozen_pages+0x2e4/0x1150\n[    9.582221]  ? __free_slab+0xc2/0x2b0\n[    9.582224]  qlist_free_all+0x4c/0xf0\n[    9.582227]  kasan_quarantine_reduce+0x15d/0x180\n[    9.582229]  __kasan_slab_alloc+0x69/0x90\n[    9.582232]  kmem_cache_alloc_noprof+0x14a/0x500\n[    9.582234]  do_getname+0x96/0x310\n[    9.582237]  do_readlinkat+0x91/0x2f0\n[    9.582239]  ? __pfx_do_readlinkat+0x10/0x10\n[    9.582240]  ? get_random_bytes_user+0x1df/0x2c0\n[    9.582244]  __x64_sys_readlinkat+0x96/0x100\n[    9.582246]  do_syscall_64+0xce/0x650\n[    9.582250]  ? __x64_sys_getrandom+0x13a/0x1e0\n[    9.582252]  ? __pfx___x64_sys_getrandom+0x10/0x10\n[    9.582254]  ? do_syscall_64+0x114/0x650\n[    9.582255]  ? ksys_read+0xfc/0x1d0\n[    9.582258]  ? __pfx_ksys_read+0x10/0x10\n[    9.582260]  ? do_syscall_64+0x114/0x650\n[    9.582262]  ? do_syscall_64+0x114/0x650\n[    9.582264]  ? __pfx_fput_close_sync+0x10/0x10\n[    9.582266]  ? file_close_fd_locked+0x178/0x2a0\n[    9.582268]  ? __x64_sys_faccessat2+0x96/0x100\n[    9.582269]  ? __x64_sys_close+0x7d/0xd0\n[    9.582271]  ? do_syscall_64+0x114/0x650\n[    9.582273]  ? do_syscall_64+0x114/0x650\n[    9.582275]  ? clear_bhb_loop+0x50/0xa0\n[    9.582277]  ? clear_bhb_l\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/linux/alloc_tag.h","include/linux/pgalloc_tag.h","lib/alloc_tag.c","mm/page_alloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"dcfe378c81f72f146890ce1dcfdcc742d3b66924","lessThan":"d5b495ba9de0423ef39f8bd86729a885870c7efe","versionType":"git","status":"affected"},{"version":"dcfe378c81f72f146890ce1dcfdcc742d3b66924","lessThan":"b49dfabc38cad5e50af24f63edd124a10de3ebb6","versionType":"git","status":"affected"},{"version":"dcfe378c81f72f146890ce1dcfdcc742d3b66924","lessThan":"6b1842775a460245e97d36d3a67d0cfba7c4ff79","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/linux/alloc_tag.h","include/linux/pgalloc_tag.h","lib/alloc_tag.c","mm/page_alloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.18.27","matchCriteriaId":"FAA9520C-4C1E-4B89-8A00-A5CB96EE5740"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6b1842775a460245e97d36d3a67d0cfba7c4ff79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b49dfabc38cad5e50af24f63edd124a10de3ebb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5b495ba9de0423ef39f8bd86729a885870c7efe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46280","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.683","lastModified":"2026-07-08T15:01:43.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlib: test_hmm: evict device pages on file close to avoid use-after-free\n\nPatch series \"Minor hmm_test fixes and cleanups\".\n\nTwo bugfixes a cleanup for the HMM kernel selftests.  These were mostly\nreported by Zenghui Yu with special thanks to Lorenzo for analysing and\npointing out the problems.\n\n\nThis patch (of 3):\n\nWhen dmirror_fops_release() is called it frees the dmirror struct but\ndoesn't migrate device private pages back to system memory first.  This\nleaves those pages with a dangling zone_device_data pointer to the freed\ndmirror.\n\nIf a subsequent fault occurs on those pages (eg.  during coredump) the\ndmirror_devmem_fault() callback dereferences the stale pointer causing a\nkernel panic.  This was reported [1] when running mm/ksft_hmm.sh on arm64,\nwhere a test failure triggered SIGABRT and the resulting coredump walked\nthe VMAs faulting in the stale device private pages.\n\nFix this by calling dmirror_device_evict_chunk() for each devmem chunk in\ndmirror_fops_release() to migrate all device private pages back to system\nmemory before freeing the dmirror struct.  The function is moved earlier\nin the file to avoid a forward declaration."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["lib/test_hmm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"234071b4318feaeb27cd2e4e1b16ef6b055adf89","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"bf477abd448c76bb8ea51c9b4f63a3a17c4b6239","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"5846715b6382dd4c6a69b35a56ca6115d33bc2a0","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"38f113f81d3f0adc658a4475dd3ecaec985e21d3","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"9de1eb0aac2862d6144b8db0ec1388e79f8bc3e1","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"744dd97752ef1076a8d8672bb0d8aa2c7abc1144","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["lib/test_hmm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.8","status":"affected"},{"version":"0","lessThan":"5.8","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.1.176","matchCriteriaId":"3119E417-9FF5-4E06-9321-6696E979BECA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/234071b4318feaeb27cd2e4e1b16ef6b055adf89","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/38f113f81d3f0adc658a4475dd3ecaec985e21d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5846715b6382dd4c6a69b35a56ca6115d33bc2a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/744dd97752ef1076a8d8672bb0d8aa2c7abc1144","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9de1eb0aac2862d6144b8db0ec1388e79f8bc3e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf477abd448c76bb8ea51c9b4f63a3a17c4b6239","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46281","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.817","lastModified":"2026-07-08T15:20:22.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmalloc: fix buffer overflow in vrealloc_node_align()\n\nCommit 4c5d3365882d (\"mm/vmalloc: allow to set node and align in\nvrealloc\") added the ability to force a new allocation if the current\npointer is on the wrong NUMA node, or if an alignment constraint is not\nmet, even if the user is shrinking the allocation.\n\nOn this path (need_realloc), the code allocates a new object of 'size'\nbytes and then memcpy()s 'old_size' bytes into it.  If the request is to\nshrink the object (size < old_size), this results in an out-of-bounds\nwrite on the new buffer.\n\nFix this by bounding the copy length by the new allocation size."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4c5d3365882dbbc0784688784904f440d7a4c0f1","lessThan":"e9b057a44deff4c59c13f44672a5cc74dcd57522","versionType":"git","status":"affected"},{"version":"4c5d3365882dbbc0784688784904f440d7a4c0f1","lessThan":"b281adf71f786c325eb6d6d1582d4d05313438a8","versionType":"git","status":"affected"},{"version":"4c5d3365882dbbc0784688784904f440d7a4c0f1","lessThan":"82d1f01292d3f09bf063f829f8ab8de12b4280a1","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.27","matchCriteriaId":"1A10DA86-4154-4102-9D63-807CF10A4352"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/82d1f01292d3f09bf063f829f8ab8de12b4280a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b281adf71f786c325eb6d6d1582d4d05313438a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9b057a44deff4c59c13f44672a5cc74dcd57522","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46282","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.940","lastModified":"2026-07-08T15:12:16.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: frequency: admv1013: fix NULL pointer dereference on str\n\nWhen device_property_read_string() fails, str is left uninitialized\nbut the code falls through to strcmp(str, ...), dereferencing a garbage\npointer. Replace manual read/strcmp with\ndevice_property_match_property_string() and consolidate the SE mode\nenums into a single sequential enum, mapping to hardware register\nvalues via a switch consistent with other bitfields in the driver.\n\nSeveral cleanup patches have been applied to this driver recently so\nthis will need a manual backport."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iio/frequency/admv1013.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"da35a7b526d9b258a2cb8b7816f736a41b32176b","lessThan":"3a9d8ec2051c2d80158ed7bded5e158c42870037","versionType":"git","status":"affected"},{"version":"da35a7b526d9b258a2cb8b7816f736a41b32176b","lessThan":"5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac","versionType":"git","status":"affected"},{"version":"da35a7b526d9b258a2cb8b7816f736a41b32176b","lessThan":"2dc8d26690bf4e7226409563221c37bc095c94ff","versionType":"git","status":"affected"},{"version":"da35a7b526d9b258a2cb8b7816f736a41b32176b","lessThan":"aac0a51b16700b403a55b67ba495de021db78763","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iio/frequency/admv1013.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.12.86","matchCriteriaId":"E9F33D27-F3AA-49EF-8A71-D0AA86C50602"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2dc8d26690bf4e7226409563221c37bc095c94ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3a9d8ec2051c2d80158ed7bded5e158c42870037","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aac0a51b16700b403a55b67ba495de021db78763","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46283","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:46.063","lastModified":"2026-07-08T15:11:08.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Use kfree_sensitive() to free auth session in tpm_dev_release()\n\ntpm_dev_release() uses plain kfree() to free chip->auth, which contains\nsensitive cryptographic material including HMAC session keys, nonces,\nand passphrase data (struct tpm2_auth).\n\nEvery other code path that frees this structure uses kfree_sensitive()\nto zero the memory before releasing it: both tpm2_end_auth_session()\nand tpm_buf_check_hmac_response() do so. The tpm_dev_release() path\nis the only one that does not, leaving key material in freed slab\nmemory until it is eventually overwritten.\n\nUse kfree_sensitive() for consistency with the rest of the driver and\nto ensure session keys are scrubbed during device teardown."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/char/tpm/tpm-chip.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"699e3efd6c645c741ea4d6d58282c56b6d108cf7","lessThan":"dd3ac52ea7a001406c7dbc663aae4b9f89da679a","versionType":"git","status":"affected"},{"version":"699e3efd6c645c741ea4d6d58282c56b6d108cf7","lessThan":"53e6d2d834df40960b655b353e7a8ff4d927e1c7","versionType":"git","status":"affected"},{"version":"699e3efd6c645c741ea4d6d58282c56b6d108cf7","lessThan":"84ced03172da544c9f8c0862faad48104f519352","versionType":"git","status":"affected"},{"version":"699e3efd6c645c741ea4d6d58282c56b6d108cf7","lessThan":"c424d2664f08c77f08b4580b5f0cbaabf7c229b2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/char/tpm/tpm-chip.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.86","matchCriteriaId":"DE217E72-2117-418C-97F0-213685E36DC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/53e6d2d834df40960b655b353e7a8ff4d927e1c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84ced03172da544c9f8c0862faad48104f519352","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c424d2664f08c77f08b4580b5f0cbaabf7c229b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd3ac52ea7a001406c7dbc663aae4b9f89da679a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46291","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:47.357","lastModified":"2026-07-08T15:21:30.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - guard HMAC key hex dumps in hash_digest_key\n\nUse print_hex_dump_devel() for dumping sensitive HMAC key bytes in\nhash_digest_key() to avoid leaking secrets at runtime when\nCONFIG_DYNAMIC_DEBUG is enabled."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/caam/caamalg_qi2.c","drivers/crypto/caam/caamhash.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"e8e72fdf47bd5ef7abe642b034c6178a61a8580a","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"cd849c07b8d706425e60a4dfcef54b7b67c967ce","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"a9207798fe619cbc85c8744a9b9e2af1db2b6e1a","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"2adbfca7452eeac45117b8e803288a2767f7075f","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"c7e52fe3f7901ccb9cd29b3f7c683d809ba87e48","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"5cffe3c136891aa4d579bf5c079a68f7cb371b0c","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"b8f12d9b00c1950779e5679b9c13908584682bb6","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"177730a273b18e195263ed953853273e901b5064","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/caam/caamalg_qi2.c","drivers/crypto/caam/caamhash.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.6","status":"affected"},{"version":"0","lessThan":"3.6","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.10.259","matchCriteriaId":"721E2892-A2C4-43EA-B05D-A638043DE3DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/177730a273b18e195263ed953853273e901b5064","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2adbfca7452eeac45117b8e803288a2767f7075f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5cffe3c136891aa4d579bf5c079a68f7cb371b0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a9207798fe619cbc85c8744a9b9e2af1db2b6e1a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b8f12d9b00c1950779e5679b9c13908584682bb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c7e52fe3f7901ccb9cd29b3f7c683d809ba87e48","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cd849c07b8d706425e60a4dfcef54b7b67c967ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8e72fdf47bd5ef7abe642b034c6178a61a8580a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46298","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.280","lastModified":"2026-07-08T14:49:04.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npseries/papr-hvpipe: Fix race with interrupt handler\n\nWhile executing ->ioctl handler or ->release handler, if an interrupt\nfires on the same cpu, then we can enter into a deadlock.\n\nThis patch fixes both these handlers to take spin_lock_irq{save|restore}\nversions of the lock to prevent this deadlock."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/powerpc/platforms/pseries/papr-hvpipe.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"814ef095f12c9fa142043ee689500f3a41bb6dab","lessThan":"342c966f81cfc3cb6c297e80b37a9f3a5d637d2c","versionType":"git","status":"affected"},{"version":"814ef095f12c9fa142043ee689500f3a41bb6dab","lessThan":"7a4f0846ee6cc8cf44ae0046ed42e3259d1dd45b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/powerpc/platforms/pseries/papr-hvpipe.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"7.0.7","matchCriteriaId":"B6254F94-5978-493F-9B48-7613CD207BD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/342c966f81cfc3cb6c297e80b37a9f3a5d637d2c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7a4f0846ee6cc8cf44ae0046ed42e3259d1dd45b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46299","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.393","lastModified":"2026-07-08T14:48:53.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix held lock freed on hfsplus_fill_super()\n\nhfsplus_fill_super() calls hfs_find_init() to initialize a search\nstructure, which acquires tree->tree_lock. If the subsequent call to\nhfsplus_cat_build_key() fails, the function jumps to the out_put_root\nerror label without releasing the lock. The later cleanup path then\nfrees the tree data structure with the lock still held, triggering a\nheld lock freed warning.\n\nFix this by adding the missing hfs_find_exit(&fd) call before jumping\nto the out_put_root error label. This ensures that tree->tree_lock is\nproperly released on the error path.\n\nThe bug was originally detected on v6.13-rc1 using an experimental\nstatic analysis tool we are developing, and we have verified that the\nissue persists in the latest mainline kernel. The tool is specifically\ndesigned to detect memory management issues. It is currently under active\ndevelopment and not yet publicly available.\n\nWe confirmed the bug by runtime testing under QEMU with x86_64 defconfig,\nlockdep enabled, and CONFIG_HFSPLUS_FS=y. To trigger the error path, we\nused GDB to dynamically shrink the max_unistr_len parameter to 1 before\nhfsplus_asc2uni() is called. This forces hfsplus_asc2uni() to naturally\nreturn -ENAMETOOLONG, which propagates to hfsplus_cat_build_key() and\nexercises the faulty error path. The following warning was observed\nduring mount:\n\n\t=========================\n\tWARNING: held lock freed!\n\t7.0.0-rc3-00016-gb4f0dd314b39 #4 Not tainted\n\t-------------------------\n\tmount/174 is freeing memory ffff888103f92000-ffff888103f92fff, with a lock still held there!\n\tffff888103f920b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x154/0x1e0\n\t2 locks held by mount/174:\n\t#0: ffff888103f960e0 (&type->s_umount_key#42/1){+.+.}-{4:4}, at: alloc_super.constprop.0+0x167/0xa40\n\t#1: ffff888103f920b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x154/0x1e0\n\n\tstack backtrace:\n\tCPU: 2 UID: 0 PID: 174 Comm: mount Not tainted 7.0.0-rc3-00016-gb4f0dd314b39 #4 PREEMPT(lazy)\n\tHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n\tCall Trace:\n\t<TASK>\n\tdump_stack_lvl+0x82/0xd0\n\tdebug_check_no_locks_freed+0x13a/0x180\n\tkfree+0x16b/0x510\n\t? hfsplus_fill_super+0xcb4/0x18a0\n\thfsplus_fill_super+0xcb4/0x18a0\n\t? __pfx_hfsplus_fill_super+0x10/0x10\n\t? srso_return_thunk+0x5/0x5f\n\t? bdev_open+0x65f/0xc30\n\t? srso_return_thunk+0x5/0x5f\n\t? pointer+0x4ce/0xbf0\n\t? trace_contention_end+0x11c/0x150\n\t? __pfx_pointer+0x10/0x10\n\t? srso_return_thunk+0x5/0x5f\n\t? bdev_open+0x79b/0xc30\n\t? srso_return_thunk+0x5/0x5f\n\t? srso_return_thunk+0x5/0x5f\n\t? vsnprintf+0x6da/0x1270\n\t? srso_return_thunk+0x5/0x5f\n\t? __mutex_unlock_slowpath+0x157/0x740\n\t? __pfx_vsnprintf+0x10/0x10\n\t? srso_return_thunk+0x5/0x5f\n\t? srso_return_thunk+0x5/0x5f\n\t? mark_held_locks+0x49/0x80\n\t? srso_return_thunk+0x5/0x5f\n\t? srso_return_thunk+0x5/0x5f\n\t? irqentry_exit+0x17b/0x5e0\n\t? trace_irq_disable.constprop.0+0x116/0x150\n\t? __pfx_hfsplus_fill_super+0x10/0x10\n\t? __pfx_hfsplus_fill_super+0x10/0x10\n\tget_tree_bdev_flags+0x302/0x580\n\t? __pfx_get_tree_bdev_flags+0x10/0x10\n\t? vfs_parse_fs_qstr+0x129/0x1a0\n\t? __pfx_vfs_parse_fs_qstr+0x3/0x10\n\tvfs_get_tree+0x89/0x320\n\tfc_mount+0x10/0x1d0\n\tpath_mount+0x5c5/0x21c0\n\t? __pfx_path_mount+0x10/0x10\n\t? trace_irq_enable.constprop.0+0x116/0x150\n\t? trace_irq_enable.constprop.0+0x116/0x150\n\t? srso_return_thunk+0x5/0x5f\n\t? srso_return_thunk+0x5/0x5f\n\t? kmem_cache_free+0x307/0x540\n\t? user_path_at+0x51/0x60\n\t? __x64_sys_mount+0x212/0x280\n\t? srso_return_thunk+0x5/0x5f\n\t__x64_sys_mount+0x212/0x280\n\t? __pfx___x64_sys_mount+0x10/0x10\n\t? srso_return_thunk+0x5/0x5f\n\t? trace_irq_enable.constprop.0+0x116/0x150\n\t? srso_return_thunk+0x5/0x5f\n\tdo_syscall_64+0x111/0x680\n\tentry_SYSCALL_64_after_hwframe+0x77/0x7f\n\tRIP: 0033:0x7ffacad55eae\n\tCode: 48 8b 0d 85 1f 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 8\n\tRSP: 002b\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/hfsplus/super.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"e890656accee4c26d932ea388eb8936a6e22184d","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"6499c9c8ec437a369e7e221dad91f6122b50759d","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"c554ddc87af4d4e4be42f8aed1baec9e1c7588e0","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"3ca80e3012c8be85b4f8d0d20eac8d3b17ff257e","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"041acda6d9f96006703466449c10c9a69590c8b9","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"d309d3308de658d87c42d97e044c89a226327526","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"bfbcce6a7b0552a390620d9b2c4d2bcb1825cbdc","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"90c500e4fd83fa33c09bc7ee23b6d9cc487ac733","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/hfsplus/super.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.19","status":"affected"},{"version":"0","lessThan":"3.19","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19","versionEndExcluding":"5.10.259","matchCriteriaId":"B7671B6F-58A3-4C86-AD1F-9A93A153C5C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/041acda6d9f96006703466449c10c9a69590c8b9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3ca80e3012c8be85b4f8d0d20eac8d3b17ff257e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6499c9c8ec437a369e7e221dad91f6122b50759d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90c500e4fd83fa33c09bc7ee23b6d9cc487ac733","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfbcce6a7b0552a390620d9b2c4d2bcb1825cbdc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c554ddc87af4d4e4be42f8aed1baec9e1c7588e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d309d3308de658d87c42d97e044c89a226327526","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e890656accee4c26d932ea388eb8936a6e22184d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46301","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.560","lastModified":"2026-07-08T14:48:44.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: topcliff-pch: fix use-after-free on unbind\n\nGive the driver a chance to flush its queue before releasing the DMA\nbuffers on driver unbind"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/spi/spi-topcliff-pch.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"43334836b907adc21eab3079d2e6b26754468786","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"36e58c436d2c2a797800427dc04d74ffd8b6ce1c","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"4ca90deeca1c7dd72c1c380ba8143565516def2d","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"d79e92161b65832e0b8cad5f3d84d17e5cd7a970","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"8822980668c96b5aa251c1e2daec1873262b8f3f","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"d50ef3553acbacce6f2843304d41d06dca358bb6","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"0e8e57f9737ea257634db1d152fc430a0788a3e1","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"9d72732fe70c11424bc90ed466c7ccfa58b42a9a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/spi/spi-topcliff-pch.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.1","status":"affected"},{"version":"0","lessThan":"3.1","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.258","matchCriteriaId":"B5F925AF-0571-45EB-B3C7-3046B450381F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e8e57f9737ea257634db1d152fc430a0788a3e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36e58c436d2c2a797800427dc04d74ffd8b6ce1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/43334836b907adc21eab3079d2e6b26754468786","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ca90deeca1c7dd72c1c380ba8143565516def2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8822980668c96b5aa251c1e2daec1873262b8f3f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9d72732fe70c11424bc90ed466c7ccfa58b42a9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d50ef3553acbacce6f2843304d41d06dca358bb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d79e92161b65832e0b8cad5f3d84d17e5cd7a970","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46302","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.707","lastModified":"2026-07-08T14:48:36.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: allow multiple opens of /sys/fs/selinux/policy\n\nCurrently there can only be a single open of /sys/fs/selinux/policy at\nany time. This allows any process to block any other process from\nreading the kernel policy. The original motivation seems to have been\na mix of preventing an inconsistent view of the policy size and\npreventing userspace from allocating kernel memory without bound, but\nthis is arguably equally bad. Eliminate the policy_opened flag and\nshrink the critical section that the policy mutex is held. While we\nare making changes here, drop a couple of extraneous BUG_ONs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/selinux/selinuxfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cee74f47a6baba0ac457e87687fdcf0abd599f0a","lessThan":"714362f3779dfa453a78ced32396a72726962a41","versionType":"git","status":"affected"},{"version":"cee74f47a6baba0ac457e87687fdcf0abd599f0a","lessThan":"a02cd6805562305f936e807da83e253b719dd965","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/selinux/selinuxfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.37","status":"affected"},{"version":"0","lessThan":"2.6.37","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.37","versionEndExcluding":"7.0.7","matchCriteriaId":"DA80713D-F193-4E13-A301-ABB21A01CE03"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/714362f3779dfa453a78ced32396a72726962a41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a02cd6805562305f936e807da83e253b719dd965","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46303","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.853","lastModified":"2026-07-08T14:48:22.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: validate Rock Ridge CE continuation extent against volume size\n\nrock_continue() reads rs->cont_extent verbatim from the Rock Ridge CE\nrecord and passes it to sb_bread() without checking that the block\nnumber is within the mounted ISO 9660 volume.  commit e595447e177b\n(\"[PATCH] rock.c: handle corrupted directories\") added cont_offset\nand cont_size rejection for the CE continuation but did not validate\nthe extent block number itself.  commit f54e18f1b831 (\"isofs: Fix\ninfinite looping over CE entries\") later capped the CE chain length\nat RR_MAX_CE_ENTRIES = 32 but again left the block number unchecked.\n\nWith a crafted ISO mounted via udisks2 (desktop optical auto-mount)\nor via CAP_SYS_ADMIN mount, rs->cont_extent can therefore point at\nan out-of-range block or at blocks belonging to an adjacent\nfilesystem on the same block device.  sb_bread() on an out-of-range\nblock returns NULL cleanly via the block layer EIO path, so there\nis no memory-safety violation.  For in-range reads of adjacent-\nfilesystem data, the CE buffer is parsed as Rock Ridge records and\nonly the text of SL sub-records reaches userspace through\nreadlink(), which makes the info-leak channel narrow and difficult\nto exploit; still, rejecting the malformed CE outright matches the\nrejection shape already present in the same function for\ncont_offset and cont_size.\n\nAdd an ISOFS_SB(sb)->s_nzones bounds check to rock_continue() next\nto the existing offset/size rejection, printing the same\ncorrupted-directory-entry notice."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/isofs/rock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"8356fb821016797f5677cbeee5ddc0d32a95b4be","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"d582e12378bc1637f337622feef762f53c43fd57","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"bf1bc673c587f5ef7e9c09b94aea7c5a7847d4d9","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"c9b37c8b73f6368e4750e5ccb0632c380b43c6e5","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"22b36fa081f38ab397c7697f9d539211b51a0cfc","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"e69da8eeab74b4f4505024c38a17bce060fe7df8","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"ef048470c90bc8c1b8318bb2ce329da9ef64b9fe","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"a36d990f591320e9dd379ab30063ebfe91d47e1f","versionType":"git","status":"affected"},{"version":"08313e26e06d4aa9ce1cbba1a8e359e9cab9ad56","versionType":"git","status":"affected"},{"version":"212c4d33ca83e2144064fe9c2911607fbed5386f","versionType":"git","status":"affected"},{"version":"96e44adce250199ec9b2b928be66365779ff1b59","versionType":"git","status":"affected"},{"version":"1fe5620fcd6c2f0a4a927ee10c8e53196da392f3","versionType":"git","status":"affected"},{"version":"fbce0d7dc8965c9fb8d411862040239d4a768c71","versionType":"git","status":"affected"},{"version":"8190393a88f2b0321263a54f2a9eb5a2aa43be7e","versionType":"git","status":"affected"},{"version":"486aa789eadcf44ed87f972b209299c516454693","versionType":"git","status":"affected"},{"version":"b6d20edb6e7cedb4eedb9e0193d20dd488ebae84","versionType":"git","status":"affected"},{"version":"2.6.32.66","lessThan":"2.6.33","versionType":"semver","status":"affected"},{"version":"3.2.67","lessThan":"3.3","versionType":"semver","status":"affected"},{"version":"3.4.107","lessThan":"3.5","versionType":"semver","status":"affected"},{"version":"3.10.64","lessThan":"3.11","versionType":"semver","status":"affected"},{"version":"3.12.36","lessThan":"3.13","versionType":"semver","status":"affected"},{"version":"3.14.28","lessThan":"3.15","versionType":"semver","status":"affected"},{"version":"3.17.8","lessThan":"3.18","versionType":"semver","status":"affected"},{"version":"3.18.2","lessThan":"3.19","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/isofs/rock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.19","status":"affected"},{"version":"0","lessThan":"3.19","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32.66","versionEndExcluding":"2.6.33","matchCriteriaId":"AE79466A-8004-4545-9F2B-9AE61FF25E49"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.67","versionEndExcluding":"3.3","matchCriteriaId":"E339763B-0FFB-4F77-925F-B75B0574196F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.107","versionEndExcluding":"3.5","matchCriteriaId":"5D756A04-79C7-4DB6-9A50-9E8E5B2757F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.64","versionEndExcluding":"3.11","matchCriteriaId":"2B3FB946-FA61-41D1-8295-A7D889D63B3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.36","versionEndExcluding":"3.13","matchCriteriaId":"881E140A-B761-4577-B10F-CF48988916FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14.28","versionEndExcluding":"3.15","matchCriteriaId":"BA5F1F71-BA36-4EC2-A59D-E285C9983115"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17.8","versionEndExcluding":"3.18","matchCriteriaId":"1743B4F8-1859-415F-9EB5-A33C53ABCD2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.2","versionEndExcluding":"5.10.258","matchCriteriaId":"5C5C08E2-8006-4964-BA58-B339247E1301"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/22b36fa081f38ab397c7697f9d539211b51a0cfc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8356fb821016797f5677cbeee5ddc0d32a95b4be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a36d990f591320e9dd379ab30063ebfe91d47e1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf1bc673c587f5ef7e9c09b94aea7c5a7847d4d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9b37c8b73f6368e4750e5ccb0632c380b43c6e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d582e12378bc1637f337622feef762f53c43fd57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e69da8eeab74b4f4505024c38a17bce060fe7df8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ef048470c90bc8c1b8318bb2ce329da9ef64b9fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46304","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.053","lastModified":"2026-07-08T14:48:12.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free\n\nnvmet_tcp_release_queue_work() runs on nvmet-wq and can drop the\nfinal controller reference through nvmet_cq_put(). If that triggers\nnvmet_ctrl_free(), the teardown path flushes ctrl->async_event_work on\nthe same nvmet-wq.\n\nCall chain:\n\n nvmet_tcp_schedule_release_queue()\n   kref_put(&queue->kref, nvmet_tcp_release_queue)\n     nvmet_tcp_release_queue()\n       queue_work(nvmet_wq, &queue->release_work) <--- nvmet_wq\n         process_one_work()\n           nvmet_tcp_release_queue_work()\n             nvmet_cq_put(&queue->nvme_cq)\n               nvmet_cq_destroy()\n                 nvmet_ctrl_put(cq->ctrl)\n                   nvmet_ctrl_free()\n                     flush_work(&ctrl->async_event_work) <--- nvmet_wq\n\n                      Previously Scheduled by :-\n\t\t        nvmet_add_async_event\n\t\t          queue_work(nvmet_wq, &ctrl->async_event_work);\n\nThis trips lockdep with a possible recursive locking warning.\n\n[ 5223.015876] run blktests nvme/003 at 2026-04-07 20:53:55\n[ 5223.061801] loop0: detected capacity change from 0 to 2097152\n[ 5223.072206] nvmet: adding nsid 1 to subsystem blktests-subsystem-1\n[ 5223.088368] nvmet_tcp: enabling port 0 (127.0.0.1:4420)\n[ 5223.126086] nvmet: Created discovery controller 1 for subsystem nqn.2014-08.org.nvmexpress.discovery for NQN nqn.2014-08.org.nvmexpress:uuid:0f01fb42-9f7f-4856-b0b3-51e60b8de349.\n[ 5223.128453] nvme nvme1: new ctrl: NQN \"nqn.2014-08.org.nvmexpress.discovery\", addr 127.0.0.1:4420, hostnqn: nqn.2014-08.org.nvmexpress:uuid:0f01fb42-9f7f-4856-b0b3-51e60b8de349\n[ 5233.199447] nvme nvme1: Removing ctrl: NQN \"nqn.2014-08.org.nvmexpress.discovery\"\n\n[ 5233.227718] ============================================\n[ 5233.231283] WARNING: possible recursive locking detected\n[ 5233.234696] 7.0.0-rc3nvme+ #20 Tainted: G           O     N\n[ 5233.238434] --------------------------------------------\n[ 5233.241852] kworker/u192:6/2413 is trying to acquire lock:\n[ 5233.245429] ffff888111632548 ((wq_completion)nvmet-wq){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x26/0x90\n[ 5233.251438]\n               but task is already holding lock:\n[ 5233.255254] ffff888111632548 ((wq_completion)nvmet-wq){+.+.}-{0:0}, at: process_one_work+0x5cc/0x6e0\n[ 5233.261125]\n               other info that might help us debug this:\n[ 5233.265333]  Possible unsafe locking scenario:\n\n[ 5233.269217]        CPU0\n[ 5233.270795]        ----\n[ 5233.272436]   lock((wq_completion)nvmet-wq);\n[ 5233.275241]   lock((wq_completion)nvmet-wq);\n[ 5233.278020]\n                *** DEADLOCK ***\n\n[ 5233.281793]  May be due to missing lock nesting notation\n\n[ 5233.286195] 3 locks held by kworker/u192:6/2413:\n[ 5233.289192]  #0: ffff888111632548 ((wq_completion)nvmet-wq){+.+.}-{0:0}, at: process_one_work+0x5cc/0x6e0\n[ 5233.294569]  #1: ffffc9000e2a7e40 ((work_completion)(&queue->release_work)){+.+.}-{0:0}, at: process_one_work+0x1c5/0x6e0\n[ 5233.300128]  #2: ffffffff82d7dc40 (rcu_read_lock){....}-{1:3}, at: __flush_work+0x62/0x530\n[ 5233.304290]\n               stack backtrace:\n[ 5233.306520] CPU: 4 UID: 0 PID: 2413 Comm: kworker/u192:6 Tainted: G           O     N  7.0.0-rc3nvme+ #20 PREEMPT(full)\n[ 5233.306524] Tainted: [O]=OOT_MODULE, [N]=TEST\n[ 5233.306525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014\n[ 5233.306527] Workqueue: nvmet-wq nvmet_tcp_release_queue_work [nvmet_tcp]\n[ 5233.306532] Call Trace:\n[ 5233.306534]  <TASK>\n[ 5233.306536]  dump_stack_lvl+0x73/0xb0\n[ 5233.306552]  print_deadlock_bug+0x225/0x2f0\n[ 5233.306556]  __lock_acquire+0x13f0/0x2290\n[ 5233.306563]  lock_acquire+0xd0/0x300\n[ 5233.306565]  ? touch_wq_lockdep_map+0x26/0x90\n[ 5233.306571]  ? __flush_work+0x20b/0x530\n[ 5233.306573]  ? touch_wq_lockdep_map+0x26/0x90\n[ 5233.306577]  touch_wq_lockdep_map+0x3b/0x90\n[ 5233.306580]  ? touch_wq_lockdep_map+0x26/0x90\n[ 52\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/nvme/target/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"ae5b0cad163833e10b271e9becc05d81dae56e5f","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"8d66ba89480ff098a58d79003a505f383aa4e920","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"a696fbbd5240b4ac9b166f7bd4c550882ff543f1","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"9a4d7222c0955b221e38bb66d10e6bccb672c8a1","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"ee6e20c4bc9eae542a0954a368449532383169d4","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"781f47d641432c26c19625b2cdd7f40825097592","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"551f445a56a11a6457550cddcf39c9ebb8bcacc6","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"aade8abd8b868b6ffa9697aadaea28ec7f65bee6","versionType":"git","status":"affected"},{"version":"3976dd677e891c0b2c63d08028d445663539472c","versionType":"git","status":"affected"},{"version":"4.9.68","lessThan":"4.