{"resultsPerPage":390,"startIndex":0,"totalResults":390,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-12T10:55:51.454","vulnerabilities":[{"cve":{"id":"CVE-2022-35493","sourceIdentifier":"cve@mitre.org","published":"2022-08-08T15:15:08.853","lastModified":"2026-07-08T17:17:18.190","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter."},{"lang":"es","value":"Una vulnerabilidad de tipo Cross-site scripting (XSS) en el parse de la búsqueda json y la respuesta json en wrteam.in, eShop - Multipurpose Ecommerce Store Website versión 3.0.4, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro get_products?search"}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:03:48.218662Z","id":"CVE-2022-35493","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wrteam:eshop_-_ecommerce_\\/_store_website:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.4","matchCriteriaId":"9B57D0FE-EC6A-41AF-B341-44130CB1DC48"}]}]}],"references":[{"url":"https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/Keyvanhardani/Exploit-eShop-Multipurpose-Ecommerce-Store-Website-3.0.4-Cross-Site-Scripting-XSS/blob/main/README.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2023-42789","sourceIdentifier":"psirt@fortinet.com","published":"2024-03-12T15:15:46.107","lastModified":"2026-07-08T13:16:23.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests."},{"lang":"es","value":"Una escritura fuera de límites en Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13 permite a un atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP especialmente manipuladas."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThanOrEqual":"2.0.13","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSASE","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisase:23.2.b:*:*:*:*:*:*:*"],"versions":[{"version":"23.2.b","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.1","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"},{"version":"6.2.0","lessThanOrEqual":"6.2.15","versionType":"semver","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortios","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.1","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"},{"version":"6.2.0","lessThanOrEqual":"6.2.15","versionType":"semver","status":"affected"}]},{"vendor":"fortinet","product":"fortipam","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*"],"versions":[{"version":"1.1.0","lessThanOrEqual":"1.1.2","versionType":"semver","status":"affected"},{"version":"1.0.0","lessThanOrEqual":"1.0.3","versionType":"semver","status":"affected"}]},{"vendor":"fortinet","product":"fortiproxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThanOrEqual":"2.0.13","versionType":"semver","status":"affected"}]},{"vendor":"fortinet","product":"fortiproxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-15T16:38:32.476430Z","id":"CVE-2023-42789","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.13","matchCriteriaId":"10E4FB93-7111-4F2A-8D5A-F276261D0E67"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.12","matchCriteriaId":"E5E2C1A7-AF13-4DBB-8EB4-49BE54EDABAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.6","matchCriteriaId":"3F8AA932-A965-4345-8151-9CACDEE114F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9010968B-B839-4B7C-BFB5-6BD9CBCEC166"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.15","matchCriteriaId":"7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndIncluding":"6.4.14","matchCriteriaId":"A2B52E22-C64D-4142-885E-6C44FA670574"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.12","matchCriteriaId":"BA582D59-C740-4AE7-83CA-C09A1D0EDA88"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.5","matchCriteriaId":"A6E44123-995C-4E08-84B5-FF8C76B67B29"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"61540F5B-080A-4D44-8BE0-75D7A0DCCB53"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"17FE168A-0EA4-467C-91D2-87EB6D83917A"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-328","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-23-328","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-42790","sourceIdentifier":"psirt@fortinet.com","published":"2024-03-12T15:15:46.293","lastModified":"2026-07-08T13:16:24.283","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests."},{"lang":"es","value":"Un desbordamiento de búfer en la región stack de la memoria  en Fortinet FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, 6.2.0 a 6.2.15, FortiProxy 7.4.0, 7.2.0 a 7.2.6, 7.0.0 a 7.0.12, 2.0.0 a 2.0.13 permiten al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP especialmente manipuladas."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThanOrEqual":"2.0.13","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.1","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"},{"version":"6.2.0","lessThanOrEqual":"6.2.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-16T04:00:43.736004Z","id":"CVE-2023-42790","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.13","matchCriteriaId":"10E4FB93-7111-4F2A-8D5A-F276261D0E67"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.12","matchCriteriaId":"E5E2C1A7-AF13-4DBB-8EB4-49BE54EDABAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.6","matchCriteriaId":"3F8AA932-A965-4345-8151-9CACDEE114F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9010968B-B839-4B7C-BFB5-6BD9CBCEC166"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndIncluding":"6.2.15","matchCriteriaId":"7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndIncluding":"6.4.14","matchCriteriaId":"A2B52E22-C64D-4142-885E-6C44FA670574"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.12","matchCriteriaId":"BA582D59-C740-4AE7-83CA-C09A1D0EDA88"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndIncluding":"7.2.5","matchCriteriaId":"A6E44123-995C-4E08-84B5-FF8C76B67B29"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndIncluding":"7.4.1","matchCriteriaId":"2E2A5347-D536-4D43-A163-5B5A3AFE742C"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-23-328","source":"psirt@fortinet.com"},{"url":"https://fortiguard.com/psirt/FG-IR-23-328","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2024-23667","sourceIdentifier":"psirt@fortinet.com","published":"2024-06-03T10:15:13.100","lastModified":"2026-07-08T14:16:50.133","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."