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/nvme/target/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.68","versionEndExcluding":"4.10","matchCriteriaId":"F852DBF1-7260-4E35-8D25-C8F8EEF895D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10.1","versionEndExcluding":"5.10.258","matchCriteriaId":"13B8D12A-AFCB-4D1D-8998-0A1CF5BCAC14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10:-:*:*:*:*:*:*","matchCriteriaId":"C201E405-86F2-4F96-984A-00A865219C86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10:rc6:*:*:*:*:*:*","matchCriteriaId":"09B6110F-7933-484D-AEAF-5D15FF38647E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10:rc7:*:*:*:*:*:*","matchCriteriaId":"75694C52-0ADF-45EC-80AC-D973535B5CB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10:rc8:*:*:*:*:*:*","matchCriteriaId":"29F29665-6B16-4D9F-A417-D0743395DF01"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/551f445a56a11a6457550cddcf39c9ebb8bcacc6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/781f47d641432c26c19625b2cdd7f40825097592","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d66ba89480ff098a58d79003a505f383aa4e920","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a4d7222c0955b221e38bb66d10e6bccb672c8a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a696fbbd5240b4ac9b166f7bd4c550882ff543f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aade8abd8b868b6ffa9697aadaea28ec7f65bee6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae5b0cad163833e10b271e9becc05d81dae56e5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee6e20c4bc9eae542a0954a368449532383169d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46305","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.253","lastModified":"2026-07-08T14:47:58.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc\n\nThe return value of kzalloc_flex() is used without\nensuring that the allocation succeeded, and the\npointer is dereferenced unconditionally.\n\nGuard the access to the allocated structure to\navoid a potential NULL pointer dereference if the\nallocation fails."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/staging/rtl8723bs/os_dep/osdep_service.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"980cd426a25747daf8ed25e2a1904b2d26ffbb3d","lessThan":"0a5f411becfb7c57aa89827213d31ef23a03d75a","versionType":"git","status":"affected"},{"version":"980cd426a25747daf8ed25e2a1904b2d26ffbb3d","lessThan":"bc851db06045a40c18233dd76ef0562d7f8bb6db","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/staging/rtl8723bs/os_dep/osdep_service.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"7.0.7","matchCriteriaId":"FD366C5A-E83E-40D3-BB82-BD3DEB7815B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a5f411becfb7c57aa89827213d31ef23a03d75a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc851db06045a40c18233dd76ef0562d7f8bb6db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46306","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.383","lastModified":"2026-07-08T14:47:47.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nflow_dissector: do not dissect PPPoE PFC frames\n\nRFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT\nRECOMMENDED for PPPoE. In practice, pppd does not support negotiating\nPFC for PPPoE sessions, and the flow dissector driver has assumed an\nuncompressed frame until the blamed commit.\n\nDuring the review process of that commit [1], support for PFC is\nsuggested. However, having a compressed (1-byte) protocol field means\nthe subsequent PPP payload is shifted by one byte, causing 4-byte\nmisalignment for the network header and an unaligned access exception\non some architectures.\n\nThe exception can be reproduced by sending a PPPoE PFC frame to an\nethernet interface of a MIPS board, with RPS enabled, even if no PPPoE\nsession is active on that interface:\n\n$ 0   : 00000000 80c40000 00000000 85144817\n$ 4   : 00000008 00000100 80a75758 81dc9bb8\n$ 8   : 00000010 8087ae2c 0000003d 00000000\n$12   : 000000e0 00000039 00000000 00000000\n$16   : 85043240 80a75758 81dc9bb8 00006488\n$20   : 0000002f 00000007 85144810 80a70000\n$24   : 81d1bda0 00000000\n$28   : 81dc8000 81dc9aa8 00000000 805ead08\nHi    : 00009d51\nLo    : 2163358a\nepc   : 805e91f0 __skb_flow_dissect+0x1b0/0x1b50\nra    : 805ead08 __skb_get_hash_net+0x74/0x12c\nStatus: 11000403        KERNEL EXL IE\nCause : 40800010 (ExcCode 04)\nBadVA : 85144817\nPrId  : 0001992f (MIPS 1004Kc)\nCall Trace:\n[<805e91f0>] __skb_flow_dissect+0x1b0/0x1b50\n[<805ead08>] __skb_get_hash_net+0x74/0x12c\n[<805ef330>] get_rps_cpu+0x1b8/0x3fc\n[<805fca70>] netif_receive_skb_list_internal+0x324/0x364\n[<805fd120>] napi_complete_done+0x68/0x2a4\n[<8058de5c>] mtk_napi_rx+0x228/0xfec\n[<805fd398>] __napi_poll+0x3c/0x1c4\n[<805fd754>] napi_threaded_poll_loop+0x234/0x29c\n[<805fd848>] napi_threaded_poll+0x8c/0xb0\n[<80053544>] kthread+0x104/0x12c\n[<80002bd8>] ret_from_kernel_thread+0x14/0x1c\n\nCode: 02d51821  1060045b  00000000 <8c640000> 3084000f  2c820005  144001a2  00042080  8e220000\n\nTo reduce the attack surface and maintain performance, do not process\nPPPoE PFC frames.\n\n[1] https://lore.kernel.org/r/20220630231016.GA392@debian.home"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/flow_dissector.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"10f665b52a75df6eb26ddebbbc072ee264183731","lessThan":"e7c811ca372d53c2be7d01a1614e71fae1054836","versionType":"git","status":"affected"},{"version":"d7e541e86122d21f71eb71c5dfa7fb1eb6623fe8","lessThan":"abc5bc84e0f2edc7ea2d437afa6ef3fe1fc43200","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"18ae9eacfc95cc715c0606b2c86e8aa8a86cf3e3","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"db104b0d8a7856397c0469d83a4289adf7c54863","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"6044392d9cace3a3672b02c8bc7d38b502e51734","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"0d00b9015069712944934bab09eaa6c542143049","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"7c93f353eab4ea911e394630f07d72e040a729d8","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"d6c19b31a3c1d519fabdcf0aa239e6b6109b9473","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/flow_dissector.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.175","matchCriteriaId":"58CA276A-38F2-4887-9AE9-787C2AF59753"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0d00b9015069712944934bab09eaa6c542143049","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/18ae9eacfc95cc715c0606b2c86e8aa8a86cf3e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6044392d9cace3a3672b02c8bc7d38b502e51734","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c93f353eab4ea911e394630f07d72e040a729d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/abc5bc84e0f2edc7ea2d437afa6ef3fe1fc43200","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6c19b31a3c1d519fabdcf0aa239e6b6109b9473","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db104b0d8a7856397c0469d83a4289adf7c54863","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7c811ca372d53c2be7d01a1614e71fae1054836","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46307","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.547","lastModified":"2026-07-08T14:47:35.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath5k: do not access array OOB\n\nVincent reports:\n> The ath5k driver seems to do an array-index-out-of-bounds access as\n> shown by the UBSAN kernel message:\n> UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath5k/base.c:1741:20\n> index 4 is out of range for type 'ieee80211_tx_rate [4]'\n> ...\n> Call Trace:\n>  <TASK>\n>  dump_stack_lvl+0x5d/0x80\n>  ubsan_epilogue+0x5/0x2b\n>  __ubsan_handle_out_of_bounds.cold+0x46/0x4b\n>  ath5k_tasklet_tx+0x4e0/0x560 [ath5k]\n>  tasklet_action_common+0xb5/0x1c0\n\nIt is real. 'ts->ts_final_idx' can be 3 on 5212, so:\n   info->status.rates[ts->ts_final_idx + 1].idx = -1;\nwith the array defined as:\n   struct ieee80211_tx_rate rates[IEEE80211_TX_MAX_RATES];\nwhile the size is:\n   #define IEEE80211_TX_MAX_RATES  4\nis indeed bogus.\n\nSet this 'idx = -1' sentinel only if the array index is less than the\narray size. As mac80211 will not look at rates beyond the size\n(IEEE80211_TX_MAX_RATES).\n\nNote: The effect of the OOB write is negligible. It just overwrites the\nnext member of info->status, i.e. ack_signal."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/ath/ath5k/base.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"ecb1c163166759dec004c1fdb9709b8a5992fc8e","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"9dd6aae4bc7bfa11088d928670a3315eae542769","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"744c19e266b0d2628c5951439195dcef27eadacf","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"83226c71af53fb9b3cad40cb9a9a79f36d68c020","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"d6869537013b1f21b292342752d97868b79b5934","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"e9f1081bc775146156def0dbc821b92f35d56afb","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"568173ad9bd0b46cc6cd937dea8791e9b5eefa57","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"d748603f12baff112caa3ab7d39f50100f010dbd","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/ath/ath5k/base.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.0","status":"affected"},{"version":"0","lessThan":"3.0","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.10.258","matchCriteriaId":"ADE9309F-1058-4BD7-8F94-3FE94CF5B8A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/568173ad9bd0b46cc6cd937dea8791e9b5eefa57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/744c19e266b0d2628c5951439195dcef27eadacf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83226c71af53fb9b3cad40cb9a9a79f36d68c020","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9dd6aae4bc7bfa11088d928670a3315eae542769","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6869537013b1f21b292342752d97868b79b5934","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d748603f12baff112caa3ab7d39f50100f010dbd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9f1081bc775146156def0dbc821b92f35d56afb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecb1c163166759dec004c1fdb9709b8a5992fc8e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46308","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.707","lastModified":"2026-07-08T14:47:18.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy()\n\nIn scpsys_get_bus_protection_legacy(), of_find_node_with_property()\nreturns a device node with its reference count incremented. The function\nthen calls of_node_put(node) before checking whether\nsyscon_regmap_lookup_by_phandle() returns an error. If an error occurs,\ndev_err_probe() dereferences the node pointer to print diagnostic\ninformation, but the node memory may have already been freed due to the\nearlier of_node_put(), leading to a use-after-free vulnerability.\n\nFix this by moving the of_node_put() call after the error check, ensuring\nthe node is still valid when accessed in the error path."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/pmdomain/mediatek/mtk-pm-domains.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c29345fa5f66bea0790cf2219f57b974d4fc177b","lessThan":"cb27e43c0511e9e1ca8818d231656070b11c18cf","versionType":"git","status":"affected"},{"version":"c29345fa5f66bea0790cf2219f57b974d4fc177b","lessThan":"38d8410021b55d226847b2ac8d189d89fe5a8866","versionType":"git","status":"affected"},{"version":"c29345fa5f66bea0790cf2219f57b974d4fc177b","lessThan":"ec1fcddb3117d9452210e838fd37389ee61e10e8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/pmdomain/mediatek/mtk-pm-domains.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.30","matchCriteriaId":"9EB9FADE-E22F-41C2-9790-4F5564D59E62"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/38d8410021b55d226847b2ac8d189d89fe5a8866","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cb27e43c0511e9e1ca8818d231656070b11c18cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec1fcddb3117d9452210e838fd37389ee61e10e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46309","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.820","lastModified":"2026-07-08T14:52:28.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise\n\nAdd validation in xe_vm_madvise_ioctl() to reject PAT indices with\nXE_COH_NONE coherency mode when applied to CPU cached memory.\n\nUsing coh_none with CPU cached buffers is a security issue. When the\nkernel clears pages before reallocation, the clear operation stays in\nCPU cache (dirty). GPU with coh_none can bypass CPU caches and read\nstale sensitive data directly from DRAM, potentially leaking data from\npreviously freed pages of other processes.\n\nThis aligns with the existing validation in vm_bind path\n(xe_vm_bind_ioctl_validate_bo).\n\nv2(Matthew brost)\n- Add fixes\n- Move one debug print to better place\n\nv3(Matthew Auld)\n- Should be drm/xe/uapi\n- More Cc\n\nv4(Shuicheng Lin)\n- Fix kmem leak issues by the way\n\nv5\n- Remove kmem leak because it has been merged by another patch\n\nv6\n- Remove the fix which is not related to current fix\n\nv7\n- No change\n\nv8\n- Rebase\n\nv9\n- Limit the restrictions to iGPU\n\nv10\n- No change\n\n(cherry picked from commit 016ccdb674b8c899940b3944952c96a6a490d10a)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/xe/xe_vm_madvise.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ada7486c5668db542a7d361268df931aca5b726a","lessThan":"87f9b1528e1ffc1da3615d552c9a06aba5e20b00","versionType":"git","status":"affected"},{"version":"ada7486c5668db542a7d361268df931aca5b726a","lessThan":"fea04cf6f2345bc50f15b6638906c35962b89424","versionType":"git","status":"affected"},{"version":"ada7486c5668db542a7d361268df931aca5b726a","lessThan":"4e5591c2fc1b30f4ea5e2eab4c3a695acc404e39","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/xe/xe_vm_madvise.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-524"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.32","matchCriteriaId":"C29FBB84-11C5-4598-8812-17C64D98F7F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4e5591c2fc1b30f4ea5e2eab4c3a695acc404e39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87f9b1528e1ffc1da3615d552c9a06aba5e20b00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fea04cf6f2345bc50f15b6638906c35962b89424","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-46309","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486468","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46309.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46310","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.943","lastModified":"2026-07-08T14:51:33.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: renesas: vsp1: Fix NULL pointer deref on module unload\n\nWhen unloading the module on gen 4, we hit a NULL pointer dereference.\nThis is caused by the cleanup code calling vsp1_drm_cleanup() where it\nshould be calling vsp1_vspx_cleanup().\n\nFix this by checking the IP version and calling the drm or vspx function\naccordingly, the same way as the init code does."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/platform/renesas/vsp1/vsp1_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d06c1a9f348d22478c6bc5684f9c990e15ada1e9","lessThan":"bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98","versionType":"git","status":"affected"},{"version":"d06c1a9f348d22478c6bc5684f9c990e15ada1e9","lessThan":"c4bb1515b26663e5230603892e67f2cc7df9f0ca","versionType":"git","status":"affected"},{"version":"d06c1a9f348d22478c6bc5684f9c990e15ada1e9","lessThan":"58b1e9664d8f74d55d8411cc7a7b275a76a6f24f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/platform/renesas/vsp1/vsp1_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.32","matchCriteriaId":"AB70B664-FBEC-44D2-8EE3-2EC62F0006A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/58b1e9664d8f74d55d8411cc7a7b275a76a6f24f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c4bb1515b26663e5230603892e67f2cc7df9f0ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46311","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:50.053","lastModified":"2026-07-08T14:51:25.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/userq: fix access to stale wptr mapping\n\nUse drm_exec to take both locks i.e vm root bo and\nwptr_obj bo to access the mapping data properly.\n\nThis fixes the security issue of unmap the wptr_obj while\na queue creation is in progress and passing other\nbo at same address.\n\n(cherry picked from commit 1fc6c8ab45dbee096469c08c13f6099d57a52d6c)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdgpu/mes_userqueue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5fb2f7fc21a3668e5794cc0d153641b9719713e1","lessThan":"336a9186f3a4b65bbd865d93936605ac8a1a3991","versionType":"git","status":"affected"},{"version":"5fb2f7fc21a3668e5794cc0d153641b9719713e1","lessThan":"6da7b1242da4455b11c24ce667d1cab1a348c8ea","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdgpu/mes_userqueue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"7.0.9","matchCriteriaId":"55FA23CC-1F5B-49A6-AE4B-FA3DF99F72EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/336a9186f3a4b65bbd865d93936605ac8a1a3991","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6da7b1242da4455b11c24ce667d1cab1a348c8ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46312","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:50.160","lastModified":"2026-07-08T14:51:14.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: videobuf2: Set vma_flags in vb2_dma_sg_mmap\n\nvb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not\nsee a reason why vb2_dma_sg should behave differently. This avoids\nhitting `WARN_ON(!(vma->vm_flags & VM_DONTEXPAND));` in\ndrm_gem_mmap_obj() during mmap() of an imported dma-buf from the out of\ntree Apple ISP camera capture driver which uses vb2_dma_sg_memops.\n\ngst-launch-1.0 v4l2src ! gtk4paintablesink\n\n[   38.201528] ------------[ cut here ]------------\n[   38.202135] WARNING: CPU: 7 PID: 2362 at drivers/gpu/drm/drm_gem.c:1144 drm_gem_mmap_obj+0x1f8/0x210\n[   38.203278] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer\nsnd_seq snd_seq_device uinput nf_conntrack_netbios_ns\nnf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat\nnf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr bnep\nnls_ascii i2c_dev loop fuse dm_multipath nfnetlink brcmfmac_wcc\nhid_magicmouse hci_bcm4377 brcmfmac brcmutil bluetooth ecdh_generic\ncfg80211 ecc btrfs xor xor_neon rfkill hid_apple raid6_pq joydev\naop_als apple_nvmem_spmi industrialio snd_soc_aop apple_z2\nsnd_soc_cs42l84 tps6598x snd_soc_tas2764 macsmc_reboot spi_nor\nmacsmc_hwmon rtc_macsmc gpio_macsmc macsmc_power regmap_spmi\nmacsmc_input dockchannel_hid panel_summit appledrm nvme_apple dwc3\nsnd_soc_macaudio drm_client_lib nvme_core phy_apple_atc hwmon\napple_sart apple_dockchannel macsmc apple_rtkit_helper\nspmi_apple_controller aop apple_wdt mfd_core nvmem_apple_efuses\npinctrl_apple_gpio apple_isp apple_dcp videobuf2_dma_sg mux_core\nspi_apple\n[   38.203300]  videobuf2_memops i2c_pasemi_platform snd_soc_apple_mca videobuf2_v4l2 videodev clk_apple_nco videobuf2_common snd_pcm_dmaengine adpdrm asahi apple_admac adpdrm_mipi drm_dma_helper pwm_apple i2c_pasemi_core drm_display_helper mc cec apple_dart ofpart apple_soc_cpufreq leds_pwm phram\n[   38.217677] CPU: 7 UID: 1000 PID: 2362 Comm: gst-launch-1.0 Tainted: G        W           6.17.6+ #asahi-dev PREEMPT(full)\n[   38.219040] Tainted: [W]=WARN\n[   38.219398] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT)\n[   38.220213] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[   38.221088] pc : drm_gem_mmap_obj+0x1f8/0x210\n[   38.221643] lr : drm_gem_mmap_obj+0x78/0x210\n[   38.222178] sp : ffffc0008dc678e0\n[   38.222579] x29: ffffc0008dc678e0 x28: 0000000000042a97 x27: ffff8000b701b480\n[   38.223465] x26: 00000000000000fb x25: ffffc0008dc67d20 x24: ffffc0008dc67968\n[   38.224402] x23: ffff8000e3ca5600 x22: ffff8000265b7800 x21: ffff80003000c0c0\n[   38.225279] x20: 0000000000000000 x19: ffff8000b68c5200 x18: ffffc0008dc67968\n[   38.226151] x17: 0000000000000000 x16: 0000000000000000 x15: ffffc000810a30a8\n[   38.227042] x14: 00007fff637effff x13: 00005555de91ffff x12: 00007fff63293fff\n[   38.227942] x11: 0000000000000000 x10: ffff8000184ecf08 x9 : ffffc0007a1900c8\n[   38.228824] x8 : ffffc0008dc67968 x7 : 0000000000000012 x6 : ffffc0015cf1c000\n[   38.229703] x5 : ffffc0008dc676a0 x4 : ffffc00081a27dc0 x3 : 0000000000000038\n[   38.230607] x2 : 0000000000000003 x1 : 0000000000000003 x0 : 00000000100000fb\n[   38.231488] Call trace:\n[   38.231806]  drm_gem_mmap_obj+0x1f8/0x210 (P)\n[   38.232342]  drm_gem_mmap+0x140/0x260\n[   38.232813]  __mmap_region+0x488/0x9a0\n[   38.233277]  mmap_region+0xd0/0x148\n[   38.233703]  do_mmap+0x350/0x5c0\n[   38.234148]  vm_mmap_pgoff+0x14c/0x200\n[   38.234612]  ksys_mmap_pgoff+0x150/0x208\n[   38.235107]  __arm64_sys_mmap+0x34/0x50\n[   38.235611]  invoke_syscall+0x50/0x120\n[   38.236075]  el0_svc_common.constprop.0+0x48/0xf0\n[   38.236680]  do_el0_svc+0x24/0x38\n[   38.237113]  el0_svc+0x38/0x168\n[   38.237507]  el0t_64_sync_handler+0xa0/0xe8\n[   38.238034]  el0t_64_sync+0x198/0x1a0\n[   38.238491] ---[ end trace 0000000000000000 ]---\n\nThere were discussions in [1] at the end of 2023 that mmap() on imported\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/common/videobuf2/videobuf2-dma-sg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"feb17524aa4ec337749344be0db52b88663e25ab","versionType":"git","status":"affected"},{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"1a1360264f699521e001e7739009ee3ee3c6a4f5","versionType":"git","status":"affected"},{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"21fade52ab9fb13368a5709e60b0d9909197aeae","versionType":"git","status":"affected"},{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"b4cf91658a636618f1437beec971dec25dec28eb","versionType":"git","status":"affected"},{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"7254b31a13aaa0c2c0f9ffbc335b718656117ff4","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/common/videobuf2/videobuf2-dma-sg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.39","status":"affected"},{"version":"0","lessThan":"2.6.39","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.90","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"6.6.140","matchCriteriaId":"CAC2E7BE-0901-4354-9F17-4B2D83360D14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.90","matchCriteriaId":"3BAAA2BE-6EEC-45D5-AD66-50F63CA20483"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.32","matchCriteriaId":"CB9F1FA8-6D5E-42B1-9877-57BACFE5C886"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a1360264f699521e001e7739009ee3ee3c6a4f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/21fade52ab9fb13368a5709e60b0d9909197aeae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7254b31a13aaa0c2c0f9ffbc335b718656117ff4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b4cf91658a636618f1437beec971dec25dec28eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/feb17524aa4ec337749344be0db52b88663e25ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46313","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:50.317","lastModified":"2026-07-08T14:51:05.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: intel/ipu6: fix error pointer dereference\n\nIn a error path isp->psys is confirmed to be an error pointer not NULL so\nthis condition is true and the error pointer is dereferenced. So isp-psys\nshould be set to NULL before going to out_ipu6_bus_del_devices.\n\nDetected by Smatch:\ndrivers/media/pci/intel/ipu6/ipu6.c:690 ipu6_pci_probe() error:\n'isp->psys' dereferencing possible ERR_PTR()\n\n[Sakari Ailus: Fix commit message.]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/pci/intel/ipu6/ipu6.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"25fedc021985a66a357a599ab771d6b495b6f78c","lessThan":"fad134c446189e9bb48cea1a5ca426d2889a9c71","versionType":"git","status":"affected"},{"version":"25fedc021985a66a357a599ab771d6b495b6f78c","lessThan":"f43e30646fc93799f3f48530d0ccbd52902c0541","versionType":"git","status":"affected"},{"version":"25fedc021985a66a357a599ab771d6b495b6f78c","lessThan":"c352f90e093ae49902e47f41579e1aa41899ff64","versionType":"git","status":"affected"},{"version":"25fedc021985a66a357a599ab771d6b495b6f78c","lessThan":"8dd088b8b106f7b119664f965b691785998edcfb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/pci/intel/ipu6/ipu6.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.12.90","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.90","matchCriteriaId":"45E7C926-2B7A-4779-8663-0E6229DF2929"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.32","matchCriteriaId":"CB9F1FA8-6D5E-42B1-9877-57BACFE5C886"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8dd088b8b106f7b119664f965b691785998edcfb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c352f90e093ae49902e47f41579e1aa41899ff64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f43e30646fc93799f3f48530d0ccbd52902c0541","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fad134c446189e9bb48cea1a5ca426d2889a9c71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46314","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:50.430","lastModified":"2026-07-08T14:50:58.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Reject empty multisync extension to prevent infinite loop\n\nv3d_get_extensions() walks a userspace-provided singly-linked list of\nioctl extensions without any bound on the chain length. A local user\ncan craft a self-referential extension (ext->next == &ext) with zero\nin_sync_count and out_sync_count, which bypasses the existing duplicate-\nextension guard:\n\n    if (se->in_sync_count || se->out_sync_count)\n            return -EINVAL;\n\nThe guard never fires because v3d_get_multisync_post_deps() returns\nimmediately when count is zero, leaving both fields at zero on every\niteration. The result is an infinite loop in kernel context, blocking\nthe calling thread and pegging a CPU core indefinitely.\n\nFix this by rejecting a multisync extension where both in_sync_count\nand out_sync_count are zero in v3d_get_multisync_submit_deps(). An\nempty multisync carries no synchronization information and serves no\nuseful purpose, so returning -EINVAL for such an extension is the\ncorrect defense against this attack vector."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/v3d/v3d_submit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e4165ae8304e5ea822fbe5909dd3be5445c058b7","lessThan":"309abbddeca0c12714721928a819ef45e5710998","versionType":"git","status":"affected"},{"version":"e4165ae8304e5ea822fbe5909dd3be5445c058b7","lessThan":"4fa42a249e8cd6ed17aea04e5695b6e9001f2433","versionType":"git","status":"affected"},{"version":"e4165ae8304e5ea822fbe5909dd3be5445c058b7","lessThan":"9c5164781cb388d219d8f49fa0f0b04cf86ad544","versionType":"git","status":"affected"},{"version":"e4165ae8304e5ea822fbe5909dd3be5445c058b7","lessThan":"fb44d589bf3148e13452185a6e772a7efbf2d684","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/v3d/v3d_submit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.18.33","matchCriteriaId":"EDD8915F-95A2-4775-95AB-A1723BAAF160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/309abbddeca0c12714721928a819ef45e5710998","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4fa42a249e8cd6ed17aea04e5695b6e9001f2433","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c5164781cb388d219d8f49fa0f0b04cf86ad544","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb44d589bf3148e13452185a6e772a7efbf2d684","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-5067","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-09T06:16:53.920","lastModified":"2026-07-08T13:27:22.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the input length reaches the buffer size. During upgrade handling the buffer is copied to a local stack buffer and passed to strlen(); if no NUL exists in-bounds, strlen() reads beyond the stack buffer and subsequent concatenation with the WebSocket magic string can write out of bounds. This leads to out-of-bounds read and write on stack memory, resulting in crash (denial of service) and potentially code execution. The path is reachable when CONFIG_HTTP_SERVER_WEBSOCKET is enabled."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"3.7.0","lessThanOrEqual":"4.3.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:11:48.752906Z","id":"CVE-2026-5067","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-170"},{"lang":"en","value":"CWE-787"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndIncluding":"4.3.0","matchCriteriaId":"D6DCCDB1-3B65-4C26-8AE2-05613439A5BF"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgr4-9pwq-94vj","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgr4-9pwq-94vj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5068","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-09T08:16:29.073","lastModified":"2026-07-08T13:25:38.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf) and the chosen RX pool has a user_data_size smaller than 2 bytes, the segmentation counter stored in the net_buf user_data area is written out of bounds in l2cap_chan_le_recv_seg (subsys/bluetooth/host/l2cap.c). The observed effects are an AddressSanitizer abort and, without ASan, heap corruption / fatal error."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"1.14.0","lessThanOrEqual":"4.3.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:10:35.371642Z","id":"CVE-2026-5068","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.0","matchCriteriaId":"564F6A70-E4D2-48E8-8A18-1B0A22ECFD24"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qrcq-hxwj-mqxm","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46315","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T09:16:30.330","lastModified":"2026-07-08T14:50:49.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/waitid: clear waitid info before copying it to userspace\n\nIORING_OP_WAITID stores its result fields in struct io_waitid::info and\nlater copies them to userspace siginfo. The prep path initializes the\nrequest arguments, but it does not initialize info itself.\n\nIf the wait operation completes without reporting a child event, the common\nwait code can return without writing wo_info. In that case io_waitid_finish()\nstill copies iw->info to userspace, exposing stale bytes from the reused\nio_kiocb command storage.\n\nClear the result storage during prep so the io_uring path matches the\nregular waitid syscall, which uses a zero-initialized struct waitid_info."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["io_uring/waitid.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f31ecf671ddc498f20219453395794ff2383e06b","lessThan":"954518e5a4a5efc5033253f6e36fc7b9f98363a3","versionType":"git","status":"affected"},{"version":"f31ecf671ddc498f20219453395794ff2383e06b","lessThan":"b737c6612c60c23b40a9f31749b99e6f61943847","versionType":"git","status":"affected"},{"version":"f31ecf671ddc498f20219453395794ff2383e06b","lessThan":"4d2a0de611ab60d02fc768ae0cd5918b16bd5474","versionType":"git","status":"affected"},{"version":"f31ecf671ddc498f20219453395794ff2383e06b","lessThan":"93d93f5f8da791e98159795c6ef683f45bd95d13","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["io_uring/waitid.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4d2a0de611ab60d02fc768ae0cd5918b16bd5474","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/93d93f5f8da791e98159795c6ef683f45bd95d13","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/954518e5a4a5efc5033253f6e36fc7b9f98363a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b737c6612c60c23b40a9f31749b99e6f61943847","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-10263","sourceIdentifier":"arm-security@arm.com","published":"2026-06-09T10:16:33.003","lastModified":"2026-07-08T13:16:24.490","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level."}],"affected":[{"source":"arm-security@arm.com","affectedData":[{"vendor":"Arm","product":"C1-Ultra","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"C1-Premium","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse V3","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse V3AE","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse V1","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse N2","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse N1","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X925","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X4","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X3","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X2","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X1","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X1C","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A710","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A78","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A78AE","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A78C","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A77","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A76","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A76AE","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux for NVIDIA 26","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T14:11:21.775441Z","id":"CVE-2025-10263","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"arm-security@arm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://developer.arm.com/documentation/112137","source":"arm-security@arm.com"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/09/13","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-493.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2026:34911","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36018","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36348","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36349","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-10263","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486958","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10263.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46317","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.000","lastModified":"2026-07-08T14:50:10.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Reassign nested_mmus array behind mmu_lock\n\nkvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the\nMMU notifier path (kvm_unmap_gfn_range() -> kvm_nested_s2_unmap()), which\ncan run at any time. kvm_vcpu_init_nested() reallocates the array and frees\nthe old buffer while holding only kvm->arch.config_lock, so such a walker\ncan reference the freed array.\n\nAllocate the new array outside of mmu_lock, as the allocation can sleep.\nUnder the lock, copy the existing entries, fix up the back pointers and\nreassign the array. Free the old buffer after dropping the lock, as\nkvfree() can sleep as well."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/arm64/kvm/nested.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4f128f8e1aaac189f83d0f828bcdb2986d8d2e51","lessThan":"918450ad6010df6ecd2efde12a1409e011da22d6","versionType":"git","status":"affected"},{"version":"4f128f8e1aaac189f83d0f828bcdb2986d8d2e51","lessThan":"4424dbcb06d68e34e51c019a5781a7dc00731971","versionType":"git","status":"affected"},{"version":"4f128f8e1aaac189f83d0f828bcdb2986d8d2e51","lessThan":"70543358fa08e0f7cebc3447c3b70fe97ad7aaa8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/arm64/kvm/nested.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.18.35","matchCriteriaId":"CB828803-5FA4-4A1C-A77D-0A10A2BAFDC6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4424dbcb06d68e34e51c019a5781a7dc00731971","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70543358fa08e0f7cebc3447c3b70fe97ad7aaa8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/918450ad6010df6ecd2efde12a1409e011da22d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46318","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.107","lastModified":"2026-07-08T14:49:56.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/hugetlbfs: update hugetlbfs to use mmap_prepare\"\n\nThis reverts commit ea52cb24cd3f (\"mm/hugetlbfs: update hugetlbfs to use\nmmap_prepare\") with conflict resolution to account for changes in commit\nea52cb24cd3f (\"mm/hugetlbfs: update hugetlbfs to use mmap_prepare\").\n\nThe patch incorrectly handled hugetlb VMA lock allocation at the\nmmap_prepare stage, where a failed allocation occurring after mmap_prepare\nis called might result in the lock leaking.\n\nThere is no risk of a merge causing a similar issues, as\nVMA_DONTEXPAND_BIT is set for hugetlb mappings.\n\nAs a first step in addressing this issue, simply revert the change so we\ncan rework how we do this having corrected the underlying issues.\n\nWe maintain the VMA flags changes as best we can, accounting for the fact\nthat we were working with a VMA descriptor previously and propagating\nlike-for-like changes for this.\n\nNote that we invoke vma_set_flags() and do not call vma_start_write() as\nvm_flags_set() does.  This is OK as it's being done in an .mmap hook where\nthe VMA is not yet linked into the tree so nobody else can be accessing\nit."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/hugetlbfs/inode.c","include/linux/hugetlb.h","include/linux/hugetlb_inline.h","mm/hugetlb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ea52cb24cd3fb121283754ab82b2cb3044609359","lessThan":"3af5fc3f0ac98c624c109c8c0796fa46e814344c","versionType":"git","status":"affected"},{"version":"ea52cb24cd3fb121283754ab82b2cb3044609359","lessThan":"83f9efcce93f8574be2279090ee2aec58b86cda7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/hugetlbfs/inode.c","include/linux/hugetlb.h","include/linux/hugetlb_inline.h","mm/hugetlb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3af5fc3f0ac98c624c109c8c0796fa46e814344c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83f9efcce93f8574be2279090ee2aec58b86cda7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45447","sourceIdentifier":"openssl-security@openssl.org","published":"2026-06-09T17:17:19.277","lastModified":"2026-07-08T13:16:47.377","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Issue summary: A specially crafted PKCS#7 or S/MIME signed message could\ntrigger a use-after-free during PKCS#7 signature verification.\n\nImpact summary: A use-after-free may result in process crashes, heap\ncorruption, or potentially remote code execution.\n\nWhen processing a PKCS#7 or S/MIME signed message, if the SignedData\ndigestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may\nincorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent\nuse of the BIO by the calling application results in a use-after-free\ncondition.\n\nIn the common case this occurs when the application later calls\nBIO_free() on the BIO originally passed to PKCS7_verify(). Depending\non allocator behavior and application-specific BIO usage patterns, this\nmay result in a crash or other memory corruption. In some application\ncontexts this may potentially be exploitable for remote code execution.\n\nApplications that process PKCS#7 or S/MIME signed messages using OpenSSL\nPKCS#7 APIs may be affected. Applications using the CMS APIs for this\nprocessing are not affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."}],"affected":[{"source":"openssl-security@openssl.org","affectedData":[{"vendor":"OpenSSL","product":"OpenSSL","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.1","versionType":"semver","status":"affected"},{"version":"3.6.0","lessThan":"3.6.3","versionType":"semver","status":"affected"},{"version":"3.5.0","lessThan":"3.5.7","versionType":"semver","status":"affected"},{"version":"3.4.0","lessThan":"3.4.6","versionType":"semver","status":"affected"},{"version":"3.0.0","lessThan":"3.0.21","versionType":"semver","status":"affected"},{"version":"1.1.1","lessThan":"1.1.1zh","versionType":"custom","status":"affected"},{"version":"1.0.2","lessThan":"1.0.2zq","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T03:59:38.212378Z","id":"CVE-2026-45447","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"openssl-security@openssl.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2zq","matchCriteriaId":"F534B804-67B6-49DA-8A86-0FF21E512908"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1zh","matchCriteriaId":"43EFE1E3-4049-4EE6-A2AE-BDBA38E6870F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.21","matchCriteriaId":"EDB88756-EDFE-4886-A267-3F19342A6042"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.6","matchCriteriaId":"BF7E21E7-AEC0-4882-B1F1-2D056B506F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.7","matchCriteriaId":"6B6B9930-C549-4D88-9784-AF32CCDDB87A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.3","matchCriteriaId":"D41B3C45-EC73-4DC8-989D-B2E2792E102F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:4.0.0:-:*:*:*:*:*:*","matchCriteriaId":"6E881B9A-1A0A-4BC0-8160-20C00561167D"}]}]}],"references":[{"url":"https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://openssl-library.org/news/secadv/20260609.txt","source":"openssl-security@openssl.org","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:25237","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25239","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26275","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34102","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35869","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36215","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36217","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-45447","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481898","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45447.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46625","sourceIdentifier":"security-advisories@github.com","published":"2026-06-10T22:16:59.613","lastModified":"2026-07-08T13:16:49.640","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's \"__proto__\" member is an own enumerable property, so the for…in enumerates it and the target[key] = source[key] write triggers the Object.prototype.__proto__ setter on the fresh target ({}). The result is a per-instance prototype hijack: Object.prototype itself is untouched, but the merged attributes object now inherits attacker-controlled keys. Because the consuming set() function then enumerates the merged object with another for...in, every key the attacker placed on the polluted prototype lands in the resulting Set-Cookie string as an attribute pair. The attacker can set domain=, secure=, samesite=, expires=, and path= on cookies whose attributes the developer thought were locked down. This issue has been patched in version 3.0.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"js-cookie","product":"js-cookie","versions":[{"version":"< 3.0.7","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:advanced_cluster_security:4.10::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.3","defaultStatus":"affected","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"unknown","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"unknown","cpes":["cpe:/a:redhat:ansible_portal:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T14:46:15.083511Z","id":"CVE-2026-46625","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020","source":"security-advisories@github.com"},{"url":"https://github.com/js-cookie/js-cookie/releases/tag/v3.0.7","source":"security-advisories@github.com"},{"url":"https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j","source":"security-advisories@github.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33183","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36625","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46625","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487740","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46625.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-53703","sourceIdentifier":"secalert@redhat.com","published":"2026-06-15T20:16:33.563","lastModified":"2026-07-08T14:17:04.497","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:1.26.7-2.el10_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.22.12-6.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T15:05:30.391525Z","id":"CVE-2026-53703","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36673","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36674","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-53703","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487613","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-53704","sourceIdentifier":"secalert@redhat.com","published":"2026-06-15T20:16:33.697","lastModified":"2026-07-08T14:17:04.900","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without validating that offsets remain within the mapped buffer. Additionally, the element count controlling the parsing loop is read from attacker-controlled data without validation, which can cause an infinite loop. A crafted RealMedia file can cause the application to crash, hang, or potentially read limited adjacent memory contents."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.22.12-6.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T12:46:47.069346Z","id":"CVE-2026-53704","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36674","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-53704","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487614","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-2675","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:42.707","lastModified":"2026-07-08T14:31:55.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Security Plugins"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.3","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:02:42.712673Z","id":"CVE-2026-2675","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"7.7.0","matchCriteriaId":"3F95CC20-9460-4C5E-B56A-CE8F16028B38"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-2675","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-30799","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:43.007","lastModified":"2026-07-08T14:27:11.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Security Plugins"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.*","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:59:33.217064Z","id":"CVE-2026-30799","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"7.7.0","matchCriteriaId":"3F95CC20-9460-4C5E-B56A-CE8F16028B38"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-30799","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30802","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:43.263","lastModified":"2026-07-08T14:07:01.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0, from 2.4.5 before 2.4.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Micro","defaultStatus":"unaffected","packageName":"connext_micro","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_micro","versions":[{"version":"4.0.0","lessThan":"4.3.0","versionType":"custom","status":"affected"},{"version":"2.4.5","lessThan":"2.4.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:58:36.128067Z","id":"CVE-2026-30802","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_micro:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.5","versionEndExcluding":"4.3.0","matchCriteriaId":"35657566-7EF7-4D1E-99AC-24A381A39A2A"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-30802","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30803","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:43.410","lastModified":"2026-07-08T14:05:36.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Micro","defaultStatus":"unaffected","packageName":"connext_micro","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_micro","versions":[{"version":"4.0.0","lessThan":"4.3.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:58:11.377761Z","id":"CVE-2026-30803","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_micro:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.3.0","matchCriteriaId":"6BCAC260-B3A0-429E-A71D-1F6E27BD056A"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-30803","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3894","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:44.287","lastModified":"2026-07-08T14:04:31.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.3","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.2.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:01:05.016536Z","id":"CVE-2026-3894","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"7.7.0","matchCriteriaId":"95DB3192-6006-4B24-94C6-98C6A09F0706"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-3894","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-7300","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:18:05.753","lastModified":"2026-07-08T13:55:10.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Web Integration Service"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.*","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.3","versionType":"custom","status":"affected"},{"version":"6.1.2","lessThan":"6.1.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:00:26.868901Z","id":"CVE-2026-7300","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.2","versionEndExcluding":"7.4.0","matchCriteriaId":"21210B58-4B30-4C47-B448-F4CAE754CDBD"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-7300","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52908","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-19T15:16:35.277","lastModified":"2026-07-08T15:24:27.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA: During rereg_mr ensure that REREG_ACCESS is compatible\n\nIf IB_MR_REREG_ACCESS changes from RO to RW then the umem has to be\nre-evaluated to ensure it is properly pinned as RW. Since the umem is\nhidden inside each driver's mr struct add a ib_umem_check_rereg() function\nthat each driver has to call before processing IB_MR_REREG_ACCESS.\n\nmlx4 has to retain its duplicate ib_access_writable check because it\nimplements IB_MR_REREG_ACCESS | IB_MR_REREG_TRANS by changing both items\nin place sequentially while the MR is live, so it will continue to not\nsupport this combination."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/core/umem.c","drivers/infiniband/hw/hns/hns_roce_mr.c","drivers/infiniband/hw/irdma/verbs.c","drivers/infiniband/hw/mlx4/mr.c","drivers/infiniband/hw/mlx5/mr.c","drivers/infiniband/sw/rxe/rxe_verbs.c","include/rdma/ib_umem.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"09dc18894148381d3bfc550083b1236043870dce","versionType":"git","status":"affected"},{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"eba5df21eda0fe7418efbea2f799f8ea1b8ca94c","versionType":"git","status":"affected"},{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"2904e985a2917b5dac65df82733065e78a65fc9d","versionType":"git","status":"affected"},{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"50334a05a950840b39a1ce3d2a173b4183db9b3e","versionType":"git","status":"affected"},{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"badad6fad60def1b9805559dd81dbab3d97b82aa","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/core/umem.c","drivers/infiniband/hw/hns/hns_roce_mr.c","drivers/infiniband/hw/irdma/verbs.c","drivers/infiniband/hw/mlx4/mr.c","drivers/infiniband/hw/mlx5/mr.c","drivers/infiniband/sw/rxe/rxe_verbs.c","include/rdma/ib_umem.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09dc18894148381d3bfc550083b1236043870dce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2904e985a2917b5dac65df82733065e78a65fc9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/50334a05a950840b39a1ce3d2a173b4183db9b3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/badad6fad60def1b9805559dd81dbab3d97b82aa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eba5df21eda0fe7418efbea2f799f8ea1b8ca94c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52909","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-19T15:16:35.383","lastModified":"2026-07-08T15:24:17.873","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: set netns_immutable on the fallback device.\n\njohn1988 and Noam Rathaus reported that vti6_init_net() does not set the\nnetns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).\n\nOther similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)\ncorrectly set this flag during their fallback device initialization to\nprevent them from being moved to another network namespace."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv6/ip6_vti.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"12acc977838c943636fb01e2f3087d2e4cc3b7cc","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"7f28e3948c59481f8db9c9638e204258d26b4e41","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"12c65e2c7fef507551bd7b52123598a761662c01","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"f4b6b4af7ef0661ac153c6f7eb1030aa8482c1a3","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"c5dbd669db5a426b3025512322e1bf2cdbe14305","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"ecf8904067dcba0dad86ece80874841e60317885","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"dcdce3bc9f08026ff3739ee7339e1bef526fc5f3","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"d289d5307762d1838aaece22c6b6fcad9e8865f9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv6/ip6_vti.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.15","status":"affected"},{"version":"0","lessThan":"3.15","versionType":"semver","status":"unaffected"},{"version":"5.10.260","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.211","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.177","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.144","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.95","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"5.10.260","matchCriteriaId":"A607EC6A-B5CC-42BB-B74C-7191E7210452"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.211","matchCriteriaId":"D71C101E-388C-4A46-BD99-49049F7C5CFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.177","matchCriteriaId":"333C9E30-7FD4-46A2-94EF-C1AA1F3EE28B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.144","matchCriteriaId":"C8AD3BC8-C843-423C-B9DB-CB52F67F578E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.95","matchCriteriaId":"4E206B86-E0E3-4394-A93F-39F2D50A8AA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12acc977838c943636fb01e2f3087d2e4cc3b7cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/12c65e2c7fef507551bd7b52123598a761662c01","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f28e3948c59481f8db9c9638e204258d26b4e41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c5dbd669db5a426b3025512322e1bf2cdbe14305","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d289d5307762d1838aaece22c6b6fcad9e8865f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dcdce3bc9f08026ff3739ee7339e1bef526fc5f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecf8904067dcba0dad86ece80874841e60317885","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f4b6b4af7ef0661ac153c6f7eb1030aa8482c1a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52910","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-19T15:16:35.487","lastModified":"2026-07-08T15:20:05.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Free reuseport cBPF prog after RCU grace period.\n\nEulgyu Kim reported the splat below with a repro. [0]\n\nThe repro sets up a UDP reuseport group with a cBPF prog and\nreplaces it with a new one while another thread is sending\na UDP packet to the group.\n\nThe reuseport prog is freed by sk_reuseport_prog_free().\nbpf_prog_put() is called for \"e\"BPF prog to destruct through\nmultiple stages while cBPF prog is freed immediately by\nbpf_release_orig_filter() and bpf_prog_free().\n\nIf a reuseport prog is detached from the setsockopt() path\n(reuseport_attach_prog() or reuseport_detach_prog()),\nsk_reuseport_prog_free() is called without waiting for RCU\nreaders to complete, resulting in various bugs.\n\nLet's defer freeing the reuseport cBPF prog after one RCU\ngrace period.\n\nNote \"e\"BPF prog is safe as is unless the fast path starts\nto touch fields destroyed in bpf_prog_put_deferred() and\n__bpf_prog_put_noref().\n\n[0]:\nBUG: KASAN: vmalloc-out-of-bounds in reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596\nRead of size 4 at addr ffffc9000051e004 by task slowme/10208\nCPU: 6 UID: 1000 PID: 10208 Comm: slowme Not tainted 7.0.0-geb7ac95ff75e #32 PREEMPT(full)\nHardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n <IRQ>\n dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596\n udp4_lib_lookup2+0x3bc/0x950 net/ipv4/udp.c:495\n __udp4_lib_lookup+0x768/0xe20 net/ipv4/udp.c:723\n __udp4_lib_lookup_skb+0x297/0x390 net/ipv4/udp.c:752\n __udp4_lib_rcv+0x1312/0x2620 net/ipv4/udp.c:2752\n ip_protocol_deliver_rcu+0x282/0x440 net/ipv4/ip_input.c:207\n ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n __netif_receive_skb_one_core net/core/dev.c:6181 [inline]\n __netif_receive_skb net/core/dev.c:6294 [inline]\n process_backlog+0xaa4/0x1960 net/core/dev.c:6645\n __napi_poll+0xae/0x340 net/core/dev.c:7709\n napi_poll net/core/dev.c:7772 [inline]\n net_rx_action+0x5d7/0xf50 net/core/dev.c:7929\n handle_softirqs+0x22b/0x870 kernel/softirq.c:622\n do_softirq+0x76/0xd0 kernel/softirq.c:523\n </IRQ>\n <TASK>\n __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline]\n __dev_queue_xmit+0x1dd7/0x3710 net/core/dev.c:4890\n neigh_output include/net/neighbour.h:556 [inline]\n ip_finish_output2+0xca9/0x1070 net/ipv4/ip_output.c:237\n NF_HOOK_COND include/linux/netfilter.h:307 [inline]\n ip_output+0x29f/0x450 net/ipv4/ip_output.c:438\n ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1508\n udp_send_skb+0xb04/0x1510 net/ipv4/udp.c:1195\n udp_sendmsg+0x1a71/0x2350 net/ipv4/udp.c:1485\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg net/socket.c:742 [inline]\n __sys_sendto+0x554/0x680 net/socket.c:2206\n __do_sys_sendto net/socket.c:2213 [inline]\n __se_sys_sendto net/socket.c:2209 [inline]\n __x64_sys_sendto+0xde/0x100 net/socket.c:2209\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x160/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x415a2d\nCode: b3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f6bc31e41e8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 00007f6bc31e4cdc RCX: 0000000000415a2d\nRDX: 0000000000000001 RSI: 00007f6bc31e421f RDI: 0000000000000003\nRBP: 00007f6bc31e4240 R08: 00007f6bc31e4220 R09: 0000000000000010\nR10: 0000000000000000 R11: \n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"08264d5bba0bdd3a79bc2984fee09286aba0c4eb","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"fec41484e7c2aa7ded44c541bba98872be937754","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"c3e3fddda6b5d9ba505d218b4055e7d8a282ac57","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"f8b8f1d4bb76098e87b8269a0631019648330e6d","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"298db6167f81e9c470a57cf652e4e47757b4293e","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"87dfb977bdb6eaa47e9993a34e18f44970f88b1f","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"90e47dc5c572d1c73971ac51c7428803f42b78eb","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"18fc650ccd7fe3376eca89203668cfb8268f60df","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.5","status":"affected"},{"version":"0","lessThan":"4.5","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-364"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"5.10.259","matchCriteriaId":"49A9457D-DA96-491F-96F5-C78397CA6014"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/08264d5bba0bdd3a79bc2984fee09286aba0c4eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/18fc650ccd7fe3376eca89203668cfb8268f60df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/298db6167f81e9c470a57cf652e4e47757b4293e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87dfb977bdb6eaa47e9993a34e18f44970f88b1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90e47dc5c572d1c73971ac51c7428803f42b78eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3e3fddda6b5d9ba505d218b4055e7d8a282ac57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8b8f1d4bb76098e87b8269a0631019648330e6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fec41484e7c2aa7ded44c541bba98872be937754","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-52910","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490779","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52910.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-48908","sourceIdentifier":"security@joomla.org","published":"2026-06-20T13:16:42.080","lastModified":"2026-07-08T13:57:42.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomshaper.net","product":"SP Page Builder extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0.0-6.6.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T00:00:00+00:00","id":"CVE-2026-48908","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-07","cisaActionDue":"2026-07-10","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability","weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ollyo:sp_page_builder:*:*:*:*:-:joomla\\!:*:*","versionEndExcluding":"6.6.2","matchCriteriaId":"357A3AA5-76BB-4E60-AA71-CB8FB76E2221"}]}]}],"references":[{"url":"https://www.joomshaper.com/page-builder","source":"security@joomla.org","tags":["Product"]},{"url":"https://extensions.joomla.org/extension/sp-page-builder/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Product"]},{"url":"https://mysites.guru/blog/sp-page-builder-zero-day-uploadcustomicon-rce/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48908","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.joomshaper.com/forum/question/45152","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-52911","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-21T08:16:23.607","lastModified":"2026-07-08T15:13:12.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: scope conn->binding slowpath to bound sessions only\n\nWhen the binding SESSION_SETUP sets conn->binding = true, the flag stays\nset after the call so that the global session lookup in\nksmbd_session_lookup_all() can find the session, which was not added to\nconn->sessions. Because the flag is connection-wide, the global lookup\npath will also resolve any other session by id if asked.\n\nTighten the global lookup so that the returned session must have this\nconnection registered in its channel xarray (sess->ksmbd_chann_list).\nThe channel entry is installed by the existing binding_session path in\nntlm_authenticate()/krb5_authenticate() when a SESSION_SETUP completes\nsuccessfully, so this condition is a strict equivalent of \"this\nconnection has been accepted as a channel of this session\". Connections\nthat have not bound to a given session cannot reach it via the global\ntable.\n\nThe existing conn->binding gate for entering the slowpath is preserved\nso that non-binding connections keep the fast-path-only behavior, and\nthe session->state check is unchanged."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/server/mgmt/user_session.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"e74c00c6af428a39e564cdc5bd3a3648c6d8de87","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"e3a93ce6e25757b8f375e38b8f91e1d9da4edc1a","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"1ff46c9915c1cbf454db58a8cb87f7cac818e6a6","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"974c1c224e85549dc3459f3bb2255bbbdd2b9372","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"2cc8a4db633b10715450b291c1343859a4b2c509","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"1e2bec062c5c9ec282636715166056d0998d746d","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"b0da97c034b6107d14e537e212d4ce8b22109a58","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/server/mgmt/user_session.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.209","matchCriteriaId":"6EDF0B07-5AB8-46F1-84C6-AAB5EF2C52B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1e2bec062c5c9ec282636715166056d0998d746d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1ff46c9915c1cbf454db58a8cb87f7cac818e6a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2cc8a4db633b10715450b291c1343859a4b2c509","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/974c1c224e85549dc3459f3bb2255bbbdd2b9372","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0da97c034b6107d14e537e212d4ce8b22109a58","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3a93ce6e25757b8f375e38b8f91e1d9da4edc1a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e74c00c6af428a39e564cdc5bd3a3648c6d8de87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-54099","sourceIdentifier":"secalert@redhat.com","published":"2026-06-22T14:17:40.820","lastModified":"2026-07-08T15:10:59.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel8-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:windows_machine_config"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"affected","cpes":["cpe:/a:redhat:windows_machine_config"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-54099","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.22.1","matchCriteriaId":"4A5FB226-0EC9-4963-9062-26C254D92F40"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:windows_machine_config_operator:-:*:*:*:*:*:*:*","matchCriteriaId":"2219154D-E4AD-4A8E-942A-C4804C00591C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-54099","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487950","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-54099","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487950","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54099.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54100","sourceIdentifier":"secalert@redhat.com","published":"2026-06-22T14:17:40.950","lastModified":"2026-07-08T15:10:50.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel8-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:windows_machine_config"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"affected","cpes":["cpe:/a:redhat:windows_machine_config"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-54100","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndIncluding":"4.22.1","matchCriteriaId":"3F70390E-5DD6-42E4-AEA8-1C03337DDABC"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:windows_machine_config_operator:-:*:*:*:*:*:*:*","matchCriteriaId":"2219154D-E4AD-4A8E-942A-C4804C00591C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-54100","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487953","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-54100","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487953","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54100.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12549","sourceIdentifier":"secalert@redhat.com","published":"2026-06-22T16:16:34.090","lastModified":"2026-07-08T15:10:43.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup3","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:05:45.451175Z","id":"CVE-2026-12549","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-805"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*","matchCriteriaId":"C5BAC4F4-3ACD-4F4D-920C-F920FD2C5472"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12549","source":"secalert@redhat.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://access.redhat.com/security/cve/cve-2026-0716","source":"secalert@redhat.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2489999","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/work_items/516","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12725","sourceIdentifier":"secalert@redhat.com","published":"2026-06-22T16:16:34.490","lastModified":"2026-07-08T15:10:32.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and\nquery logging are both enabled, logging of DS or DNSKEY replies containing\nunsupported algorithm or digest types can cause dnsmasq to write past the end\nof an internal logging buffer. A remote attacker able to supply such a DNS\nresponse may crash the dnsmasq process, resulting in denial of service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:20:23.362371Z","id":"CVE-2026-12725","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndIncluding":"4.22.1","matchCriteriaId":"3F70390E-5DD6-42E4-AEA8-1C03337DDABC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*","versionEndExcluding":"2.93","matchCriteriaId":"8D8EBB73-1EA7-47A6-A71A-172ED404E0B6"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12725","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490763","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55653","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T04:17:36.600","lastModified":"2026-07-08T14:17:14.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS)."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openssh-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"10.3p1-6.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:30:51.025049Z","id":"CVE-2026-55653","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*","matchCriteriaId":"7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36759","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-55653","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2462351","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55654","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T04:17:40.587","lastModified":"2026-07-08T14:17:14.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openssh-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"10.3p1-6.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:11:38.299870Z","id":"CVE-2026-55654","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*","matchCriteriaId":"7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36759","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-55654","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2462493","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55655","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T04:17:40.787","lastModified":"2026-07-08T14:17:14.837","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openssh-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"10.3p1-6.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:21:42.502865Z","id":"CVE-2026-55655","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-923"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*","matchCriteriaId":"7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36759","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-55655","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2462250","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10609","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T14:17:21.853","lastModified":"2026-07-08T15:10:22.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/cluster-logging-rhel9-operator","cpes":["cpe:/a:redhat:logging:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:58:23.388681Z","id":"CVE-2026-10609","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cluster_logging_operator:-:*:*:*:*:*:*:*","matchCriteriaId":"2A0B241E-0214-4C9D-B296-A84ED38C628A"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*","matchCriteriaId":"EF93A27E-AA2B-4C2E-9B8D-FE7267847326"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-10609","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483943","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12969","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T14:17:22.790","lastModified":"2026-07-08T15:10:14.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:02:23.863843Z","id":"CVE-2026-12969","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*","versionEndExcluding":"2.93","matchCriteriaId":"8D8EBB73-1EA7-47A6-A71A-172ED404E0B6"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12969","source":"secalert@redhat.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2491663","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55255","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:08.050","lastModified":"2026-07-08T13:39:12.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.9.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-55255","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-07","cisaActionDue":"2026-07-10","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Langflow Authorization Bypass Through User-Controlled Key Vulnerability","weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.1","matchCriteriaId":"E5C0C925-9B95-4B10-BACE-5BBE5A9D24C5"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/commit/2c9f498d664a3c32698b57d7c5e752625291060e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/langflow-ai/langflow/pull/12832","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://webflow.sysdig.com/blog/understanding-langflow-cve-2026-55255-and-why-higher-cvss-vulnerabilities-arent-always-the-most-exploited","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-55255","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-11819","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T21:16:54.473","lastModified":"2026-07-08T15:11:07.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Module: plugins/modules/keyring_info.py \n\nCVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N \n\nIssue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into result[\"passphrase\"] with no output suppression, no no_log protection, and no documentation warning. \n\nRoot Cause:\n\nLine 105 (protected): keyring_password=dict(type=\"str\", required=True, no_log=True)\nLine 127 (NOT protected): result[\"passphrase\"] = passphrase\n\nObserved Output:\n\n{\n\"changed\": false,\n\"passphrase\": \"MyMasterP@ssw0rd!SSH_Key_Secret\"\n}\nVisible via register + debug:\n{\n\"keyring_result\": {\n\"changed\": false,\n\"passphrase\": \"MyMasterP@ssw0rd!SSH_Key_Secret\"\n}\n}\n\nImpact: \n\nMaster passwords, SSH key passphrases and service credentials appear in all Ansible output \n\nregister: keyring_result followed by debug: var=keyring_result prints passphrase in full \n\nAnsible fact caching backends (Redis, JSON file, memcached) may persist the passphrase \n\nAWX/Tower job logs silently store the live credential\n\nFix:\n\nmodule.exit_json(changed=False, passphrase=passphrase, _ansible_no_log=True)\n\nAlso add a documentation warning requiring callers to use no_log: true at the task level.\n\nPoCs\n\n\nFig 1: PoC execution showing passphrase in plaintext output\n\n\nFig 2: Source code showing no_log=True on input (line 105) vs unprotected output (line 127)"}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel-system-roles","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhc-worker-playbook","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel-system-roles","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel-system-roles","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:35:23.411115Z","id":"CVE-2026-11819","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-11819","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487251","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2026-11819","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52912","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:20.640","lastModified":"2026-07-08T15:13:08.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: hold bridge skb->dev while queued\n\nbr_pass_frame_up() rewrites skb->dev from the ingress port to the bridge\nmaster before queueing bridge LOCAL_IN packets. NFQUEUE only holds\nreferences on state.in/out and bridge physdevs, so a queued bridge\npacket can retain a freed bridge master in skb->dev until reinjection.\n\nWhen the verdict is reinjected later, br_netif_receive_skb() re-enters\nthe receive path with skb->dev still pointing at the freed bridge master,\ntriggering a use-after-free.\n\nStore skb->dev in the queue entry, hold a reference on it for the queue\nlifetime, and use the saved device when dropping queued packets during\nNETDEV_DOWN handling."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/netfilter/nf_queue.h","net/netfilter/nf_queue.c","net/netfilter/nfnetlink_queue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"950d809f154dca04e5fbe5d3c8b9c5e44769cd57","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"a698ac8ab2561cf575d2d9f34095032651dd952e","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"19924bdd8a45ebc72a7b84c57fd63057d1dc75ac","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"1e5e20031c5eee8d2e490a90ff4d6a2feecfc3be","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"3823c27099cfe2482299065814adbaa771be9644","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"15d464265120ab9818bd673af301deee09bedab2","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"3fb0f5c0f64162a8c3f25616a4f1e340b921737f","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"e196115ec330a18de415bdb9f5071aa9f08e53ce","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/netfilter/nf_queue.h","net/netfilter/nf_queue.c","net/netfilter/nfnetlink_queue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.7","status":"affected"},{"version":"0","lessThan":"4.7","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.10.259","matchCriteriaId":"3FA30F1C-F514-4A35-83AD-10A879443A42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/15d464265120ab9818bd673af301deee09bedab2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/19924bdd8a45ebc72a7b84c57fd63057d1dc75ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e5e20031c5eee8d2e490a90ff4d6a2feecfc3be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3823c27099cfe2482299065814adbaa771be9644","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3fb0f5c0f64162a8c3f25616a4f1e340b921737f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/950d809f154dca04e5fbe5d3c8b9c5e44769cd57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a698ac8ab2561cf575d2d9f34095032651dd952e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e196115ec330a18de415bdb9f5071aa9f08e53ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52913","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.080","lastModified":"2026-07-08T15:13:03.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: v: stop OGMv2 on disabled interface\n\nWhen a batadv_hard_iface is disabled, its mesh_iface pointer is set to\nNULL. However, batadv_v_ogm_send_meshif() may still dispatch OGMs via\nbatadv_v_ogm_queue_on_if() for interfaces that have since lost their\nmesh_iface association. This results in a NULL pointer dereference when\nbatadv_v_ogm_queue_on_if() unconditionally calls netdev_priv() on the\nnow NULL hard_iface->mesh_iface to retrieve the batadv_priv.\n\nIt is necessary to ensure that the batadv_v_ogm_queue_on_if() checks that\nit is using the same mesh_iface for which batadv_v_ogm_send_meshif() was\ncalled."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/bat_v_ogm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"d7391a2b854a62235539c68e9cbf6fc7910a8e9a","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"70c9f6ab0d8f785087fb74fb85464a9a5288bfdb","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"040fe8eb34624002071dd21de9824dfe668ce65d","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"31dcb9711abd1dcd2080d9fac05c79dd9997d6bf","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"aad70db50ea3d7dfe30e402b889ff075a293b287","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"1be1e99cbd5b74a69d3f92200ca87cf1bce852db","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"4ff461af943efb5e74d09942d5ffee7644d1e1fe","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"f8ce8b8331a1bc44ad4905886a482214d428b253","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/bat_v_ogm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.6","status":"affected"},{"version":"0","lessThan":"4.6","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.10.259","matchCriteriaId":"5600752B-5EBB-43C5-ACFC-8AD628C79467"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.93","matchCriteriaId":"1E73413E-0629-41AA-A4D3-5A3D10A0BD63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/040fe8eb34624002071dd21de9824dfe668ce65d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1be1e99cbd5b74a69d3f92200ca87cf1bce852db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/31dcb9711abd1dcd2080d9fac05c79dd9997d6bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ff461af943efb5e74d09942d5ffee7644d1e1fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70c9f6ab0d8f785087fb74fb85464a9a5288bfdb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aad70db50ea3d7dfe30e402b889ff075a293b287","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7391a2b854a62235539c68e9cbf6fc7910a8e9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8ce8b8331a1bc44ad4905886a482214d428b253","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52914","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.213","lastModified":"2026-07-08T15:12:54.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix fragment reassembly length accounting\n\nbatman-adv keeps a running payload length for queued fragments and uses it\nto validate a fragment chain before reassembly.\n\nThat accounting currently allows the accumulated fragment length to be\ntruncated during updates. As a result, malformed fragment chains can\nbypass the intended validation and drive reassembly with inconsistent\nlength state, leading to a local denial of service.\n\nFix the accounting by storing the accumulated length in a length-typed\nfield and rejecting update overflows before the existing validation logic\nruns.\n\nThe fix was verified against the original reproducer and against valid\nfragment reassembly paths."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/fragmentation.c","net/batman-adv/types.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"37be61825b15534a16ff9cfc9546de155b6df982","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"975563c5de1123dde1ec7946bf5556d20c89d74e","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"f653b040dad1af70fa5cd4fe085e4758925480c9","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"e910dbf509125fe51ad68e4fa74dc8ab0a8e787a","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"3eb8bcb823391bd58997831b3c9c152a4ba8e255","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"fdb2c96efb2baeb3725e9ce3ede8f1e36f5490f0","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"9cd3f16c320bfdadd4509358122368deb56a5741","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/fragmentation.c","net/batman-adv/types.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.258","matchCriteriaId":"5719375F-EF0E-4109-B597-92834B5F4367"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/37be61825b15534a16ff9cfc9546de155b6df982","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3eb8bcb823391bd58997831b3c9c152a4ba8e255","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/975563c5de1123dde1ec7946bf5556d20c89d74e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9cd3f16c320bfdadd4509358122368deb56a5741","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e910dbf509125fe51ad68e4fa74dc8ab0a8e787a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f653b040dad1af70fa5cd4fe085e4758925480c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fdb2c96efb2baeb3725e9ce3ede8f1e36f5490f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52915","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.340","lastModified":"2026-07-08T15:12:50.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ip6t_hbh: reject oversized option lists\n\nstruct ip6t_opts stores at most IP6T_OPTS_OPTSNR option descriptors,\nbut hbh_mt6_check() does not reject larger optsnr values supplied from\nuserspace.\n\nValidate optsnr in the rule setup path so only match data that fits the\nfixed-size opts array can be installed. This follows the existing xtables\npattern of rejecting invalid user-provided counts in checkentry() and\nkeeps the packet matching path unchanged.\n\n`struct ip6t_opts` has a fixed `opts[IP6T_OPTS_OPTSNR]` array,\nwhere `IP6T_OPTS_OPTSNR` is 16, then off-by-one array access is possible:\n\n[  137.924693][ T8692] UBSAN: array-index-out-of-bounds in ../net/ipv6/netfilter/ip6t_hbh.c:110:29\n[  137.926167][ T8692] index 16 is out of range for type '__u16 [16]'"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv6/netfilter/ip6t_hbh.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2d523ba48d4ecc46acfb6aba548292cfcce1ac02","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"588933f1a2ca5ff99274f8c9f25dc3a25d0191c3","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"784aadea7a108c9f90985683caa87fb0198c6a39","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"41ec2e242f1702e8370ddfe14d22b7a766021c3e","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"db0250470f023f159094052c0bd5ab026a88ae93","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"57b0ac5e1b46f1f0338dff392ef2092e2871b412","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"6feb43c0995ab3a9c826707eb46541a1696fe4f7","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4322dcde6b4173c2d8e8e6118ed290794263bcc8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv6/netfilter/ip6t_hbh.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.258","matchCriteriaId":"E03287AA-1109-4662-85B8-5E824B2EA646"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2d523ba48d4ecc46acfb6aba548292cfcce1ac02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/41ec2e242f1702e8370ddfe14d22b7a766021c3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4322dcde6b4173c2d8e8e6118ed290794263bcc8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/57b0ac5e1b46f1f0338dff392ef2092e2871b412","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/588933f1a2ca5ff99274f8c9f25dc3a25d0191c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6feb43c0995ab3a9c826707eb46541a1696fe4f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/784aadea7a108c9f90985683caa87fb0198c6a39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db0250470f023f159094052c0bd5ab026a88ae93","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52916","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.463","lastModified":"2026-07-08T15:12:46.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: frag: disallow unicast fragment in fragment\n\nbatadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a\nBATADV_UNICAST_FRAG packet is received. Once all fragments are collected\nand the packet is reassembled, batadv_recv_frag_packet() calls\nbatadv_batman_skb_recv() again to process the defragmented payload.\n\nA malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled\npayload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting).\nEach nesting level recurses through batadv_batman_skb_recv() without bound,\ngrowing the kernel stack until it is exhausted.\n\nSince refragmentation or fragments in fragments are not actually allowed,\ndiscard all packets which are still BATADV_UNICAST_FRAG packets after the\ndefragmentation process."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/fragmentation.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"0c208fa3859e3a33a1c38bebc41d021166e94ac8","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"bcda4814dc6524283c0b958882cb963d75fe411d","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"aea54d0bbe156d5ab7d00d68f66149ff41f4612a","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"b54e459cf86943583c1aa2ee3081874e7ab1f5f3","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"5418be6c2e117bf8a316582795a8e3ff90f45e5d","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"5895ad21c7059a652da83fb817510f7a1e962abf","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"7138c35c9ad39a2fca6264af6b87466471f04ffc","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"bc62216dc8e221e3781afa14430f45208bfa9af9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/fragmentation.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.258","matchCriteriaId":"5719375F-EF0E-4109-B597-92834B5F4367"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c208fa3859e3a33a1c38bebc41d021166e94ac8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5418be6c2e117bf8a316582795a8e3ff90f45e5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5895ad21c7059a652da83fb817510f7a1e962abf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7138c35c9ad39a2fca6264af6b87466471f04ffc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aea54d0bbe156d5ab7d00d68f66149ff41f4612a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b54e459cf86943583c1aa2ee3081874e7ab1f5f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc62216dc8e221e3781afa14430f45208bfa9af9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bcda4814dc6524283c0b958882cb963d75fe411d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52917","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.587","lastModified":"2026-07-08T15:12:41.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: diag: reject stale associations in dump_one path\n\nThe SCTP exact sock_diag lookup can hold a transport reference, block on\nlock_sock(sk), and then resume after sctp_association_free() has marked\nthe association dead and freed its bind address list.\n\nWhen that happens, inet_assoc_attr_size() and\ninet_diag_msg_sctpasoc_fill() can still dereference association state\nthat is no longer valid for reporting. In particular,\ninet_diag_msg_sctpasoc_fill() may read an empty bind-address list as a\nreal sctp_sockaddr_entry and trigger an out-of-bounds read from\nunrelated association memory.\n\nReject the association after taking the socket lock if it has been\nreaped or detached from the endpoint, and report the lookup as stale.\nThis keeps the exact dump-one path from formatting torn association\nstate."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sctp/diag.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"6657af827e21883ae90693e42e7f59a6aab690b5","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"b2be72d401833194917e44fbd8d8144bb4f2db16","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"5425de8bd6e9fe5bd67d158e3348171ae7510117","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"e97c2a535e23ed0fdd2660993fb3f10d9535c9bc","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"480f754580b5686b928977d16a59f20cef83ff01","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"78c4f964b2f94e405721c093773f6250e1e676b2","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"f5af203dec6e0e7a6090fcc2130e9f3901bfc84d","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"5eba3e48d78edd7551b992cb7ba687019b3a78da","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sctp/diag.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.7","status":"affected"},{"version":"0","lessThan":"4.7","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.10.259","matchCriteriaId":"3FA30F1C-F514-4A35-83AD-10A879443A42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/480f754580b5686b928977d16a59f20cef83ff01","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5425de8bd6e9fe5bd67d158e3348171ae7510117","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5eba3e48d78edd7551b992cb7ba687019b3a78da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6657af827e21883ae90693e42e7f59a6aab690b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78c4f964b2f94e405721c093773f6250e1e676b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2be72d401833194917e44fbd8d8144bb4f2db16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e97c2a535e23ed0fdd2660993fb3f10d9535c9bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5af203dec6e0e7a6090fcc2130e9f3901bfc84d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52918","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.713","lastModified":"2026-07-08T15:12:36.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: serialize accept_q access\n\nbt_sock_poll() walks the accept queue without synchronization, while\nchild teardown can unlink the same socket and drop its last reference.\nThe unsynchronized accept queue walk has existed since the initial\nBluetooth import.\n\nProtect accept_q with a dedicated lock for queue updates and polling.\nAlso rework bt_accept_dequeue() to take temporary child references under\nthe queue lock before dropping it and locking the child socket."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/bluetooth/bluetooth.h","net/bluetooth/af_bluetooth.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d9ce4de05df2385c19e2c7d12f529144e1a44af1","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"41c8c1c7923e86e0eb59cfb4279349112756a336","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4ec17782fd186f901a7329605d11048b085b945a","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"be43e6b4043113c3b3cf887c3c8350f67140274c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"85f8674cae82053f1e6bab295f6a8422cca14db5","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8b4c412e001b0c670eb937beab491af974da55b3","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"a218bf69eb51fefe59a3976fa8925261141f681c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"e83f5e24da741fa9405aeeff00b08c5ee7c37b88","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/bluetooth/bluetooth.h","net/bluetooth/af_bluetooth.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.259","matchCriteriaId":"1D09A811-8082-4A08-AF10-F1F8501C5596"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/41c8c1c7923e86e0eb59cfb4279349112756a336","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ec17782fd186f901a7329605d11048b085b945a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85f8674cae82053f1e6bab295f6a8422cca14db5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b4c412e001b0c670eb937beab491af974da55b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a218bf69eb51fefe59a3976fa8925261141f681c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be43e6b4043113c3b3cf887c3c8350f67140274c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d9ce4de05df2385c19e2c7d12f529144e1a44af1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e83f5e24da741fa9405aeeff00b08c5ee7c37b88","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52925","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.563","lastModified":"2026-07-08T15:29:07.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: Fix a potential NPD when removing a port from a VRF\n\nRCU readers that identified a net device as a VRF port using\nnetif_is_l3_slave() assume that a subsequent call to\nnetdev_master_upper_dev_get_rcu() will return a VRF device. They then\ncontinue to dereference its l3mdev operations.\n\nThis assumption is not always correct and can result in a NPD [1]. There\nis no RCU synchronization when removing a port from a VRF, so it is\npossible for an RCU reader to see a new master device (e.g., a bridge)\nthat does not have l3mdev operations.\n\nFix by adding RCU synchronization after clearing the IFF_L3MDEV_SLAVE\nflag. Skip this synchronization when a net device is removed from a VRF\nas part of its deletion and when the VRF device itself is deleted. In\nthe latter case an RCU grace period will pass by the time RTNL is\nreleased.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:l3mdev_fib_table_rcu (net/l3mdev/l3mdev.c:181)\n[...]\nCall Trace:\n<TASK>\nl3mdev_fib_table_by_index (net/l3mdev/l3mdev.c:201 net/l3mdev/l3mdev.c:189)\n__inet_bind (net/ipv4/af_inet.c:499 (discriminator 3))\ninet_bind_sk (net/ipv4/af_inet.c:469)\n__sys_bind (./include/linux/file.h:62 (discriminator 1) ./include/linux/file.h:83 (discriminator 1) net/socket.c:1951 (discriminator 1))\n__x64_sys_bind (net/socket.c:1969 (discriminator 1) net/socket.c:1967 (discriminator 1) net/socket.c:1967 (discriminator 1))\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/vrf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"2c022f582fd16a470df6ed9e7fb7e9fc48946d49","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"4ab6fc60ed5a0344b60711b09bff1dc238d8d6a4","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"468defa0b70902a22f4478c1207624bc1b31c124","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"3db8d078f7f652379ee394132b169d304f6eb4c1","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"8c2b792f04a3db97c9d8d2a45817e93f8884baf5","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"a7a97f2303e63ede105c1d55ef53dc497364e11d","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"d47204c127992da0c976ac9747070a575912e0fe","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"2674d603a9e6970463b2b9ebcf8e31e90beae169","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/vrf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.10.258","matchCriteriaId":"7FED9066-C252-4AA0-A5D6-7FDDC40E11A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2674d603a9e6970463b2b9ebcf8e31e90beae169","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2c022f582fd16a470df6ed9e7fb7e9fc48946d49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3db8d078f7f652379ee394132b169d304f6eb4c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/468defa0b70902a22f4478c1207624bc1b31c124","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ab6fc60ed5a0344b60711b09bff1dc238d8d6a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8c2b792f04a3db97c9d8d2a45817e93f8884baf5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a7a97f2303e63ede105c1d55ef53dc497364e11d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d47204c127992da0c976ac9747070a575912e0fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52926","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.697","lastModified":"2026-07-08T15:28:58.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: clear current gateway during teardown\n\nbatadv_gw_node_free() removes the gateway list entries during mesh teardown,\nbut it does not clear the currently selected gateway. This leaves stale\ngateway state behind across cleanup and can break a later mesh recreation.\n\nClear bat_priv->gw.curr_gw before walking the gateway list so the selected\ngateway reference is dropped as part of teardown."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/gateway_client.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"a3f3f1ec8aad84c5dd386c430b9c61cddd85b18f","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"e2ec4c712d19141ca7bf7fbbb1d842f73abaa186","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"9a1a8ed4facfe843bde6fdfcf7af0e9923eb2e17","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"6de089b545db013433cf934bb4e4433dec2dd65f","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"30bda3ef4b0cac777f1a7c314cd08b8ff6437365","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"ae7aeb0ce3c0ebbe357ed525779acac197a18086","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"17e3a441111cd1a530cd6ee69a22f3161d80d810","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"a340a51ed801eab7bb454150c226323b865263cc","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/gateway_client.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.1","status":"affected"},{"version":"0","lessThan":"3.1","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.258","matchCriteriaId":"B5F925AF-0571-45EB-B3C7-3046B450381F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17e3a441111cd1a530cd6ee69a22f3161d80d810","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30bda3ef4b0cac777f1a7c314cd08b8ff6437365","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6de089b545db013433cf934bb4e4433dec2dd65f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a1a8ed4facfe843bde6fdfcf7af0e9923eb2e17","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a340a51ed801eab7bb454150c226323b865263cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a3f3f1ec8aad84c5dd386c430b9c61cddd85b18f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae7aeb0ce3c0ebbe357ed525779acac197a18086","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2ec4c712d19141ca7bf7fbbb1d842f73abaa186","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52927","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.810","lastModified":"2026-07-08T15:28:53.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ebtables: fix OOB read in compat_mtw_from_user\n\nLuxiao Xu says:\n\n The function compat_mtw_from_user() converts ebtables extensions from\n 32-bit user structures to kernel native structures. However, it lacks\n proper validation of the user-supplied match_size/target_size.\n\n When certain extensions are processed, the kernel-side translation\n logic may perform memory accesses based on the extension's expected\n size. If the user provides a size smaller than what the extension\n requires, it results in an out-of-bounds read as reported by KASAN.\n\n This fix introduces a check to ensure match_size is at least as large\n as the extension's required compatsize. This covers matches, watchers,\n and targets, while maintaining compatibility with standard targets.\n\nAFAIU this is relevant for matches that need to go though\nmatch->compat_from_user() call.  Those that use plain memcpy with the\nuser-provided size are ok because the caller checks that size vs the\nstart of the next rule entry offset (which itself is checked vs. total\nsize copied from userspace).\n\nThe ->compat_from_user() callbacks assume they can read compatsize bytes,\nso they need this extra check.\n\nBased on an earlier patch from Luxiao Xu."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bridge/netfilter/ebtables.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"d7a8fb6f10d55a1c37b0bf8c20cca24dffd76e00","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"21af4c030567d2e6c89bb927bc18b51fba52a400","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"dad9ebf8107955bb54bd3f9cf22591b6ff37bac1","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"a27cb7325a6c69970041c7f8541fafed5a1ea3ec","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"7ad0e463fc7eafae2141cc38054264636f8b3e94","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"bf8e8eac7ede51dc318e06acef5a896dcbba7595","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"fcc4c043d137e7f1de4673dba1f3116e45377c67","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"f438d1786d657d57790c5d138d6db3fc9fdac392","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bridge/netfilter/ebtables.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.34","status":"affected"},{"version":"0","lessThan":"2.6.34","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.10.259","matchCriteriaId":"8EFA81C6-11F5-426B-A795-3F05B59387EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.93","matchCriteriaId":"1E73413E-0629-41AA-A4D3-5A3D10A0BD63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.35","matchCriteriaId":"0FCCB23A-7629-4386-93B6-B119237C4382"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21af4c030567d2e6c89bb927bc18b51fba52a400","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ad0e463fc7eafae2141cc38054264636f8b3e94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a27cb7325a6c69970041c7f8541fafed5a1ea3ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf8e8eac7ede51dc318e06acef5a896dcbba7595","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7a8fb6f10d55a1c37b0bf8c20cca24dffd76e00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dad9ebf8107955bb54bd3f9cf22591b6ff37bac1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f438d1786d657d57790c5d138d6db3fc9fdac392","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fcc4c043d137e7f1de4673dba1f3116e45377c67","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52928","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.937","lastModified":"2026-07-08T15:28:47.317","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Reject SIOCATMARK on non-stream sockets\n\nSIOCATMARK reports whether the receive queue is at the urgent mark for\nMSG_OOB.\n\nIn AF_UNIX, MSG_OOB is supported only for SOCK_STREAM sockets.\nSOCK_DGRAM and SOCK_SEQPACKET reject MSG_OOB in sendmsg() and recvmsg(),\nso they should not support SIOCATMARK either.\n\nReturn -EOPNOTSUPP for non-stream sockets before checking the receive\nqueue."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"ec123873fdc83e7244c8ed6d17b8f8ea6c416a67","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"f085971de6d6b8ef946a5e0bcd73ff24509a0f85","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"b741c9c6ef59f17c1f104ddf1217ef77f79ed29b","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"645b1ed3259af38b7814242a420bc2081bdd1eb6","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"c34c41446acf6c0d13b5b06c809be11e0f7f2729","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"3147ddf5a41c20c45c2eb69e00b62f10f822056a","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"d119775f2bad827edc28071c061fdd4a91f889a5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.211","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.177","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.144","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.211","matchCriteriaId":"43D10312-92C4-46B5-814B-F619CB272440"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.177","matchCriteriaId":"333C9E30-7FD4-46A2-94EF-C1AA1F3EE28B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.144","matchCriteriaId":"C8AD3BC8-C843-423C-B9DB-CB52F67F578E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3147ddf5a41c20c45c2eb69e00b62f10f822056a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/645b1ed3259af38b7814242a420bc2081bdd1eb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b741c9c6ef59f17c1f104ddf1217ef77f79ed29b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c34c41446acf6c0d13b5b06c809be11e0f7f2729","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d119775f2bad827edc28071c061fdd4a91f889a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec123873fdc83e7244c8ed6d17b8f8ea6c416a67","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f085971de6d6b8ef946a5e0bcd73ff24509a0f85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52929","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.040","lastModified":"2026-07-08T15:28:40.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: stream: fully roll back denied add-stream state\n\nWhen ADD_OUT_STREAMS is denied, SCTP only shrinks the queued chunks and\nthen lowers outcnt. That leaves removed stream metadata behind, so a\nlater re-add can reuse a stale ext and hit a null-pointer dereference in\nthe scheduler get path.\n\nFix the rollback by tearing down the removed stream state the same way\nother stream resizes do. Unschedule the current scheduler state, drop\nthe removed stream ext state with sctp_stream_outq_migrate(), and then\nreschedule the remaining streams.\n\nThis keeps scheduler-private RR/FC/PRIO lists consistent while fully\nrolling back denied outgoing stream additions."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sctp/stream.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"a6724b7b812ac8793514a1d5938db5d9d29ae725","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"9662eb0401518f0b4681f10e7fbf688f504f24cf","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"7dd9a42b044aad2dbe037db1c1e2943582485b44","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"39dc2b0eb5371a669ebc9ec6072b9184eac95418","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"d5ea0b3e261fcb2cfff142675516165244cab1da","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"1c6773b8c081509dcd5cd2954f2b02c50c00f151","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"a5f8a90ac9f77c678a9781c0a464b635e0d63e49","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sctp/stream.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.259","matchCriteriaId":"E2E6634B-DED7-40B3-A18B-2140A791419F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1c6773b8c081509dcd5cd2954f2b02c50c00f151","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/39dc2b0eb5371a669ebc9ec6072b9184eac95418","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7dd9a42b044aad2dbe037db1c1e2943582485b44","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9662eb0401518f0b4681f10e7fbf688f504f24cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5f8a90ac9f77c678a9781c0a464b635e0d63e49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6724b7b812ac8793514a1d5938db5d9d29ae725","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5ea0b3e261fcb2cfff142675516165244cab1da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52930","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.157","lastModified":"2026-07-08T15:28:26.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipc/shm: serialize orphan cleanup with shm_nattch updates\n\nshm_destroy_orphaned() walks the shm idr under shm_ids(ns).rwsem, but that\ndoes not serialize all fields tested by shm_may_destroy().  In particular,\nshm_nattch is updated while holding shm_perm.lock, and attach paths can do\nthat without holding the rwsem.\n\nDo not decide that an orphaned segment is unused before taking the object\nlock.  Move the shm_may_destroy() check under shm_perm.lock, matching the\nother destroy paths, and unlock the segment when it no longer qualifies\nfor removal."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["ipc/shm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"b1e9aef48e4d8a0c1b54fb913077b0824ed7d650","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"92cda2593cf2ed25b0e9d78e5e6d8303bba1a064","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"1f0d01e35dbb228084d5187212e32c91a30dcbeb","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"6560be3f6a5bb84f006f184f0c966747bb58e1a3","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"b5107b4ce3ad45fcf369ee2058c8910620f4b5a8","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"db752ebfdaf2c7f27cd9690ef48b616af068319c","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"030bbc857bd51d4b25a90d931d3f8775ef22823a","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"2e5c6f4fd4001562781e99bbfc7f1f0127187542","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["ipc/shm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.1","status":"affected"},{"version":"0","lessThan":"3.1","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.259","matchCriteriaId":"F0425231-04DF-4E0A-A7EB-C92DB0EFA805"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/030bbc857bd51d4b25a90d931d3f8775ef22823a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f0d01e35dbb228084d5187212e32c91a30dcbeb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2e5c6f4fd4001562781e99bbfc7f1f0127187542","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6560be3f6a5bb84f006f184f0c966747bb58e1a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/92cda2593cf2ed25b0e9d78e5e6d8303bba1a064","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b1e9aef48e4d8a0c1b54fb913077b0824ed7d650","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5107b4ce3ad45fcf369ee2058c8910620f4b5a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db752ebfdaf2c7f27cd9690ef48b616af068319c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52931","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.273","lastModified":"2026-07-08T15:28:16.203","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: tp_meter: avoid use of uninit sender vars\n\nbatadv_tp_recv_ack() and batadv_tp_stop() are only valid for tp_vars in the\nBATADV_TP_SENDER role. When called with a BATADV_TP_RECEIVER role, it\nproceeds to read sender-only members that were never initialized, leading\nto undefined behavior.\n\nThis can be triggered when a node that is currently acting as a receiver in\nan ongoing tp_meter session receives a malicious ACK packet.\n\nGuard against this by checking tp_vars->role immediately after the\nlookup and bailing out if it is not BATADV_TP_SENDER, before any of\nthose members are accessed."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/tp_meter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"0e388af04b3958b178a1b979527f93eb46ea1fee","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"1a21c055f66e78973712a4a1be2a554f1ee2e4f4","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"9884c9c02d3c90e9215db3c5128f59045d20ae91","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"53f931e0146ae5bdab4cba302646827d06b3794b","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"ecdaa3e4d91040206afe21bc8a0d1198a0971ff3","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"dc2ae5fbd2dadc26735092f140b246841d969a11","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"85397e48afe6be83ffca5ad3f4792296bfc81d3d","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"6c65cf23d4c6170fcf5714c32aa64689718cb142","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/tp_meter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.258","matchCriteriaId":"1CA35684-7A23-48C2-8A06-2BD61F906C76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e388af04b3958b178a1b979527f93eb46ea1fee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1a21c055f66e78973712a4a1be2a554f1ee2e4f4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53f931e0146ae5bdab4cba302646827d06b3794b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c65cf23d4c6170fcf5714c32aa64689718cb142","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85397e48afe6be83ffca5ad3f4792296bfc81d3d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9884c9c02d3c90e9215db3c5128f59045d20ae91","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc2ae5fbd2dadc26735092f140b246841d969a11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecdaa3e4d91040206afe21bc8a0d1198a0971ff3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52932","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.390","lastModified":"2026-07-08T15:28:06.697","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: ipcomp: Free destination pages on acomp errors\n\nMove the out_free_req label up by a couple of lines so that the\nallocated dst SG list gets freed on error as well as success."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xfrm/xfrm_ipcomp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"eb2953d26971f3083bbf95de4bc997b5bedf0b6e","lessThan":"dc6dcba80d72a27ab61831ad3d253316e0c9b9d5","versionType":"git","status":"affected"},{"version":"eb2953d26971f3083bbf95de4bc997b5bedf0b6e","lessThan":"b30aa173c3809f6af4c83a86099be1be19aa48eb","versionType":"git","status":"affected"},{"version":"eb2953d26971f3083bbf95de4bc997b5bedf0b6e","lessThan":"7dbac7680eb629b3b4dc7e98c34f943b8814c0c8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xfrm/xfrm_ipcomp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.35","matchCriteriaId":"264F6745-E680-4AA9-A01E-4F9E3E10F604"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7dbac7680eb629b3b4dc7e98c34f943b8814c0c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b30aa173c3809f6af4c83a86099be1be19aa48eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc6dcba80d72a27ab61831ad3d253316e0c9b9d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52933","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.480","lastModified":"2026-07-08T15:28:00.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/poll: fix signed comparison in io_poll_get_ownership()\n\nio_poll_get_ownership() uses a signed comparison to check whether\npoll_refs has reached the threshold for the slowpath:\n\n    if (unlikely(atomic_read(&req->poll_refs) >= IO_POLL_REF_BIAS))\n\natomic_read() returns int (signed). When IO_POLL_CANCEL_FLAG\n(BIT(31)) is set in poll_refs, the value becomes negative in\nsigned arithmetic, so the >= 128 comparison always evaluates to\nfalse and the slowpath is never taken.\n\nFix this by casting the atomic_read() result to unsigned int\nbefore the comparison, so that the cancel flag is treated as a\nlarge positive value and correctly triggers the slowpath."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["io_uring/poll.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"81bf96b0abbfa4cd47ea32e12596aed3855fb2f3","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"cf522703d4f194991615763697ae25a3f9539763","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"fc47043f3d9af3efa407665b47f8378ec691ba18","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"ea0697129807d718037f618221037aa0660ee3c5","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"c6d191164dc81838d8dbf452a6000f68c558d1ae","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"326941b22806cbf2df1fbfe902b7908b368cce42","versionType":"git","status":"affected"},{"version":"4b702b7d11ce1b9d26fc6d7c5a7ef4ac1d455048","versionType":"git","status":"affected"},{"version":"bc4e6ee16778149811333a969a7a893d4cc110c5","versionType":"git","status":"affected"},{"version":"5.15.82","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"6.0.11","lessThan":"6.1","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["io_uring/poll.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.82","versionEndExcluding":"5.16","matchCriteriaId":"0CA7F6C7-DF61-4D29-ADBF-C4A79AAA85C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.11","versionEndExcluding":"6.1","matchCriteriaId":"5D80EA67-1B78-4B36-AE0D-92718B28A1C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.1","versionEndExcluding":"6.1.175","matchCriteriaId":"F8A015A3-130B-47F1-899B-AEDD0994D3D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*","matchCriteriaId":"DE093B34-F4CD-4052-8122-730D6537A91A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*","matchCriteriaId":"8535320E-A0DB-4277-800E-D0CE5BBA59E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*","matchCriteriaId":"21718AA4-4056-40F2-968E-BDAA465A7872"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/326941b22806cbf2df1fbfe902b7908b368cce42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81bf96b0abbfa4cd47ea32e12596aed3855fb2f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6d191164dc81838d8dbf452a6000f68c558d1ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf522703d4f194991615763697ae25a3f9539763","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ea0697129807d718037f618221037aa0660ee3c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc47043f3d9af3efa407665b47f8378ec691ba18","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53071","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:20.843","lastModified":"2026-07-08T13:16:53.650","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp\n\nl2cap_ecred_reconf_rsp() calls l2cap_chan_del() without holding\nl2cap_chan_lock(). Every other l2cap_chan_del() caller in the file\nacquires the lock first. A remote BLE device can send a crafted\nL2CAP ECRED reconfiguration response to corrupt the channel list\nwhile another thread is iterating it.\n\nAdd l2cap_chan_hold() and l2cap_chan_lock() before l2cap_chan_del(),\nand l2cap_chan_unlock() and l2cap_chan_put() after, matching the\npattern used in l2cap_ecred_conn_rsp() and l2cap_conn_del()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/l2cap_core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"96dca51715d86559ed6ed8028e5445cecb80f3ae","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"330b20ec97916961ee0e6c29c06bc0fa7c96e64c","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"0ccd75c51f620374086f359e906917676e699a1c","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"77a853aec710b2fdf41fa298ea3cbc9a4358f917","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"fe1188abdae9b7a8199dcdfcf9244d5e5d61eb14","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"dc89961b76f12aff47124c1df4bdb32a080f4d0c","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"5501d055a1ce3c747141e3955ba8cf034d193f3e","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"42776497cdbc9a665b384a6dcb85f0d4bd927eab","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/l2cap_core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ccd75c51f620374086f359e906917676e699a1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/330b20ec97916961ee0e6c29c06bc0fa7c96e64c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/42776497cdbc9a665b384a6dcb85f0d4bd927eab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5501d055a1ce3c747141e3955ba8cf034d193f3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/77a853aec710b2fdf41fa298ea3cbc9a4358f917","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/96dca51715d86559ed6ed8028e5445cecb80f3ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dc89961b76f12aff47124c1df4bdb32a080f4d0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fe1188abdae9b7a8199dcdfcf9244d5e5d61eb14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://access.redhat.com/security/cve/CVE-2026-53071","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492458","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53071.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-53143","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.607","lastModified":"2026-07-08T14:43:56.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11\n\nThe v11 MQD manager incorrectly assigned the CP-compute variants of\ncheckpoint_mqd/restore_mqd for KFD_MQD_TYPE_SDMA queues. These functions\nuse sizeof(struct v11_compute_mqd) (2048 bytes) instead of sizeof(struct\nv11_sdma_mqd) (512 bytes), causing a 1536-byte overflow.\n\nDuring CRIU checkpoint of an SDMA queue on Navi3x:\n- checkpoint_mqd() reads 2048 bytes from a 512-byte SDMA MQD buffer,\n  leaking 1536 bytes of adjacent GTT memory to userspace\n\nDuring CRIU restore:\n- restore_mqd() writes 2048 bytes into a 512-byte SDMA MQD buffer,\n  corrupting 1536 bytes of adjacent GTT memory (often the ring buffer\n  or neighboring MQDs)\n\nThis is a copy-paste regression unique to v11. All other ASIC backends\n(cik, vi, v9, v10, v12) correctly use the SDMA-specific variants.\n\nAdd checkpoint_mqd_sdma() and restore_mqd_sdma() functions that properly\nhandle the smaller v11_sdma_mqd structure, matching the pattern used in\nother MQD managers.\n\n(cherry picked from commit 6fa41db7ffdec97d62433adf03b7b9b759af8c2c)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"16dad1fb0d783a4008de30e32d0038c393de05b1","versionType":"git","status":"affected"},{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"2c5b66c9b4057b385566940935ebc32f6e6ebfd2","versionType":"git","status":"affected"},{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"d3efcadfe3eea5b4263b8f2d4463b15c9fc46a64","versionType":"git","status":"affected"},{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"d02f05d30f35b036f7cbaf72de634affb5b38ec6","versionType":"git","status":"affected"},{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"352ea59028ea48a6fff77f19ae28f98f71946a80","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-131"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.6.143","matchCriteriaId":"83122EE5-06E7-4996-8D74-0522071B474D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/16dad1fb0d783a4008de30e32d0038c393de05b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2c5b66c9b4057b385566940935ebc32f6e6ebfd2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/352ea59028ea48a6fff77f19ae28f98f71946a80","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d02f05d30f35b036f7cbaf72de634affb5b38ec6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3efcadfe3eea5b4263b8f2d4463b15c9fc46a64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-53143","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492719","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53143.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53145","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.810","lastModified":"2026-07-08T14:57:03.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Try to fix change_handle ioctl, attempt 4\n\n[airlied: just added some comments on how to reenable]\nOn-list because the cat is out of the bag and we're clearly not good\nenough to figure this out in private. The story thus far:\n\n5e28b7b94408 (\"drm: Set old handle to NULL before prime swap in\nchange_handle\") tried to fix a race condition between the gem_close and\ngem_change_handle ioctls, but got a few things wrong:\n\n- There's a confusion with the local variable handle, which is actually\n  the new handle, and so the two-stage trick was actually applied to the\n  wrong idr slot. 7164d78559b0 (\"drm/gem: fix race between\n  change_handle and handle_delete\") tried to fix that by adding yet\n  another code block, but forgot to add the error handling. Which meant\n  we now have two paths, both kinda wrong.\n\n- dc366607c41c (\"drm: Replace old pointer to new idr\") tried to apply\n  another fix, but inconsistently, again because of the handle confusion\n  - this would be the right fix (kinda, somewhat, it's a mess) if we'd\n  do the two-stage approach for the new handle. Except that wasn't the\n  intent of the original fix.\n\nWe also didn't have an igt merged for the original ioctl, which is a big\nno-go. This was attempted to address off-list in the original bugfix,\nand amd QA people claimed the bug was fixed now. Very clearly that's not\nthe case. Here's my attempt to sort this out:\n\n- Rename the local variable to new_handle, the old aliasing with\n  args->handle is just too dangerously confusing.\n\n- Merge the gem obj lookup with the two-stage idr_replace so that we\n  avoid getting ourselves confused there.\n\n- This means we don't have a surplus temporary reference anymore, only\n  an inherited from the idr. A concurrent gem_close on the new_handle\n  could steal that. Fix that with the same two-stage approach\n  create_tail uses. This is a bit overkill as documented in the comment,\n  but I also don't trust my ability to understand this all correctly, so\n  go with the established pattern we have from other ioctls instead for\n  maximum paranoia.\n\n- Adjust error paths. I've tried to make the error and success paths\n  common, because they are identical except for which handle is removed\n  and on which we call idr_replace to (re)install the object again. But\n  that made things messier to read, so I've left it at the more verbose\n  version, which unfortunately hides the symmetry in the entire code\n  flow a bit.\n\n- While at it, also replace the 7 space indent with 1 tab.\n\nAnd finally, because I flat out don't trust my abilities here at all\nanymore:\n\n- Disable the ioctl until we have the igt situation and everything else\n  sorted out on-list and with full consensus.\n\nv2:\n\nSashiko noticed that I didn't handle the error path for idr_replace\ncorrectly, it must be checked with IS_ERR_OR_NULL like in\ngem_handle_delete. So yeah, definitely should just the existing paths\n1:1 because this is endless amounts of tricky.\n\nAlso add the Fixes: line for the original ioctl, I forgot that too."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/drm_gem.c","drivers/gpu/drm/drm_ioctl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"672464dd53231509c9c771110798c56d4660e19e","lessThan":"c0639ede2f24ac224b2079cd35ecd5fd8ad4e3cd","versionType":"git","status":"affected"},{"version":"61bd96d3e5472c253f9c1ab77608f0c8aaa9d025","lessThan":"1d9b93df7fc768228906e24220591ec1cddad391","versionType":"git","status":"affected"},{"version":"5e28b7b94408897e41c63477aabc9e1db439bc8c","lessThan":"1a4f03d22fb655e5f192244fb2c87d8066fcfca2","versionType":"git","status":"affected"},{"version":"318b995cffcfcaa69a234d28123a3f4ae186a9df","versionType":"git","status":"affected"},{"version":"38f12d0e10d83b66fa1466400d876a3a8da31542","versionType":"git","status":"affected"},{"version":"0dfa42cfe4dbe114533480503934f43e33c1e83d","versionType":"git","status":"affected"},{"version":"cde2c9257cbe8463b9dcf7b1075177b72b5fd938","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/drm_gem.c","drivers/gpu/drm/drm_ioctl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18.32","lessThan":"6.18.36","versionType":"semver","status":"affected"},{"version":"7.0.9","lessThan":"7.0.13","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.32","versionEndExcluding":"6.18.36","matchCriteriaId":"31CD171B-DFD5-4D12-B633-B42F02ACBD80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.9","versionEndExcluding":"7.0.13","matchCriteriaId":"322D0AF5-A8BD-4FEE-82F7-1CCC7E7693B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a4f03d22fb655e5f192244fb2c87d8066fcfca2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1d9b93df7fc768228906e24220591ec1cddad391","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0639ede2f24ac224b2079cd35ecd5fd8ad4e3cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-53145","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492773","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53145.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53148","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:32.140","lastModified":"2026-07-08T14:41:01.103","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Clamp XDomain response data copy to allocation size\n\ntb_xdp_properties_request() derives the per-packet copy length from\nthe response header without checking that it fits in the previously\nallocated data buffer.  A malicious peer can set its length field\nlarger than the declared data_length, causing memcpy to write past\nthe kcalloc allocation.\n\nClamp the per-packet copy length so that the cumulative offset\nnever exceeds data_len."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/thunderbolt/xdomain.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"0b334279a82d79fb4723bd4f614305de1ab69caa","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"6021d39ccd979713b39b980286020d8f9a45efd1","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"89ae04365e01d5ae4aae83044a8bbd2a9aaf8d0d","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"5db10c8ad8c09f72c847dfeef3d876098257f505","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"05a43157676c243c248d1c6d9dcecbe6eba2f35d","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"fcbd0cdab92838854a5818be7ed8a097164ef6d5","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"906035d5c3784570191d259cbf9a0ac1617852b5","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"322e93448d908434ae5545660fcbe8f5a7a8e141","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/thunderbolt/xdomain.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.259","matchCriteriaId":"E2E6634B-DED7-40B3-A18B-2140A791419F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05a43157676c243c248d1c6d9dcecbe6eba2f35d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0b334279a82d79fb4723bd4f614305de1ab69caa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/322e93448d908434ae5545660fcbe8f5a7a8e141","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5db10c8ad8c09f72c847dfeef3d876098257f505","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6021d39ccd979713b39b980286020d8f9a45efd1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/89ae04365e01d5ae4aae83044a8bbd2a9aaf8d0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/906035d5c3784570191d259cbf9a0ac1617852b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fcbd0cdab92838854a5818be7ed8a097164ef6d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-53148","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492756","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53148.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53153","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:32.680","lastModified":"2026-07-08T13:51:05.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/list_lru: drain before clearing xarray entry on reparent\n\nmemcg_reparent_list_lrus() clears the dying memcg's xarray entry with\nxas_store(&xas, NULL) before reparenting its per-node lists into the\nparent.  This opens a window where a concurrent list_lru_del() arriving\nfor the dying memcg sees xa_load() == NULL, walks to the parent in\nlock_list_lru_of_memcg(), takes the parent's per-node lock, and calls\nlist_del_init() on an item still physically linked on the dying memcg's\nlist.\n\nIf another in-flight thread holds the dying memcg's per-node lock at the\nsame moment (another list_lru_del, or a list_lru_walk_one running an\nisolate callback), both threads modify ->next/->prev pointers on the same\nphysical list under different locks.  Adjacent items can corrupt each\nother's links.\n\nFix it by reversing the order: reparent each per-node list and mark the\nchild's list lru dead and then clear the xarray entry.  Any concurrent\nlist_lru op that finds the still-set xarray entry either takes the dying\nmemcg's per-node lock (synchronizing with the drain) or sees LONG_MIN and\nwalks to the parent, where the items now live."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/list_lru.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fb56fdf8b9a2f7397f8a83dce50189f3f0cf71af","lessThan":"c19ff4351214f059349788e13e70e74325831ff6","versionType":"git","status":"affected"},{"version":"fb56fdf8b9a2f7397f8a83dce50189f3f0cf71af","lessThan":"2b66496d794e98f7aeec7688573051f22ec40bac","versionType":"git","status":"affected"},{"version":"fb56fdf8b9a2f7397f8a83dce50189f3f0cf71af","lessThan":"98733f3f0becb1ae0701d021c1748e974e5fa55c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/list_lru.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-820"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b66496d794e98f7aeec7688573051f22ec40bac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/98733f3f0becb1ae0701d021c1748e974e5fa55c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c19ff4351214f059349788e13e70e74325831ff6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-53153","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492790","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53153.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53236","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.493","lastModified":"2026-07-08T13:20:37.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: restrict SO_ATTACH_FILTER to priv users\n\nThis patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets\nto users with CAP_NET_ADMIN capability.\n\nThis blocks potential side-channel attack where an unprivileged application\nattaches a filter to leak TCP sequence/acknowledgment numbers."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"3747de241a66ef2c7032d2cc2b826a47c5fa0f6a","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ecfe9171b26ae3eed0cd8bab7a943e9e2c9e51ba","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"82b3e7ce10c53fc12aab8904745603efc74f8c07","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ede69b8f6670600e534591664584f810d7c385f9","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c68517a3e18e20997808821c5559d0cba4d776c1","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5d39580f68e6ddeedd15e587282207489dfb3da2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"6.1.176","matchCriteriaId":"82D831C2-08D3-43F5-A6A7-F4B9A5A9B631"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3747de241a66ef2c7032d2cc2b826a47c5fa0f6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d39580f68e6ddeedd15e587282207489dfb3da2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82b3e7ce10c53fc12aab8904745603efc74f8c07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c68517a3e18e20997808821c5559d0cba4d776c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecfe9171b26ae3eed0cd8bab7a943e9e2c9e51ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ede69b8f6670600e534591664584f810d7c385f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53237","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.597","lastModified":"2026-07-08T13:13:22.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix NULL pointer dereference in suspend/resume\n\nmvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO\nbanks during suspend/resume, but not all banks have PWM functionality.\nGPIO banks without PWM have mvchip->mvpwm set to NULL.\n\nCalling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer\ndereference when it tries to access mvpwm->blink_select.\n\n  Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write\n  [00000020] *pgd=00000000\n  Internal error: Oops: 815 [#1] PREEMPT ARM\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353\n  Hardware name: Marvell Armada 370/XP (Device Tree)\n  PC is at regmap_mmio_read+0x38/0x54\n  LR is at regmap_mmio_read+0x38/0x54\n  pc : [<c05fd2ac>]    lr : [<c05fd2ac>]    psr: 200f0013\n  sp : f0c11d10  ip : 00000000  fp : c100d2f0\n  r10: c14fb854  r9 : 00000000  r8 : 00000000\n  r7 : c1799c00  r6 : 00000020  r5 : 00000020  r4 : c179c7c0\n  r3 : f0a231a0  r2 : 00000020  r1 : 00000020  r0 : 00000000\n  Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none\n  Control: 10c5387d  Table: 135ec059  DAC: 00000051\n  Call trace:\n   regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac\n   _regmap_bus_reg_read from _regmap_read+0x60/0x154\n   _regmap_read from regmap_read+0x3c/0x60\n   regmap_read from mvebu_gpio_suspend+0xa4/0x14c\n   mvebu_gpio_suspend from dpm_run_callback+0x54/0x180\n   dpm_run_callback from device_suspend+0x124/0x630\n   device_suspend from dpm_suspend+0x124/0x270\n   dpm_suspend from dpm_suspend_start+0x64/0x6c\n   dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8\n   suspend_devices_and_enter from pm_suspend+0x2fc/0x308\n   pm_suspend from state_store+0x6c/0xc8\n   state_store from kernfs_fop_write_iter+0x10c/0x1f8\n   kernfs_fop_write_iter from vfs_write+0x270/0x468\n   vfs_write from ksys_write+0x70/0xf0\n   ksys_write from ret_fast_syscall+0x0/0x54\n\nAdd a NULL check for mvchip->mvpwm before calling the PWM\nsuspend/resume functions."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpio/gpio-mvebu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"7db09011ce62162d72897fc4856b4425245dfe35","versionType":"git","status":"affected"},{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"4ef24338eda3c7e96d6f94a988266ff16ed3985d","versionType":"git","status":"affected"},{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"6136c1474db88272231573e222896e1998d34662","versionType":"git","status":"affected"},{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"c9677a9274ffb44987ec209dc8ec9f2d34946956","versionType":"git","status":"affected"},{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"b9ad50d7505ebd48282ec3630258dc820fc85c81","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpio/gpio-mvebu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"6.6.143","matchCriteriaId":"5A633716-C5E6-4EC9-BEBD-D8A0818C7F95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4ef24338eda3c7e96d6f94a988266ff16ed3985d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6136c1474db88272231573e222896e1998d34662","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7db09011ce62162d72897fc4856b4425245dfe35","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9ad50d7505ebd48282ec3630258dc820fc85c81","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9677a9274ffb44987ec209dc8ec9f2d34946956","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53238","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.713","lastModified":"2026-07-08T13:12:15.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: validate unlabeled address and mask attribute lengths\n\nnetlbl_unlabel_addrinfo_get() used the address attribute length to\ndetermine whether the attribute data could be read as an IPv4 or IPv6\naddress, but did not independently validate the corresponding mask\nattribute length.  A crafted Generic Netlink request could therefore\nprovide a valid IPv4/IPv6 address attribute with a shorter mask\nattribute, which would later be read as a full struct in_addr or\nstruct in6_addr.\n\nNLA_BINARY policy lengths are maximum lengths by default, so use\nNLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask\nattributes.  This rejects short attributes during policy validation and\nalso exposes the exact length requirements through policy introspection."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netlabel/netlabel_unlabeled.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"975a84fd741440853380d37465b6e226cf47254c","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"672f0f3b8f875ffe6525a37847eafa7648c4c0c6","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"95bda3eac0b1454c2cee98d58d9ba6dd8391e843","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"07a18f5c90dd3d586b73242f5a5bbf0a72f2fdc6","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"71c52da13c3737493b42d20d9f33de34e03b3156","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"0c4bb32ad7fdc2dc6a8050f41eb04d4bda56b6c8","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"ccfe292a966079c61ea68a2da303b2a336170993","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"9772589b57e44aedc240211c5c3f7a684a034d3a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netlabel/netlabel_unlabeled.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.25","status":"affected"},{"version":"0","lessThan":"2.6.25","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.10.259","matchCriteriaId":"3D7B1C25-B15B-469B-86ED-C02BFEC9F0DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/07a18f5c90dd3d586b73242f5a5bbf0a72f2fdc6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0c4bb32ad7fdc2dc6a8050f41eb04d4bda56b6c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/672f0f3b8f875ffe6525a37847eafa7648c4c0c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71c52da13c3737493b42d20d9f33de34e03b3156","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95bda3eac0b1454c2cee98d58d9ba6dd8391e843","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/975a84fd741440853380d37465b6e226cf47254c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9772589b57e44aedc240211c5c3f7a684a034d3a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ccfe292a966079c61ea68a2da303b2a336170993","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53239","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.840","lastModified":"2026-07-08T13:06:06.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()\n\nFix the race by pruning the bin while still holding xfrm_policy_lock,\nbefore dropping it. Use __xfrm_policy_inexact_prune_bin() directly since\nthe lock is already held. The wrapper xfrm_policy_inexact_prune_bin()\nbecomes unused and is removed.\n\nRace:\n\n  CPU0 (XFRM_MSG_DELPOLICY)           CPU1 (XFRM_MSG_NEWSPDINFO)\n  ==========================          ==========================\n  xfrm_policy_bysel_ctx():\n    spin_lock_bh(xfrm_policy_lock)\n    bin = xfrm_policy_inexact_lookup()\n    __xfrm_policy_unlink(pol)\n    spin_unlock_bh(xfrm_policy_lock)\n    xfrm_policy_kill(ret)\n    // wide window, lock not held\n                                       xfrm_hash_rebuild():\n                                         spin_lock_bh(xfrm_policy_lock)\n                                         __xfrm_policy_inexact_flush():\n                                           kfree_rcu(bin)  // bin freed\n                                         spin_unlock_bh(xfrm_policy_lock)\n    xfrm_policy_inexact_prune_bin(bin)\n    // UAF: bin is freed"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xfrm/xfrm_policy.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"8fc536e9f6856230f19c7d13e71af064b6a77b22","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"c4c1ea36d83bf3c4569468ca5b8b614fda1bf821","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"25c8c7fb3b0b9668c7d05e209f58c158d2b020c7","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"42827d03f8009a6a218bacab153e21f39d6a121c","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"88697cf980222d5906a37bf47662dac0732e2a0f","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"b5316e2b8614a87d8736941972441cb47bfd4491","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"ec82ea4eb220164d854f8734ca5a35e23e577b94","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"7f2d76c9c03257c0782afef9d95321fa04096f60","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xfrm/xfrm_policy.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.259","matchCriteriaId":"1A9E792C-DB8D-45E1-BA0E-FADA558D6B15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/25c8c7fb3b0b9668c7d05e209f58c158d2b020c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/42827d03f8009a6a218bacab153e21f39d6a121c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f2d76c9c03257c0782afef9d95321fa04096f60","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/88697cf980222d5906a37bf47662dac0732e2a0f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8fc536e9f6856230f19c7d13e71af064b6a77b22","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5316e2b8614a87d8736941972441cb47bfd4491","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c4c1ea36d83bf3c4569468ca5b8b614fda1bf821","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec82ea4eb220164d854f8734ca5a35e23e577b94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53240","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.960","lastModified":"2026-07-08T13:05:31.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: fix use-after-free on first_skb in __input_process_payload\n\n__input_process_payload() stores first_skb into xtfs->ra_newskb under\ndrop_lock when starting partial reassembly, then unlocks and breaks out\nof the processing loop. The post-loop check reads xtfs->ra_newskb\nwithout the lock to decide whether first_skb is still owned:\n\n    if (first_skb && first_iplen && !defer && first_skb != xtfs->ra_newskb)\n\nBetween spin_unlock and this read, a concurrent CPU running\niptfs_reassem_cont() (or the drop_timer hrtimer) can complete\nreassembly, NULL xtfs->ra_newskb, and free the skb. The check then\nevaluates first_skb != NULL as true, and pskb_trim/ip_summed/consume_skb\noperate on the freed skb — a use-after-free in skbuff_head_cache.\n\nReplace the unlocked read with a local bool that records whether\nfirst_skb was handed to the reassembly state in the current call. The\nflag is set after the existing spin_unlock, before the break, using the\npointer equality that is stable at that point (first_skb == skb iff\nfirst_skb was stored in ra_newskb)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xfrm/xfrm_iptfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3f3339885fb343b7b42d7c34717108ce07da24ae","lessThan":"8d9a79fbf5172d9c4c0146057af2360913265a11","versionType":"git","status":"affected"},{"version":"3f3339885fb343b7b42d7c34717108ce07da24ae","lessThan":"ff2ee35b6ce5fa8a8e24ea50b15733d5c8780198","versionType":"git","status":"affected"},{"version":"3f3339885fb343b7b42d7c34717108ce07da24ae","lessThan":"eb48730bb827d1550401a5d391903f9d90b493c8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xfrm/xfrm_iptfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.36","matchCriteriaId":"F44E71B4-36C2-4FDD-9239-2EEBD641A1C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8d9a79fbf5172d9c4c0146057af2360913265a11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb48730bb827d1550401a5d391903f9d90b493c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff2ee35b6ce5fa8a8e24ea50b15733d5c8780198","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53250","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:42.960","lastModified":"2026-07-08T13:04:07.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata()\n\nThe TX metadata area resides in the UMEM buffer which is memory-mapped\nand concurrently writable by userspace. In xsk_skb_metadata(),\ncsum_start and csum_offset are read from shared memory for bounds\nvalidation, then read again for skb assignment. A malicious userspace\napplication can race to overwrite these values between the two reads,\nbypassing the bounds check and causing out-of-bounds memory access\nduring checksum computation in the transmit path.\n\nFix this by reading csum_start and csum_offset into local variables\nonce, then using the local copies for both validation and assignment.\n\nNote that other metadata fields (flags, launch_time) and the cached\ncsum fields may be mutually inconsistent due to concurrent userspace\nwrites, but this is benign: the only security-critical invariant is\nthat each field's validated value is the same one used, which local\ncaching guarantees."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xdp/xsk.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"48eb03dd26304c24f03bdbb9382e89c8564e71df","lessThan":"0dfe05b938435892875e07771170051346412df9","versionType":"git","status":"affected"},{"version":"48eb03dd26304c24f03bdbb9382e89c8564e71df","lessThan":"bfdfd2706d5fb2cd496a1506e680daf979309c8b","versionType":"git","status":"affected"},{"version":"48eb03dd26304c24f03bdbb9382e89c8564e71df","lessThan":"22ba97ea9cc1f63a0d0244fae38057ed452b6ac7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xdp/xsk.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.18.36","matchCriteriaId":"D3538284-FFD4-4105-A79C-901B10A64A4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0dfe05b938435892875e07771170051346412df9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/22ba97ea9cc1f63a0d0244fae38057ed452b6ac7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfdfd2706d5fb2cd496a1506e680daf979309c8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53260","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.993","lastModified":"2026-07-08T15:25:49.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().\n\nsyzbot reported a weird reqsk->rsk_refcnt underflow in\n__inet_csk_reqsk_queue_drop().\n\nThe captured reqsk_put() in __inet_csk_reqsk_queue_drop()\nis called only when it successfully removes reqsk from ehash.\n\nMoreover, reqsk_timer_handler() calls another reqsk_put()\nafter that.\n\nThis indicates that the reqsk was missing both refcnts for\nehash and the timer itself.\n\nSince all the syzbot reports had PREEMPT_RT enabled, the only\npossible scenario is that reqsk_queue_hash_req() is preempted\nafter mod_timer() and before refcount_set(), and then the timer\ntriggered after 1s aborts the reqsk due to its listener's close().\n\nLet's wrap mod_timer() and refcount_set() with\npreempt_disable_nested() and preempt_enable_nested().\n\nNote that inet_ehash_insert() holds the normal spin_lock()\n(mutex in PREEMPT_RT), so it must be called outside of\npreempt_disable_nested(), but this is fine.\n\nThe lookup path just ignores 0 sk_refcnt entries in ehash\nand tries to create another reqsk, but this will fail at\ninet_ehash_insert().\n\n[0]:\nrefcount_t: underflow; use-after-free.\nWARNING: lib/refcount.c:28 at refcount_warn_saturate+0xb2/0x110 lib/refcount.c:28, CPU#0: ktimers/0/16\nModules linked in:\nCPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)}\nTainted: [L]=SOFTLOCKUP\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026\nRIP: 0010:refcount_warn_saturate+0xb2/0x110 lib/refcount.c:28\nCode: e4 7d d1 0a 67 48 0f b9 3a eb 4a e8 38 3d 23 fd 48 8d 3d e1 7d d1 0a 67 48 0f b9 3a eb 37 e8 25 3d 23 fd 48 8d 3d de 7d d1 0a <67> 48 0f b9 3a eb 24 e8 12 3d 23 fd 48 8d 3d db 7d d1 0a 67 48 0f\nRSP: 0000:ffffc90000157948 EFLAGS: 00010246\nRAX: ffffffff84a1301b RBX: 0000000000000003 RCX: ffff88801ca98000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: ffffffff8f72ae00\nRBP: ffffffff99ae3b01 R08: ffff88801ca98000 R09: 0000000000000005\nR10: 0000000000000100 R11: 0000000000000004 R12: ffff8880425ef568\nR13: ffff8880425ef4f8 R14: ffff8880425ef578 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff888126386000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7b46710e9c CR3: 000000000dbb6000 CR4: 00000000003526f0\nCall Trace:\n <TASK>\n __refcount_sub_and_test include/linux/refcount.h:400 [inline]\n __refcount_dec_and_test include/linux/refcount.h:432 [inline]\n refcount_dec_and_test include/linux/refcount.h:450 [inline]\n reqsk_put include/net/request_sock.h:136 [inline]\n __inet_csk_reqsk_queue_drop+0x3ce/0x440 net/ipv4/inet_connection_sock.c:1007\n reqsk_timer_handler+0x651/0xdf0 net/ipv4/inet_connection_sock.c:1137\n call_timer_fn+0x192/0x5e0 kernel/time/timer.c:1748\n expire_timers kernel/time/timer.c:1799 [inline]\n __run_timers kernel/time/timer.c:2374 [inline]\n __run_timer_base+0x6a3/0x9f0 kernel/time/timer.c:2386\n run_timer_base kernel/time/timer.c:2395 [inline]\n run_timer_softirq+0x67/0x170 kernel/time/timer.c:2403\n handle_softirqs+0x1de/0x6d0 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0x69/0x100 kernel/softirq.c:1151\n smpboot_thread_fn+0x541/0xa50 kernel/smpboot.c:160\n kthread+0x388/0x470 kernel/kthread.c:436\n ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n </TASK>"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv4/inet_connection_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d2d6422f8bd17c6bb205133e290625a564194496","lessThan":"b183215ff714efb747d9d5a429322ba6404b5401","versionType":"git","status":"affected"},{"version":"d2d6422f8bd17c6bb205133e290625a564194496","lessThan":"e10902df24488ca722303133acfc82490f7d59ad","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv4/inet_connection_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"7.0.13","matchCriteriaId":"5F7CA1CD-70DF-41F4-8C32-AFEA390C118F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b183215ff714efb747d9d5a429322ba6404b5401","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e10902df24488ca722303133acfc82490f7d59ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53261","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:44.100","lastModified":"2026-07-08T15:17:32.770","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: Release nested relation on devlink free\n\ndevlink relation state is normally released from devl_unregister(), which\ncalls devlink_rel_put(). This misses devlink instances that get a nested\nrelation before registration and then fail probe before devl_register() is\nreached.\n\nThat flow can happen for SFs. The child devlink gets linked to its\nparent before registration, then a later probe error calls devlink_free()\ndirectly. Since the instance was never registered, devl_unregister() is not\ncalled and devlink->rel is leaked.\n\nRelease any pending relation from devlink_free() as well. The registered\npath is unchanged because devl_unregister() already clears devlink->rel\nbefore devlink_free() runs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/devlink/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c137743bce02b18c1537d4681aa515f7b80bf0a8","lessThan":"a9137286884703113b1c9e6403bd6d7d97b14754","versionType":"git","status":"affected"},{"version":"c137743bce02b18c1537d4681aa515f7b80bf0a8","lessThan":"927f96861f939c0b517d13ed27bf4fabbfc1cfb3","versionType":"git","status":"affected"},{"version":"c137743bce02b18c1537d4681aa515f7b80bf0a8","lessThan":"11324d52b0c63f4f202b35793c6507a575e9a689","versionType":"git","status":"affected"},{"version":"c137743bce02b18c1537d4681aa515f7b80bf0a8","lessThan":"3522b21fd7e1863d0734537737bd59f1b90d0190","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/devlink/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11324d52b0c63f4f202b35793c6507a575e9a689","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3522b21fd7e1863d0734537737bd59f1b90d0190","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/927f96861f939c0b517d13ed27bf4fabbfc1cfb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a9137286884703113b1c9e6403bd6d7d97b14754","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53262","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:44.190","lastModified":"2026-07-08T15:15:55.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()\n\npppol2tp_ioctl() read sock->sk->sk_user_data directly without any\nlocks or reference counting.  If a controllable sleep was induced during\ncopy_from_user() (e.g. via a userfaultfd page fault sleep), a concurrent\nsocket close could trigger pppol2tp_session_close() asynchronously.  This\nfrees the l2tp_session structure via the l2tp_session_del_work workqueue.\nUpon resuming, the ioctl thread dereferences the stale session pointer,\nresulting in a Use-After-Free (UAF).\n\nFix this by securely fetching the session reference using the RCU-safe,\nrefcounted helper pppol2tp_sock_to_session(sk) on entry.  This locks the\nsession's refcount across the sleep.  We structured the function to exit\nvia standard err breaks, guaranteeing that l2tp_session_put() is cleanly\ncalled on all return paths to drop the reference.\n\nTo preserve existing behavior we validate the session and its magic\nsignature only for the specific L2TP commands that require it.  This\nensures that generic/unknown ioctls called on an unconnected socket\nstill return -ENOIOCTLCMD and correctly fall back to generic handlers\n(e.g. in sock_do_ioctl())."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/l2tp/l2tp_ppp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fd558d186df2c13a22455373858bae634a4795af","lessThan":"78cdfdca88cbf731a92f3b9ee5427c633dd94e28","versionType":"git","status":"affected"},{"version":"fd558d186df2c13a22455373858bae634a4795af","lessThan":"e251d4cdfc725c9e7d686161e3b775a0e7d95053","versionType":"git","status":"affected"},{"version":"fd558d186df2c13a22455373858bae634a4795af","lessThan":"62f327e287cf7b595ae3f73ba72f5cd2a9e9f39f","versionType":"git","status":"affected"},{"version":"fd558d186df2c13a22455373858bae634a4795af","lessThan":"a213a8950414c684999dcf03edeea6c46ede172e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/l2tp/l2tp_ppp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.35","status":"affected"},{"version":"0","lessThan":"2.6.35","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"6.12.94","matchCriteriaId":"8E092CDC-D238-443D-B52B-C57704BE09B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/62f327e287cf7b595ae3f73ba72f5cd2a9e9f39f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78cdfdca88cbf731a92f3b9ee5427c633dd94e28","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a213a8950414c684999dcf03edeea6c46ede172e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e251d4cdfc725c9e7d686161e3b775a0e7d95053","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-56290","sourceIdentifier":"security@joomla.org","published":"2026-06-29T15:16:42.360","lastModified":"2026-07-08T13:37:08.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomlack.fr","product":"JoomlaCK.fr Page Builder CK extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-3.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T00:00:00+00:00","id":"CVE-2026-56290","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-07","cisaActionDue":"2026-07-10","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Joomlack Page Builder Improper Access Control Vulnerability","weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomlack:page_builder_ck:*:*:*:*:*:joomla\\!:*:*","versionEndExcluding":"3.6.0","matchCriteriaId":"5181215D-DF24-47CA-B49B-23BCB55C1C60"}]}]}],"references":[{"url":"https://www.joomlack.fr/","source":"security@joomla.org","tags":["Product"]},{"url":"https://forum.joomlack.fr/index.php/page-builder-ck/21627-nouvelle-version-de-pbck-et-joomla-3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Patch"]},{"url":"https://mysites.guru/blog/pagebuilderck-unauthenticated-file-upload-rce/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56290","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-13149","sourceIdentifier":"22e2d327-25fe-45d7-9f0c-dcd23b7108df","published":"2026-06-30T10:16:34.560","lastModified":"2026-07-08T12:17:20.087","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An attacker who passes a crafted string to expand(), directly or transitively, can cause significant CPU consumption and event-loop blocking. The max option does not mitigate this, as it bounds the output size rather than the recursion work."}],"affected":[{"source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df","affectedData":[{"vendor":"juliangruber","product":"brace-expansion","defaultStatus":"unaffected","collectionURL":"https://registry.npmjs.org","packageName":"brace-expansion","repo":"https://github.com/juliangruber/brace-expansion","versions":[{"version":"0","lessThanOrEqual":"5.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T12:43:12.568372Z","id":"CVE-2026-13149","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-407"}]}],"references":[{"url":"https://github.com/juliangruber/brace-expansion/commit/c7e33ec13ac1a684c116720843ce24e208611754","source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df"},{"url":"https://www.npmjs.com/package/brace-expansion","source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df"}]}},{"cve":{"id":"CVE-2026-48282","sourceIdentifier":"psirt@adobe.com","published":"2026-06-30T16:16:54.533","lastModified":"2026-07-08T14:58:28.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"ColdFusion","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2023.20","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T00:00:00+00:00","id":"CVE-2026-48282","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-07","cisaActionDue":"2026-07-10","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Adobe ColdFusion Path Traversal Vulnerability","weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*","matchCriteriaId":"B02A37FE-5D31-4892-A3E6-156A8FE62D28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*","matchCriteriaId":"0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*","matchCriteriaId":"645D1B5F-2DAB-4AB8-A465-AC37FF494F95"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*","matchCriteriaId":"ED6D8996-0770-4C9F-BEA5-87EA479D40A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*","matchCriteriaId":"4836086E-3D4A-4A07-A372-382D385CB490"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*","matchCriteriaId":"CBC19168-4184-4B59-B9C8-E98844124EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*","matchCriteriaId":"A60DCD92-9A5B-411C-9554-642C91D77FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:*","matchCriteriaId":"58CC65EF-60A3-4DFA-AA51-E5013F116CEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:*","matchCriteriaId":"2E3EBFB1-4488-4924-A2E2-B7E422D68345"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:*","matchCriteriaId":"A683F9B2-A0DC-4AA0-BE97-9E74FA200AB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:*","matchCriteriaId":"8689F35F-9A81-45D2-B782-DBA12306BA45"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:*","matchCriteriaId":"5FAA5985-4B25-46C5-8064-0713AB251704"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*","matchCriteriaId":"EB88D4FE-5496-4639-BAF2-9F29F24ABF29"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update20:*:*:*:*:*:*","matchCriteriaId":"9E3884AF-7A1A-4604-B653-6694B7BD1E86"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*","matchCriteriaId":"43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*","matchCriteriaId":"76204873-C6E0-4202-8A03-0773270F1802"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*","matchCriteriaId":"C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*","matchCriteriaId":"E3A83642-BF14-4C37-BD94-FA76AABE8ADC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*","matchCriteriaId":"A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*","matchCriteriaId":"DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*","matchCriteriaId":"E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*","matchCriteriaId":"30779417-D4E5-4A01-BE0E-1CE1D134292A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*","matchCriteriaId":"80D7FC6A-F264-4CB1-A18D-B091EBA47882"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*","matchCriteriaId":"E3DA0D20-93BA-4C76-A400-159853CD7277"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:*","matchCriteriaId":"5BAB6F21-61F1-43AB-88BA-553CD9AD6C0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:*","matchCriteriaId":"C85288B9-5D63-49EA-828A-8DB3BB2367F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:*","matchCriteriaId":"3882A011-5A01-48E7-B5E7-5A837B1CE245"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:*","matchCriteriaId":"AACCE621-3380-4144-BA1B-AA26FE96B902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:*","matchCriteriaId":"EBC62370-3FA2-4AF7-A201-4155D09051F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:*","matchCriteriaId":"D7616F34-9422-4815-806F-4484F68ED2A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update9:*:*:*:*:*:*","matchCriteriaId":"FB078BC9-164F-46D0-99F8-086F93FF2046"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48282","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-58467","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-02T20:17:06.733","lastModified":"2026-07-08T14:17:19.517","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cockpit CMS through 2.14.0 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. Attackers can inject dot-dot sequences into the URL to traverse outside the designated spaces directory, and when the resolved path ends with a .php extension, the application passes it to include(), enabling local file inclusion on deployments using the PHP built-in server or certain non-default Nginx configurations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"cockpit-hq","product":"cockpit","defaultStatus":"affected","repo":"https://github.com/cockpit-hq/cockpit","versions":[{"version":"0","lessThanOrEqual":"2.14.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:21:37.199759Z","id":"CVE-2026-58467","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/cockpit.md","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cockpit-cms-path-traversal-local-file-inclusion-via-index-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-47896","sourceIdentifier":"security@apache.org","published":"2026-07-03T09:16:37.397","lastModified":"2026-07-08T15:04:21.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).\n\nThis issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017.\n\nUsers are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Lucene.Net","defaultStatus":"unaffected","collectionURL":"https://www.nuget.org","packageName":"Lucene.Net.Replicator","versions":[{"version":"4.8.0-beta00005","lessThan":"4.8.0-beta00018","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:L/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T17:30:40.261299Z","id":"CVE-2026-47896","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00005:*:*:*:*:*:*","matchCriteriaId":"79E25A9C-01FC-44B3-9A5E-F5E1D3CFADD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00006:*:*:*:*:*:*","matchCriteriaId":"7553B675-B9BE-4969-81F4-0757F91478CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00007:*:*:*:*:*:*","matchCriteriaId":"1405236D-970D-4879-A98C-87693C758494"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00008:*:*:*:*:*:*","matchCriteriaId":"07188547-C926-4937-87E9-23546E2EABFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00009:*:*:*:*:*:*","matchCriteriaId":"74865A6E-42F5-4C8E-9159-63240AE55BAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00010:*:*:*:*:*:*","matchCriteriaId":"EC844BB8-F736-4DFD-9410-E45558F112B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00011:*:*:*:*:*:*","matchCriteriaId":"C4FB017B-3FE4-4272-AB5C-292F4833BD81"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00012:*:*:*:*:*:*","matchCriteriaId":"5882F11D-D145-46D3-8740-D4336E34F323"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00013:*:*:*:*:*:*","matchCriteriaId":"24AD241C-97F8-4F93-811C-99E707E2B0E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00014:*:*:*:*:*:*","matchCriteriaId":"2E363C64-EE85-4302-8D26-71B11D8B9B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00015:*:*:*:*:*:*","matchCriteriaId":"FB9EB424-2545-4B57-8284-68AD0E57A92A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00016:*:*:*:*:*:*","matchCriteriaId":"B8B783C0-35FD-433D-A597-3B2B3B5E190A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00017:*:*:*:*:*:*","matchCriteriaId":"F46E0873-4467-44E8-A8EF-FB805DDF512B"}]}]}],"references":[{"url":"https://lists.apache.org/thread/7y9gbt17p55fh1zltks4pnh719wq9sqt","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/03/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-12481","sourceIdentifier":"security@huntr.dev","published":"2026-07-03T21:16:54.737","lastModified":"2026-07-08T15:01:47.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"keras-team","product":"keras-team/keras","versions":[{"version":"unspecified","lessThanOrEqual":"latest","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:15:34.297007Z","id":"CVE-2026-12481","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:keras:keras:3.14.0:*:*:*:*:*:*:*","matchCriteriaId":"5AB5B43D-0D41-4CBB-97B5-F5FE10D56689"}]}]}],"references":[{"url":"https://huntr.com/bounties/59ceaed1-c8a3-4135-8f94-169ade02823d","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/59ceaed1-c8a3-4135-8f94-169ade02823d","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-12252","sourceIdentifier":"security@huntr.dev","published":"2026-07-04T02:16:23.603","lastModified":"2026-07-08T15:01:20.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute them via the `java()` function, which invokes `subprocess.Popen()` without integrity verification. This vulnerability is identical to CVE-2026-0848, which was fixed for StanfordSegmenter by adding SHA256 verification. However, the fix was not applied to these additional classes, leaving them susceptible to arbitrary code execution when loading untrusted JAR files."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"nltk","product":"nltk/nltk","versions":[{"version":"unspecified","lessThanOrEqual":"latest","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:32:42.979501Z","id":"CVE-2026-12252","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*","versionEndIncluding":"3.9.3","matchCriteriaId":"E3C35863-7D82-4EEF-BDE8-E94C559CF4FB"}]}]}],"references":[{"url":"https://huntr.com/bounties/f5c93982-0cc9-4e2e-bb85-1b6ab29a2efb","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/f5c93982-0cc9-4e2e-bb85-1b6ab29a2efb","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-10656","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-07-05T23:16:52.730","lastModified":"2026-07-08T14:59:33.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The MAX32xxx USB device controller driver (drivers/usb/udc/udc_max32.c, compatible adi_max32_usbhs) dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udc_event_xfer_out_done() called net_buf_add(buf, ep_request->actlen) immediately after buf = udc_buf_get(ep_cfg), where udc_buf_get() returns NULL when the endpoint FIFO is empty. A transfer-completion event is queued from interrupt context and processed asynchronously by the driver thread; between queuing and processing, the endpoint FIFO can be drained by host-controlled control flow — in particular udc_setup_received() drains the EP0 OUT/IN FIFOs whenever a new SETUP packet arrives, and dequeue/disable/purge paths drain it likewise. A USB host that aborts an in-flight EP0 control transfer with a new SETUP packet (legal USB behavior) can therefore cause a stale XFER_OUT_DONE event to be processed against an empty FIFO, producing net_buf_add(NULL, ...), a near-NULL pointer dereference that faults and crashes the device. No authentication is required; the attacker is the USB host the device is connected to (physical bus access). Impact is denial of service (device crash). The defect was introduced when the MAX32 UDC driver was added and shipped in Zephyr v4.4.0. The fix adds NULL-buffer checks that return early with UDC_EVT_ERROR/-ENOBUFS in both the OUT-done and IN-done handlers."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","versions":[{"version":"4.2.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:52:25.573518Z","id":"CVE-2026-10656","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndIncluding":"4.4.0","matchCriteriaId":"2333543A-2859-4C85-906B-FF6DBE95A355"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/a0d8f786559355fb3b38e34799e1ae491ba9545c","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-58p9-6mjq-rf2m","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10657","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-07-05T23:16:52.863","lastModified":"2026-07-08T14:55:01.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zephyr's DNS resolver detects mDNS (.local) queries in dns_resolve_name_internal() (subsys/net/lib/dns/resolve.c) with memcmp(strrchr(query, '.'), \".local\", 7), which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes (e.g. names ending in .org, .com, .net, .io, or a trailing dot), the comparison reads 1-2 bytes past the string's NUL terminator. The hostname (query) is the caller-supplied name passed through the standard getaddrinfo()/dns_get_addr_info()/dns_resolve_name() path and is influenceable by operators or remote inputs (server names from configuration, parsed URLs, or app-facing interfaces). On a tightly-sized buffer with no slack (for example a userspace getaddrinfo call where the hostname is copied with k_usermode_string_alloc_copy to exactly strlen+1 bytes), the over-read crosses the allocation boundary; if that boundary is unmapped (guard page, memory-domain boundary under MPU, or an address sanitizer) the over-read faults, causing a denial of service. The over-read bytes are never returned, so there is no information disclosure. The flaw is compiled only when CONFIG_MDNS_RESOLVER is enabled, exists since v1.10.0, and is fixed by replacing the fixed-length memcmp with a NUL-safe strcmp(ptr, \".local\")."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","versions":[{"version":"1.10.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:51:45.471859Z","id":"CVE-2026-10657","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"1.10.0","versionEndIncluding":"4.4.0","matchCriteriaId":"6E12BDC8-E574-4145-B8B8-F647CC5EB913"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/448a21da12c9ea28f7fd12c6894e03a987b17a27","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-76jh-3j5f-9vq4","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40047","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:35.377","lastModified":"2026-07-08T15:06:53.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component.\n\nThe camel-docling component invokes the external `docling` command-line tool by assembling an argument list in DoclingProducer and executing it through java.lang.ProcessBuilder. Custom CLI arguments supplied through the `CamelDoclingCustomArguments` exchange header (a List<String>) were appended to that argument list with insufficient validation: the original implementation relied on a denylist of disallowed flags and only rejected path values that contained a literal `../` sequence. As a result, a Camel route that forwards externally-influenced data into the `CamelDoclingCustomArguments` header (or into the path-bearing headers used to build the invocation) could cause the producer to pass unrecognized or unintended `docling` CLI flags to the subprocess, and could supply path-like argument values that resolved outside the intended directory through traversal sequences not caught by the literal `../` check. Because Camel itself builds the `docling` invocation from these values, the component is responsible for constraining them, and the weak validation allowed CLI-argument injection and directory traversal in the arguments passed to the external tool. The invocation uses the list-based form of ProcessBuilder, so a shell does not interpret the argument values; OS command injection through shell metacharacters was not possible, and the metacharacter rejection added by the fix is defense-in-depth.\nThis issue affects Apache Camel: from 4.15.0 before 4.18.3.\n\nUsers are recommended to upgrade to a release that contains the CAMEL-23212 fix. On the mainline the fix is included from Apache Camel 4.19.0 (and later releases such as 4.20.0). For users on the 4.18.x LTS releases stream, upgrade to 4.18.3. The fix replaces the denylist with a strict allowlist of recognized `docling` CLI flags (rejecting any unrecognized flag, and rejecting producer-managed flags such as the output-directory flags), defensively rejects shell metacharacters in argument values, and normalizes path-like values with Path.normalize() before validating them so that traversal sequences which bypass a literal `../` check are detected. As defence in depth, route authors should avoid mapping untrusted message content into the `CamelDoclingCustomArguments` header and the path-bearing headers, and should strip Camel-internal headers from messages that arrive from untrusted producers."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-docling","versions":[{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:48:56.576065Z","id":"CVE-2026-40047","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-40047.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46584","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:36.927","lastModified":"2026-07-08T15:06:26.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component.\n\nThe camel-mail producer (MailProducer.getSender) scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present, built a per-message JavaMail sender with those values applied as JavaMail session properties, overriding the endpoint configuration. This namespace is Camel-internal - only MailProducer interprets it - and was not blocked by any HeaderFilterStrategy, so the values could originate from any inbound protocol (for example platform-http query parameters or request headers, or JMS / Kafka messages from untrusted producers) that feeds a route ending in an smtp / smtps producer without an intervening removeHeaders. The maximal impact is version-dependent: on releases before 4.19.0, setting mail.smtp.host redirects the SMTP connection to a server under the attacker's control, and because the producer then authenticates with the endpoint's configured username and password those credentials are transmitted to the attacker; on 4.19.0 and later the producer connects to the endpoint's configured host explicitly, so the reachable impact is limited to weakening transport security (for example mail.smtp.ssl.trust, mail.smtp.starttls.enable or mail.smtp.socks.host) and interception of the outgoing message rather than host redirect. Exploitation requires a route that channels untrusted input into the mail producer without stripping the namespace.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, the per-message override is disabled by default; enable it only on trusted endpoints with useJavaMailSessionPropertiesFromHeaders=true. For deployments that cannot upgrade immediately, strip the namespace before the mail producer with removeHeaders('mail.smtp.*') and removeHeaders('mail.smtps.*') between any untrusted ingress and the smtp / smtps producer. Even with the opt-in enabled, route authors should still strip the namespace on any path that carries untrusted input."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel Mail","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-mail","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"r","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:25:21.574867Z","id":"CVE-2026-46584","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46584.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46585","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.030","lastModified":"2026-07-08T15:06:03.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\n\nThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route's intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader('QUERY') and removeHeader('RETURN_LUCENE_DOCS'), then setHeader('QUERY', constant(...)) at the start of the route)."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel Lucene","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-lucene","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:24:25.722933Z","id":"CVE-2026-46585","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46585.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46590","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.147","lastModified":"2026-07-08T15:05:34.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in Apache Camel PQC component.\n\nThe camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadata back from the configured secret backend by deserializing a Base64-wrapped value with a raw java.io.ObjectInputStream.readObject() and no ObjectInputFilter or class allow-list; the cast to KeyMetadata happens only after readObject() returns, so any readObject() side effects in a crafted object run before the type check. The same unfiltered legacy-migration read also remained in FileBasedKeyLifecycleManager (for the stored KeyPair and KeyMetadata). A principal who can write to the operator-controlled backend that holds these values - the HashiCorp Vault KV path, or the AWS Secrets Manager secret (requiring a Vault token or secretsmanager:PutSecretValue) - could store a crafted serialized object that is deserialized during normal key-lifecycle operations, potentially leading to code execution in the context of the application that manages the keys. This is an incomplete-remediation follow-on to CVE-2026-40048 (CAMEL-23200), which changed FileBasedKeyLifecycleManager to store metadata as JSON / PKCS#8 / X.509 but did not add an ObjectInputFilter, did not cover the Vault and AWS sibling managers, and left FileBasedKeyLifecycleManager's own legacy-migration deserialization unfiltered.\nThis issue affects Apache Camel: from 4.18.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.3. For deployments that cannot upgrade immediately, restrict write access to the key backend so that only the application's own identity can write the camel-pqc secrets (least-privilege HashiCorp Vault policies and secretsmanager:PutSecretValue IAM), and keep the PQC key material in a backend separate from any data that less-trusted principals can write."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-pqc","versions":[{"version":"4.18.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:15:54.431681Z","id":"CVE-2026-46590","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18.0","versionEndExcluding":"4.18.3","matchCriteriaId":"3F672322-AA52-4621-B687-76B5AC9D619F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46590.html","source":"security@apache.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46591","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.263","lastModified":"2026-07-08T15:05:01.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component.\n\nThe camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection through the property values by binding them as query parameters ($paramN), but the property names (the JSON keys of that map) were still concatenated into the query string verbatim in Neo4jProducer.retrieveNodes() and deleteNode(). A property name containing Cypher syntax therefore alters the structure of the executed query. Where a route maps untrusted input into the CamelNeo4jMatchProperties map - for example by passing a request body as the match map, or from a consumer that does not filter inbound Camel* headers - an attacker who controls the JSON key names can inject arbitrary Cypher and read, modify or delete any node or relationship in the Neo4j database. The CamelNeo4jMatchProperties header is itself Camel-prefixed and is filtered by the HTTP header-filter strategy, so a plain HTTP client cannot set it directly; the issue is reachable through routes that deliberately or inadvertently carry untrusted data into that header.\nThis issue affects Apache Camel: from 4.10.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. For deployments that cannot upgrade immediately, do not populate the CamelNeo4jMatchProperties map from untrusted input: validate or allow-list the property names (for example against ^[A-Za-z_][A-Za-z0-9_]*$) before the Neo4j producer, and ensure that any consumer feeding such a route filters inbound Camel* / camel* headers so the match header cannot be supplied by an external sender."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-neo4j","versions":[{"version":"4.10.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:20:49.095923Z","id":"CVE-2026-46591","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10.0","versionEndExcluding":"4.14.8","matchCriteriaId":"CD453DD1-65B8-49D0-BB84-3D585163C326"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46591.html","source":"security@apache.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46592","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.380","lastModified":"2026-07-08T14:54:24.890","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component.\n\nThe camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName (and operationNamespace) Exchange header, whose constant values (CxfConstants.OPERATION_NAME / OPERATION_NAMESPACE) were the plain strings operationName / operationNamespace. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a cxf: producer, any HTTP client could therefore set the operationName header and have CxfProducer resolve and invoke a different WSDL operation than the route intended - for example replacing a read operation with a destructive one - against the backend SOAP service (a confused-deputy redirection). The constant is defined in the shared camel-cxf-common module, so the same non-prefixed names also applied to camel-cxfrs. No credentials are required when the bridging consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, the operation-selection headers are named CamelCxfOperationName / CamelCxfOperationNamespace and are filtered at transport boundaries; see the 4.21 upgrade guide for the cross-transport carrier-header pattern. For deployments that cannot upgrade immediately, do not select the CXF operation from untrusted input: strip the operationName and operationNamespace headers from any untrusted ingress before the cxf: producer and set the operation from a trusted source in the route."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-cxf-soap","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:19:37.827133Z","id":"CVE-2026-46592","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-441"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46592.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46726","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.503","lastModified":"2026-07-08T14:54:13.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Vertx Websocket component.\n\nThe camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header map without applying any HeaderFilterStrategy (VertxWebsocketConsumer.populateExchangeHeaders()). Because nothing blocked the Camel header namespace, a client connecting to the WebSocket endpoint could set Camel-internal control headers - including CamelHttpUri (Exchange.HTTP_URI) - simply by supplying them as query parameters. In a route where the WebSocket consumer feeds a downstream HTTP producer, the injected CamelHttpUri redirects the server-side HTTP request to an attacker-chosen destination (server-side request forgery - for example to an internal service or a cloud metadata endpoint). In addition, the HTTP producer resolves Camel property placeholders on the resulting (attacker-controlled) URI, so placeholders embedded in the injected value - such as an environment-variable reference, an application property, or a vault reference - are resolved to their real values and sent to the attacker, disclosing environment variables, application properties and vault secrets. When the WebSocket endpoint is exposed without authentication, this is reachable by an unauthenticated remote attacker.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix makes the affected consumers apply a HeaderFilterStrategy that filters the Camel header namespace case-insensitively on inbound mapping, so externally-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from the inbound message before they reach any downstream producer (for example removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), require authentication on the WebSocket endpoint, and avoid bridging an untrusted consumer directly into an HTTP producer whose target URI can be driven from message headers."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel Vertx Websocket","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-vertx-websocket","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:18:45.331627Z","id":"CVE-2026-46726","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46726.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49086","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:38.120","lastModified":"2026-07-08T14:53:56.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel DAPR component.\n\nThe camel-dapr Dapr Pub/Sub consumer (DaprPubSubConsumer) copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the CamelDaprPubSubName and CamelDaprTopic Exchange headers. These two headers are producer-direction routing headers: when the route republishes through a Dapr producer, DaprConfigurationOptionsProxy reads them back and prefers them over the destination configured on the endpoint. As a result, in a route that consumes from one Dapr Pub/Sub topic and republishes to another (for example from('dapr-pubsub:p:t').to('dapr-pubsub:p:other')), an actor able to publish a message to the subscribed topic could set the CloudEvent's pub/sub-name and topic to values of their choosing and cause the re-published message to be delivered to an arbitrary Dapr Pub/Sub component and topic instead of the configured destination - redirecting or exfiltrating the message and bypassing the route's intended routing and any topic-level access controls in the underlying broker. Exploitation requires the ability to publish to the topic the route subscribes to; no other authentication or user interaction is needed.\nThis issue affects Apache Camel: from 4.12.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. For deployments that cannot upgrade immediately, remove the CamelDaprPubSubName and CamelDaprTopic headers from the Exchange between the Dapr consumer and any Dapr producer in the route (for example removeHeaders('CamelDaprPubSubName', 'CamelDaprTopic')), and restrict who can publish to the subscribed Dapr Pub/Sub topic so that only trusted producers can send to it."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel Dapr","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-dapr","versions":[{"version":"4.12.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:04:19.786692Z","id":"CVE-2026-49086","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-441"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12.0","versionEndExcluding":"4.14.8","matchCriteriaId":"E11116FE-0265-47C9-BF4E-C129E050E736"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-49086.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46587","sourceIdentifier":"security@apache.org","published":"2026-07-06T11:16:28.677","lastModified":"2026-07-08T14:38:17.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.\n\nUsers are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.14.7","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThanOrEqual":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThanOrEqual":"4.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:39:16.885479Z","id":"CVE-2026-46587","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46587.html","source":"security@apache.org","tags":["Vendor Advisory","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46588","sourceIdentifier":"security@apache.org","published":"2026-07-06T11:16:28.777","lastModified":"2026-07-08T14:38:22.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.\n\nUsers are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.14.7","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThanOrEqual":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThanOrEqual":"4.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:37:28.968816Z","id":"CVE-2026-46588","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46588.html","source":"security@apache.org","tags":["Vendor Advisory","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49042","sourceIdentifier":"security@apache.org","published":"2026-07-06T11:16:29.607","lastModified":"2026-07-08T14:38:10.537","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0.\n\nUsers are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","versions":[{"version":"4.8.0","lessThanOrEqual":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThanOrEqual":"4.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:39:58.115864Z","id":"CVE-2026-49042","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8.0","versionEndExcluding":"4.18.3","matchCriteriaId":"E24A874B-2B0D-4B55-A6E7-4865E7B13ED8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-49042.html","source":"security@apache.org","tags":["Vendor Advisory","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49297","sourceIdentifier":"security@apache.org","published":"2026-07-06T11:16:30.207","lastModified":"2026-07-08T14:53:39.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author — partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Airflow Google provider","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"apache-airflow-providers-google","versions":[{"version":"0","lessThan":"22.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:25:48.763029Z","id":"CVE-2026-49297","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apache-airflow-providers-google:*:*:*:*:*:*:*:*","versionEndExcluding":"22.2.1","matchCriteriaId":"6CAFC50E-13FD-4AFB-8556-D9EE695D5A18"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/67667","source":"security@apache.org","tags":["Exploit","Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/cb5nvoxsj1q7rv878cyqgtg150w0zglq?users@airflow.apache.org","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/04/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9181","sourceIdentifier":"psirt@esri.com","published":"2026-07-06T19:17:09.553","lastModified":"2026-07-08T15:16:32.720","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this issue can allow full administrative access to ArcGIS Server, with high impact to confidentiality, integrity, and availability. This issue impacts all versions of ArcGIS Server on Windows and Linux 12.0 and prior. This issue does not impact ArcGIS Enterprise for Kubernetes."}],"affected":[{"source":"psirt@esri.com","affectedData":[{"vendor":"Esri","product":"ArcGIS Server","defaultStatus":"unaffected","platforms":["Windows","Linux"],"versions":[{"version":"0","lessThanOrEqual":"12.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@esri.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T00:00:00+00:00","id":"CVE-2026-9181","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@esri.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*","versionEndIncluding":"12.0","matchCriteriaId":"C61890F4-51DC-4DC5-8993-4C9D2CA0099A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/may-2026-arcgis-security-bulletin","source":"psirt@esri.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11405","sourceIdentifier":"cret@cert.org","published":"2026-07-06T20:16:29.450","lastModified":"2026-07-08T14:16:54.773","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8.\r\n\r\n- The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key).\r\n- After normal authentication fails, it calls GetValue(\"sys.rzadmin.password\") to read a backdoor password from the device configuration.\r\n- It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password.\r\n\r\nA successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor"}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_AC6V2.0RTL_V15.03.06.51_multi_T","status":"affected"}]},{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_AC5V1.0RTL_V15.03.06.48_multi_TDE01","status":"affected"}]},{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_AC10V1.0re_V15.03.06.46_multi_TDE01","status":"affected"}]},{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE","status":"affected"}]},{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T03:56:43.961536Z","id":"CVE-2026-11405","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://cwe.mitre.org/data/definitions/912.html","source":"cret@cert.org"},{"url":"https://kb.cert.org/vuls/id/213560","source":"cret@cert.org"},{"url":"https://www.kb.cert.org/vuls/id/213560","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-50135","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:56.347","lastModified":"2026-07-08T14:53:04.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made  RootMappingFs.statRoot  use  Stat  (follows symlinks) instead of  Lstat , so a direct  resources.Get  of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount (e.g. a vendored  themes/  theme) read arbitrary files accessible to the Hugo user. Go-module themes from GitHub (symlinks stripped) and directory walks were unaffected. Fixed in 0.162.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gohugoio","product":"hugo","versions":[{"version":">= 0.123.0, < 0.162.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:52:31.351209Z","id":"CVE-2026-50135","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gohugo:hugo:*:*:*:*:*:*:*:*","versionStartIncluding":"0.123.0","versionEndExcluding":"0.161.1","matchCriteriaId":"C293B2BB-CA8A-4ECD-9674-943C0196A0A1"}]}]}],"references":[{"url":"https://github.com/gohugoio/hugo/commit/f8b5fa09a64950c32b803821ede411ebfe772b7a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/gohugoio/hugo/releases/tag/v0.162.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/gohugoio/hugo/security/advisories/GHSA-fw87-fv5r-9fpw","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-13356","sourceIdentifier":"security@mozilla.org","published":"2026-07-07T00:16:34.063","lastModified":"2026-07-08T14:52:38.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox for iOS","versions":[{"version":"152.3","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:26:57.344345Z","id":"CVE-2026-13356","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"152.3","matchCriteriaId":"71042F58-3679-49B6-B19D-B7F7342C4A1B"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2047768","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-65/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14935","sourceIdentifier":"secalert@redhat.com","published":"2026-07-07T16:16:38.010","lastModified":"2026-07-08T15:24:06.060","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:13:21.634704Z","id":"CVE-2026-14935","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-670"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-14935","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2497679","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/98","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5171","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-23697","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T17:16:35.977","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the .phar extension. The uploaded file is stored with its original .phar extension under the web-accessible storage directory, and a misconfigured .htaccess using Apache 2.2 syntax is silently ignored on Apache 2.4 deployments, allowing unauthenticated HTTP requests to directly execute the uploaded PHP payload."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vtiger","product":"Vtiger CRM","defaultStatus":"affected","repo":"https://sourceforge.net/projects/vtigercrm/","versions":[{"version":"0","lessThanOrEqual":"8.3.0","versionType":"semver","status":"affected"},{"version":"8.4.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T17:31:42.988594Z","id":"CVE-2026-23697","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://jivasecurity.com/writeups/vtiger-rce-phar-upload-cve-2026-23697","source":"disclosure@vulncheck.com"},{"url":"https://www.vtiger.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vtiger-crm-authenticated-file-upload-rce-via-documents-module","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-23698","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T17:16:36.123","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents directly into the modules/ directory under the web root without validating file types beyond the manifest.xml descriptor. Attackers can place executable PHP files in the modules/ directory that become directly accessible via HTTP, bypassing Vtiger's authentication and authorization layer entirely since Apache resolves the path and invokes the PHP interpreter before the application routing layer is involved, resulting in a persistent web shell independent of the originating session."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vtiger","product":"Vtiger CRM","defaultStatus":"affected","repo":"https://sourceforge.net/projects/vtigercrm/","versions":[{"version":"0","lessThanOrEqual":"8.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T17:11:14.403153Z","id":"CVE-2026-23698","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://jivasecurity.com/writeups/vtiger-rce-module-import-cve-2026-23698","source":"disclosure@vulncheck.com"},{"url":"https://www.vtiger.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vtiger-crm-authenticated-rce-via-module-import-file-upload","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-46672","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:25.420","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not neutralize standard CSV formula-injection prefixes. Any CLI command that streams an object array containing user-controlled strings, including transactions list, accounts list, payees list, categories list, tags list, category-groups list, rules list, schedules list, and query, can emit cells that auto-evaluate when the resulting CSV is opened in Excel, LibreOffice Calc, or Google Sheets, enabling data exfiltration and arbitrary formula execution. This issue is fixed in version 26.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"actualbudget","product":"actual","versions":[{"version":"< 26.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:59:38.913676Z","id":"CVE-2026-46672","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"references":[{"url":"https://github.com/actualbudget/actual/commit/068185751c03b42e726e3c60b718413d5f96c306","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/pull/7859","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/releases/tag/v26.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-7gh7-258j-4mpq","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-7gh7-258j-4mpq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46700","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:25.560","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any authenticated non-admin BASIC user in OpenID multi-user deployments can probe the secrets store and learn which admin-managed bank-sync integrations have been configured, including simplefin_accessKey, pluggyai_clientSecret, pluggyai_itemIds, and the gocardless secrets. This issue is fixed in version 26.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"actualbudget","product":"actual","versions":[{"version":"< 26.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:43:08.864861Z","id":"CVE-2026-46700","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/actualbudget/actual/commit/3494f78c9459ed9c412e28b500b675ba5eb72d4e","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/pull/7862","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/releases/tag/v26.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-3f62-qv96-4p78","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-3f62-qv96-4p78","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50007","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:25.977","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with user_access on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users, including /delete-user-file, /reset-user-file, and /user-create-key, because requireFileAccess treats ordinary shared access as sufficient for file-management operations that should be restricted to the file owner or an administrator. This issue is fixed in version 26.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"actualbudget","product":"actual","versions":[{"version":"< 26.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:01:55.677484Z","id":"CVE-2026-50007","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/actualbudget/actual/commit/18a8dc03c48eeb2e8252669a80673e6a9933b5fd","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/commit/3b9e79ed5ee795a80bbae214d6ebb2755289d7f2","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/pull/7977","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/pull/8333","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-23vm-ffgg-qvjr","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-23vm-ffgg-qvjr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50529","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.110","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid link token for subsequent share-related API calls even with missing or invalid credentials. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:13:30.348616Z","id":"CVE-2026-50529","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/c4e85a981e53c95b1ea73757db31e3025efdc410","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-7287-qqj9-phr6","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-7287-qqj9-phr6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50530","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.240","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing an attacker with a valid share link token to replace dataset identifiers and retrieve unauthorized data through POST /de2api/chartData/getData. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:54:45.493386Z","id":"CVE-2026-50530","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/c4e85a981e53c95b1ea73757db31e3025efdc410","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-qcf4-345v-6vg9","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-qcf4-345v-6vg9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53729","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.543","lastModified":"2026-07-08T15:16:29.190","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/exportCenter/generateDownloadUri/{id}) for export tasks belonging to other users by manipulating the task ID parameter, and the /exportCenter/download/{id} endpoint is whitelisted from authentication, allowing unauthenticated access to exported files. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:49:52.215818Z","id":"CVE-2026-53729","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/57e90bdcc21c3fa2ec57184671603ad88a5b941b","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-9423-78gr-xjj5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53751","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.857","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous parameters such as init in malicious H2 JDBC connection strings and achieve arbitrary code execution. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:48:50.317866Z","id":"CVE-2026-53751","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/2204258118eac6160a6636ca20dbedb0d3f95747","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-xjhm-r8p8-c2cg","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-xjhm-r8p8-c2cg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55592","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.433","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy origin and can read same-origin browser data, interact with the Dashy DOM, and send requests as the victim. This issue is fixed in version 4.3.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"lissy93","product":"dashy","versions":[{"version":"< 4.3.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:30:25.302873Z","id":"CVE-2026-55592","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/lissy93/dashy/commit/4bc620e21cc8e3466f32b8bc40614b0d0eb5648b","source":"security-advisories@github.com"},{"url":"https://github.com/lissy93/dashy/releases/tag/4.3.7","source":"security-advisories@github.com"},{"url":"https://github.com/lissy93/dashy/security/advisories/GHSA-58mp-4qr3-vmrc","source":"security-advisories@github.com"},{"url":"https://github.com/lissy93/dashy/security/advisories/GHSA-58mp-4qr3-vmrc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55631","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.593","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font storage directory and passes it to FileUtils.deleteFile() without path traversal sanitization, allowing deletion of arbitrary writable files in the application container. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:55:13.912367Z","id":"CVE-2026-55631","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-r99p-w8fc-93g6","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-r99p-w8fc-93g6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55633","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.750","lastModified":"2026-07-08T15:16:29.953","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol to achieve remote code execution. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:45:59.007550Z","id":"CVE-2026-55633","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/265b31179f1427c059f739841f2e39aaa6d1b937","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-8x36-774q-pwqg","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-8x36-774q-pwqg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55647","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:28.060","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable event handlers that execute when another user or shared-link visitor views the dashboard. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:50:15.562603Z","id":"CVE-2026-55647","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/9565812980da781eda04c0a3632bf5dc8b0469f6","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/commit/adab5f1e8954ff91830a3b2f052a42a139d978e1","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-4v63-24fg-pfg7","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-4v63-24fg-pfg7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57172","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:28.223","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs, bypass TokenFilter verification, and access backend resources as the share creator even if the original share has been revoked. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:37:32.958637Z","id":"CVE-2026-57172","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"},{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/356e83b518603f5612104760ced80aae8fc5d675","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-7cpg-f4cj-7pgm","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-7cpg-f4cj-7pgm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58583","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-07T21:17:29.163","lastModified":"2026-07-08T15:01:22.897","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \\Device\\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"FluxInk","product":"Color Management Driver","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"1.0.7.6","versionType":"custom","status":"affected"},{"version":"1.0.7.6","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-07-01T15:52:01.675857Z","id":"CVE-2026-58583","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/b3s3da/TcnPeripheral64_PoC","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-58583","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-54601","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.060","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixed dataset objects and downstream dataset, collection, and training endpoints then make authorization decisions from inconsistent ownership anchors, allowing cross-tenant read, update, and delete access when mixed object ids are known. This issue is fixed in version 4.15.0-beta4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"labring","product":"FastGPT","versions":[{"version":">= 4.14.17, < 4.15.0-beta4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:52:48.582115Z","id":"CVE-2026-54601","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/labring/FastGPT/commit/54a53e7d4399f1dfa2913394442c3cf6de672fb3","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/pull/7071","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/releases/tag/v4.15.0-beta4","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-qxcq-48gr-93pj","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-qxcq-48gr-93pj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54602","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.217","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks, and completions if the requestId is known. This issue is fixed in version 4.15.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"labring","product":"FastGPT","versions":[{"version":"< 4.15.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:45:07.715556Z","id":"CVE-2026-54602","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/labring/FastGPT/commit/60c62b7af8269c826885b541bb56e6e5c424c11a","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-6vx6-f72r-74cg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54607","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.357","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta4, the HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle, whose remote reference resolver fetches $ref URLs without FastGPT's internal-address guard and returns fetched content inline, allowing an authenticated team member to read internal services or cloud metadata. This issue is fixed in version 4.15.0-beta4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"labring","product":"FastGPT","versions":[{"version":"< 4.15.0-beta4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:48:47.765322Z","id":"CVE-2026-54607","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/labring/FastGPT/commit/1d7b8768aecd53ae59372fd68b10af0e80722c79","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/pull/7073","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/releases/tag/v4.15.0-beta4","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-72hf-5382-2mq9","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-72hf-5382-2mq9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55408","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.790","lastModified":"2026-07-08T15:16:29.527","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can craft an EPUB book that, when imported and opened by the victim, instantiates a hidden iframe with Node.js API access and executes arbitrary operating system commands with the victim user's privileges. This issue is fixed in version 2.3.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"koodo-reader","product":"koodo-reader","versions":[{"version":"< 2.3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:07:51.495637Z","id":"CVE-2026-55408","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/koodo-reader/koodo-reader/security/advisories/GHSA-mjr7-w4jq-2rq9","source":"security-advisories@github.com"},{"url":"https://github.com/koodo-reader/koodo-reader/security/advisories/GHSA-mjr7-w4jq-2rq9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58266","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:54.207","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and editor scripts. A malicious imported card package with an embedded iframe can use exposed API methods such as getImageForOcclusion to read arbitrary files accessible to the Anki process and exfiltrate them over the network. This issue is fixed in version 25.09.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ankitects","product":"anki","versions":[{"version":"< 25.09.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:23:23.495354Z","id":"CVE-2026-58266","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/ankitects/anki/commit/b2b68d829e853da51b5de8aad6c13b53e90bc20d","source":"security-advisories@github.com"},{"url":"https://github.com/ankitects/anki/releases/tag/25.09.4","source":"security-advisories@github.com"},{"url":"https://github.com/ankitects/anki/security/advisories/GHSA-cw6h-ffmh-x6vh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59153","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:54.363","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting requests to the local server, with severity varying by browser depending on Private Network Access protections. This issue is fixed in version 25.09.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ankitects","product":"anki","versions":[{"version":"< 25.09.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:49:55.586751Z","id":"CVE-2026-59153","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/ankitects/anki/commit/858e5689d0e4fd24f74856c7e8f245412694a219","source":"security-advisories@github.com"},{"url":"https://github.com/ankitects/anki/releases/tag/25.09.3","source":"security-advisories@github.com"},{"url":"https://github.com/ankitects/anki/security/advisories/GHSA-869j-r97x-hx2g","source":"security-advisories@github.com"},{"url":"https://x.com/taviso/status/2051310678800253318","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59706","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T22:16:54.503","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"mem0","product":"mem0","defaultStatus":"unaffected","packageURL":"pkg:pypi/mem0ai","versions":[{"version":"0","lessThanOrEqual":"a3154d5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:34:02.069552Z","id":"CVE-2026-59706","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/mem0ai/mem0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/issues/6081","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/mem0-server-side-request-forgery-and-plaintext-api-key-exposure-via-unauthenticated-config-endpoints","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/issues/6081","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59705","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T23:16:55.997","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"mem0","product":"mem0","defaultStatus":"unaffected","packageURL":"pkg:pypi/mem0ai","versions":[{"version":"0","lessThan":"a3154d5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:09:22.095370Z","id":"CVE-2026-59705","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/mem0ai/mem0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/issues/6080","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/mem0-openmemory-api-unauthenticated-access-via-memory-endpoints","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/issues/6080","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-14158","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:26.463","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widget_logic_visual_check_visibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action combined with insufficient sanitization of the 'nwlv[cod-tag]' parameter before storage and subsequent use in an eval() call. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"totalbounty","product":"Widget Logic Visual","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.52","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:45:05.011451Z","id":"CVE-2026-14158","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/widget-logic-visual/trunk/ajax.php#L14","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/widget-logic-visual/trunk/ajax.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/widget-logic-visual/trunk/custom.php#L50","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d82e9e2-c572-4911-a6a5-1384844214b0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14482","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:26.840","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an always-empty WordPress option, which allows the endpoint's `update_option` handler to pass attacker-controlled `option` and `value` parameters directly to WordPress's `update_option` function without any allowlist or sanitization. This makes it possible for unauthenticated attackers to update arbitrary WordPress options — such as setting `default_role` to `administrator` and enabling open registration — and subsequently register an account with full administrator privileges."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"shen2","product":"多说社会化评论框","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:57:36.253903Z","id":"CVE-2026-14482","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/LocalServer.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/LocalServer.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/api.php#L40","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/732c7ccd-de50-4e27-8cb9-3bb0ed30f0b4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14487","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:26.980","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The scf_get_id_upload endpoint freely issues a valid scf_upload_file_removal nonce to any unauthenticated visitor, and the removal endpoint's secondary hash check is forgeable offline because it relies on a hardcoded salt embedded in the plugin source, meaning neither control presents a real authorization boundary."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tombgtn","product":"Simple Coherent Form","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.4.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:12:15.352165Z","id":"CVE-2026-14487","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L1387","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L1494","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L1521","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L1544","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L43","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4831e75-dc0e-4d6f-b2cb-8498d8629319?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9842","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:29.097","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the `manage_options` capability to the `backstage_customizer_user` demo role, which is more permissive than necessary for Customizer-only demo access. This makes it possible for unauthenticated attackers to navigate beyond the Customizer and update arbitrary WordPress options such as `default_role`, leading to privilege escalation."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"pixelgrade","product":"Backstage – Customizer Demo Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:00:54.003774Z","id":"CVE-2026-9842","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/backstage/tags/1.4.2/includes/class-Backstage.php#L154","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/backstage/tags/1.4.2/includes/class-Backstage.php#L348","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5bcf1f02-0946-4e96-a81b-00c7c48d64b3?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10570","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:20.720","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symp_arfe_replace_content() function, which uses str_replace() to substitute raw ACF field values (retrieved via get_field()) directly into Elementor-rendered HTML without any escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"idocoh","product":"Sympl Repeater for ACF and Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:40:27.624321Z","id":"CVE-2026-10570","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/acf-repeater-for-elementor/tags/2.3/sympl-repeater-for-acf-and-elementor.php#L179","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-repeater-for-elementor/tags/2.3/sympl-repeater-for-acf-and-elementor.php#L99","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/daa38c2c-9992-400b-acef-dcd37f9c7269?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12041","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:21.853","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"chatra","product":"Chatra Live Chat + ChatBot + Cart Saver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:59:14.619642Z","id":"CVE-2026-12041","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chatra-live-chat/tags/1.0.12/chatra.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatra-live-chat/tags/1.0.12/chatra.php#L61","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/75da660b-04c7-4f15-b49d-2aa320ef5b4b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12097","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:22.000","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify the plugin's export field configuration stored in the uiewp_export_field option, controlling which user fields such as password hashes are included in CSV exports and how columns are mapped during imports."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"saadiqbal","product":"User Management","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:12:51.875969Z","id":"CVE-2026-12097","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/user-management/tags/1.2/includes/model.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-management/tags/1.2/includes/model.php#L729","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-management/tags/1.2/includes/model.php#L853","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-management/tags/1.2/users-imp-exp-wpexperts.php#L22","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f1d0a07-254c-4df9-90a4-966dff014df0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14489","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:22.307","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"globalprogramming","product":"WHMCS Bridge","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:48:00.445998Z","id":"CVE-2026-14489","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/bridge.init.php#L482","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/bridge.init.php#L809","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/bridge.init.php#L852","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/includes/request.class.php#L296","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/includes/request.class.php#L309","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4fe6dcc-93c8-4956-85ae-a1125bc84509?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14495","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:22.443","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because `dologin\\s::rrand()` seeds the Mersenne Twister with `mt_srand((double) microtime() * 1000000)` — discarding the integer-seconds component of `microtime()` and constraining the seed to a range of approximately 10^6 values (~20 bits of entropy) — after which every character of the 32-character magic-link token is drawn sequentially with `mt_rand()`, making the entire token a deterministic function of that seed. Because `Pswdless::try_login()` is registered on the unauthenticated `init` hook, resolves the target account by the auto-increment numeric ID embedded in the `?dologin=<id>.<hash>` parameter, performs the hash comparison using a non-constant-time `!=` operator, and then calls `wp_set_auth_cookie()` directly — never passing through `wp_authenticate()` and therefore never triggering the plugin's own `Auth::_has_login_err()` lockout — an unauthenticated attacker can brute-force the ~10^6-candidate seed space to reconstruct an active passwordless login token and authenticate as any targeted user, including administrators, without a password. Exploitation requires that a valid, unexpired passwordless login link (active for up to 7 days) exists for the target account at the time of the attack, and that the numeric link ID is known or guessable from the auto-increment primary key."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdo5ea","product":"DoLogin Security","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:43:37.967188Z","id":"CVE-2026-14495","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-338"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L86","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/s.cls.php#L240","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16bce371-b524-48eb-8537-3f9df802abd3?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-56437","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-08T06:16:22.733","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"Fuji Electric Co.,Ltd.","product":"Pupsman","versions":[{"version":"prior to 3.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:57:37.716692Z","id":"CVE-2026-56437","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN62347140/","source":"vultures@jpcert.or.jp"},{"url":"https://www.fujielectric.co.jp/products/power_supply/ups/product_detail/software_pupsman.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-57895","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-08T06:16:22.900","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege"}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"Fuji Electric Co.,Ltd.","product":"Pupsman","versions":[{"version":"prior to 3.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:56:32.270683Z","id":"CVE-2026-57895","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN62347140/","source":"vultures@jpcert.or.jp"},{"url":"https://www.fujielectric.co.jp/products/power_supply/ups/product_detail/software_pupsman.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-9700","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:23.043","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"joe007","product":"Eventer","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:58:39.229719Z","id":"CVE-2026-9700","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3b0a3a-ce4b-40fd-9519-a81e315cee42?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9731","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:23.217","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the plugin_settings function. This makes it possible for unauthenticated attackers to update the plugin's notification text and CSS settings (wp_non_js_notification_text and wp_non_js_notification_css), injecting arbitrary content that is echoed unescaped on the frontend via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpkuf","product":"Wp Js Detect","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:13:12.998854Z","id":"CVE-2026-9731","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-js-detect/trunk/wp-js-detect.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-js-detect/trunk/wp-js-detect.php#L192","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-js-detect/trunk/wp-js-detect.php#L193","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-js-detect/trunk/wp-js-detect.php#L250","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afca7b14-f3bb-4612-b81c-bde120b380ba?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12378","sourceIdentifier":"contact@wpscan.com","published":"2026-07-08T07:16:46.550","lastModified":"2026-07-08T14:56:35.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Appointment Booking Calendar Plugin and Scheduling Plugin  WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this can be leveraged to achieve remote code execution."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Appointment Booking Calendar Plugin and Scheduling Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.1.28","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T10:03:52.140888Z","id":"CVE-2026-12378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/eb3abb88-43c3-42a8-a8a8-2ad67d37e020/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-9695","sourceIdentifier":"3DS.Information-Security@3ds.com","published":"2026-07-08T07:16:46.870","lastModified":"2026-07-08T15:30:04.497","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server."}],"affected":[{"source":"3DS.Information-Security@3ds.com","affectedData":[{"vendor":"Dassault Systèmes","product":"DELMIA Apriso","defaultStatus":"unaffected","versions":[{"version":"Release 2020 Golden","lessThanOrEqual":"Release 2020 SP4","versionType":"custom","status":"affected"},{"version":"Release 2021 Golden","lessThanOrEqual":"Release 2021 SP3","versionType":"custom","status":"affected"},{"version":"Release 2022 Golden","lessThanOrEqual":"Release 2022 SP4","versionType":"custom","status":"affected"},{"version":"Release 2023 Golden","lessThanOrEqual":"Release 2023 SP3","versionType":"custom","status":"affected"},{"version":"Release 2024 Golden","lessThanOrEqual":"Release 2024 SP2","versionType":"custom","status":"affected"},{"version":"Release 2025 Golden","lessThanOrEqual":"Release 2025 SP1","versionType":"custom","status":"affected"},{"version":"Release 2026 Golden","lessThanOrEqual":"Release 2026 SP1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:46:02.952002Z","id":"CVE-2026-9695","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://www.3ds.com/trust-center/security/security-advisories/cve-2026-9695","source":"3DS.Information-Security@3ds.com"}]}},{"cve":{"id":"CVE-2026-6280","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-08T09:16:34.403","lastModified":"2026-07-08T14:57:28.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"NOMYSOFT Informatics Education and Consulting Inc.","product":"Nomysem","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"08072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:09:17.803895Z","id":"CVE-2026-6280","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-213"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0516","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-12936","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:19.923","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"devitemsllc","product":"Recurio – Ultimate Subscription for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:14:18.151346Z","id":"CVE-2026-12936","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/recurio/tags/1.1.2/includes/core/class-subscription-engine.php#L1095","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/recurio/tags/1.1.2/includes/core/class-subscription-engine.php#L301","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3593971%40recurio&new=3593971%40recurio","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b34ad23-246e-42ba-89de-5985043848be?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14250","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:20.200","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handle_frontend_register() function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and validating it only against get_editable_roles() — which returns every defined editable site role, including 'editor' — before passing it to wp_insert_user(). This makes it possible for unauthenticated attackers, when public user registration is enabled, to create new accounts with the editor role."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themehunk","product":"TH Login Registration","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:37:59.763190Z","id":"CVE-2026-14250","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L243","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L782","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L811","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L82","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3592690%40themehunk-login-registration&new=3592690%40themehunk-login-registration","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8eee3809-133e-4fd9-ad49-cc6fe3822457?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6230","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:20.660","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tainacan","product":"Tainacan","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:59:54.333220Z","id":"CVE-2026-6230","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/tainacan/tainacan/commit/579d28d7752b27ed3407f5197abb6349b3efc3c9","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/241d9cd3-9331-49b2-8083-dc646070488e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6371","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-08T12:17:20.780","lastModified":"2026-07-08T14:57:28.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS.\n\nThis issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Limatek System Inc.","product":"LimRAD NAC","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"08072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:23:51.555520Z","id":"CVE-2026-6371","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0517","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-6742","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:20.893","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"mdempfle","product":"Advanced iFrame","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2026.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:21:32.811076Z","id":"CVE-2026-6742","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3558422/advanced-iframe","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9c4ca8-e5cd-4c4f-8d81-b06367c89fd7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6854","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:21.137","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'mc_auth' parameter in all versions up to, and including, 3.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"joedolson","product":"My Calendar – Accessible Event Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.7.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:11:40.613858Z","id":"CVE-2026-6854","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3515996/my-calendar","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa1ed81c-04cb-4ccd-8c30-b1d943730909?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12002","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:28.380","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.11.1. This is due to missing or incorrect nonce validation on the maybe_connection_data function. This makes it possible for unauthenticated attackers to overwrite the site's Instagram and Facebook oEmbed access tokens via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"smub","product":"Smash Balloon Social Photo Feed – Easy Social Feeds Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.11.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:02:53.626151Z","id":"CVE-2026-12002","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3575933/instagram-feed/trunk/admin/SBI_oEmbeds.php?old=3289310&old_path=instagram-feed%2Ftrunk%2Fadmin%2FSBI_oEmbeds.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abe6366a-3729-474f-8920-b5ed2eeab906?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-5459","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:56.887","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.1 via the payment_page() function due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to activate a free subscription pack for any user on the site, overwriting their existing paid subscription and causing loss of paid features."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wedevs","product":"User Frontend: AI Powered Frontend Posting, User Directory, Profile Builder, Membership & User Registration","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:00:40.858181Z","id":"CVE-2026-5459","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3514258/wp-user-frontend","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a02d9a01-1104-4935-8074-af4367c66278?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6459","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:57.380","lastModified":"2026-07-08T15:16:32.627","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on event titles sourced from The Events Calendar. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdevteam","product":"Essential Addons for Elementor – Popular Elementor Templates & Widgets","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.6.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:11:15.978399Z","id":"CVE-2026-6459","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3519453/essential-addons-for-elementor-lite","source":"security@wordfence.com"},{"url":"https://research.cleantalk.org/cve-2026-6459","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3214a5-7044-4005-a200-c969d4487be2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6820","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:57.780","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"e4jvikwp","product":"VikBooking Hotel Booking Engine & PMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.8.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:10:17.505580Z","id":"CVE-2026-6820","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/vikbooking/tags/1.8.9/admin/controller.php#L11208","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/vikbooking/tags/1.8.9/site/controller.php#L307","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b4586a-f87d-4a51-8f4e-932d7254518e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15034","sourceIdentifier":"cna@vuldb.com","published":"2026-07-08T14:16:56.460","lastModified":"2026-07-08T15:16:25.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"flask-dashboard","product":"Flask-MonitoringDashboard","cpes":["cpe:2.3:a:flask-dashboard:flask-monitoringdashboard:*:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.0","status":"affected"},{"version":"5.0.1","status":"affected"},{"version":"5.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:21:09.096912Z","id":"CVE-2026-15034","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/flask-dashboard/Flask-MonitoringDashboard/","source":"cna@vuldb.com"},{"url":"https://github.com/flask-dashboard/Flask-MonitoringDashboard/issues/557","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15034","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850877","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850878","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850879","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850880","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376785","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376785/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-54061","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T14:17:06.520","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port `:9080` without authentication or authorization. As a result, an unauthenticated network client can open `StreamExtSnapshot` and send Badger stream data to the target group’s store. In addition, the receiver calls `Prepare()` before processing the stream. This operation deletes and replaces the existing DB data. Version 25.3.5 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dgraph-io","product":"dgraph","versions":[{"version":"< 25.3.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:26:08.694479Z","id":"CVE-2026-54061","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/dgraph-io/dgraph/releases/tag/v25.3.5","source":"security-advisories@github.com"},{"url":"https://github.com/dgraph-io/dgraph/security/advisories/GHSA-rrwh-6jrq-wp5v","source":"security-advisories@github.com"},{"url":"https://github.com/dgraph-io/dgraph/security/advisories/GHSA-rrwh-6jrq-wp5v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56217","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.107","lastModified":"2026-07-08T15:16:30.547","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a policy bypass vulnerability in app_versions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the app_versions table via PostgREST to clear session_key and key_id fields, bypassing organization-enforced encrypted-bundle policies and weakening OTA security controls."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:28:32.016164Z","id":"CVE-2026-56217","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-4qwf-mrgx-mvfx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-encrypted-bundle-policy-bypass-via-direct-postgrest-update","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-4qwf-mrgx-mvfx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56246","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.543","lastModified":"2026-07-08T15:16:30.667","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key (limited_to_orgs) inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mode API key restricted to one organization, that key can still perform destructive operations (e.g., DELETE /organization, DELETE /organization/members) against another organization. The root cause is route-level authorization (rbac_check_permission_direct) that evaluates the key owner's user privileges before enforcing the API key's limited_to_orgs scope."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:23:42.457115Z","id":"CVE-2026-56246","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ccm4-hf72-p28m","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-organization-authorization-bypass-via-scoped-api-key-privilege-inheritance","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ccm4-hf72-p28m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56250","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.673","lastModified":"2026-07-08T15:16:30.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable app_versions.r2_path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2_path to point to victim objects, soft-delete the attacker-controlled version, and trigger the on_version_update cleanup function to delete the victim R2 object, causing denial of service and bundle availability disruption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:23:06.122727Z","id":"CVE-2026-56250","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-pw8p-5jg6-cxj3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-arbitrary-r2-object-deletion-via-mutable-r2-path-in-app-versions","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-pw8p-5jg6-cxj3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56283","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.970","lastModified":"2026-07-08T15:16:30.887","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and reputational damage."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:27:33.680973Z","id":"CVE-2026-56283","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vhvc-gxfh-m85g","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-html-injection-leading-to-open-redirection-in-organization-settings","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vhvc-gxfh-m85g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56298","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:16.493","lastModified":"2026-07-08T15:16:31.110","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:30:45.448910Z","id":"CVE-2026-56298","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-62jm-xp28-x4xw","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-exif-metadata-exposure-in-app-information-image-upload","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-58480","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:19.977","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the save_attachments function exposed through the Advanced Reviews feature. Attackers can exploit the Custom Fonts extension's flawed strpos() substring check by uploading double-extension filenames such as shell.woff2.php, causing the validation to pass on the substring match while the web server executes the file as PHP, achieving remote code execution."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Creative Themes","product":"Blocksy Companion","defaultStatus":"affected","repo":"https://wordpress.org/plugins/blocksy-companion/","versions":[{"version":"0","lessThanOrEqual":"2.1.46","versionType":"semver","status":"affected"},{"version":"2.1.47","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:42:42.783542Z","id":"CVE-2026-58480","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/blocksy-companion/vulnerability/wordpress-blocksy-companion-plugin-2-1-46-unauthenticated-arbitrary-file-upload-vulnerability","source":"disclosure@vulncheck.com"},{"url":"https://wordpress.org/plugins/blocksy-companion/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/blocksy-companion-pro-unauthenticated-file-upload-via-save-attachments","source":"disclosure@vulncheck.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/blocksy-companion/blocksy-companion-2146-unauthenticated-arbitrary-file-upload-via-blc-review-images-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-58657","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:20.440","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection vulnerability in the Markdown image resize() media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute() fallbacks, but the resize() action in Excerpts::processMediaActions() writes caller-controlled values directly into the image's styleAttributes. A lower-privileged content editor who can edit page Markdown can store a crafted image URL with semicolon-delimited CSS declarations in the resize parameters, which are rendered into the final <img style=...> attribute when a higher-privileged reviewer/admin views the page or preview. This does not require JavaScript execution but enables UI redress/overlay and content-manipulation attacks (e.g., a full-viewport fixed overlay). Fixed in 2.0.0."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Grav","product":"Grav","defaultStatus":"unaffected","versions":[{"version":"2.0.0-rc.9","lessThan":"2.0.0","versionType":"semver","status":"affected"},{"version":"2.0.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:21:29.168366Z","id":"CVE-2026-58657","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/getgrav/grav/commit/6582166173bb8eb5869d96aea384e0e73777c94c","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/commit/e03d29aa0d3ece16d73c1ffccfa78df8bf5f28b8","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-ffmg-hfvg-jhg9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-stored-css-injection-via-markdown-image-resize-action","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-ffmg-hfvg-jhg9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}]}