},{"lang":"es","value":"Una autorización inadecuada en Fortinet FortiWebManager versión 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP o CLI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiWebManager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"6.3.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.2.3:*:*:*:*:*:*:*"],"versions":[{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-03T16:49:28.332661Z","id":"CVE-2024-23667","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.5","matchCriteriaId":"C00F44FF-9533-4354-9060-A74E8F43E747"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"403F07C3-8D48-4403-B9EE-0076F8639CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A921BEEB-D912-471E-8176-8804F5CD5118"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C7475A8-52EB-413E-A196-6F43137B545F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-23668","sourceIdentifier":"psirt@fortinet.com","published":"2024-06-03T10:15:13.320","lastModified":"2026-07-08T14:16:50.493","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."},{"lang":"es","value":"Una autorización inadecuada en Fortinet FortiWebManager versión 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP o CLI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiWebManager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"6.3.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.2.3:*:*:*:*:*:*:*"],"versions":[{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-03T16:42:57.390397Z","id":"CVE-2024-23668","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.5","matchCriteriaId":"C00F44FF-9533-4354-9060-A74E8F43E747"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"403F07C3-8D48-4403-B9EE-0076F8639CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A921BEEB-D912-471E-8176-8804F5CD5118"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C7475A8-52EB-413E-A196-6F43137B545F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-23670","sourceIdentifier":"psirt@fortinet.com","published":"2024-06-03T10:15:13.523","lastModified":"2026-07-08T14:16:51.287","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."},{"lang":"es","value":"Una autorización inadecuada en Fortinet FortiWebManager versión 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP o CLI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiWebManager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"6.3.0","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.2.3:*:*:*:*:*:*:*"],"versions":[{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"custom","status":"affected"}]},{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unknown","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-03T16:51:43.637231Z","id":"CVE-2024-23670","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.5","matchCriteriaId":"C00F44FF-9533-4354-9060-A74E8F43E747"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"403F07C3-8D48-4403-B9EE-0076F8639CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A921BEEB-D912-471E-8176-8804F5CD5118"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C7475A8-52EB-413E-A196-6F43137B545F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-23669","sourceIdentifier":"psirt@fortinet.com","published":"2024-06-05T08:15:09.537","lastModified":"2026-07-08T14:16:50.870","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebManager 6.3.0, FortiWebManager 6.2.3 through 6.2.4, FortiWebManager 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI."},{"lang":"es","value":"Una autorización inadecuada en Fortinet FortiWebManager versión 7.2.0 y 7.0.0 hasta 7.0.4 y 6.3.0 y 6.2.3 hasta 6.2.4 y 6.0.2 permite al atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP o CLI."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiWebManager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"fortinet","product":"fortiweb_manager","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiweb_manager:*:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.3.0","status":"affected"},{"version":"6.2.3","lessThanOrEqual":"6.2.4","versionType":"semver","status":"affected"},{"version":"6.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-06-05T14:06:39.473309Z","id":"CVE-2024-23669","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.2.5","matchCriteriaId":"C00F44FF-9533-4354-9060-A74E8F43E747"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"403F07C3-8D48-4403-B9EE-0076F8639CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6AB742D6-5B08-4FF7-A366-F4CE1E91C9A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:6.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A921BEEB-D912-471E-8176-8804F5CD5118"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiwebmanager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1C7475A8-52EB-413E-A196-6F43137B545F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-33503","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:29.517","lastModified":"2026-07-08T14:16:51.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper privilege management vulnerability in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalation of privilege via specific shell commands"},{"lang":"es","value":"Una gestión de privilegios incorrecta en Fortinet FortiManager versión 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiAnalyzer versión 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14 permite a los atacantes escalar privilegios a través de comandos de shell específicos."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiManager Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.1","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.1","lessThanOrEqual":"7.0.13","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-14T15:16:33.256242Z","id":"CVE-2024-33503","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"E6F162A7-0D01-43E0-99D8-D7B87B080853"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.2.7","matchCriteriaId":"38BFF3B9-3927-4B15-A573-4EDB20362841"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.3","matchCriteriaId":"40C3665B-3E49-4D0C-B924-266D49F1E510"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"71CC4AA3-04CC-49CA-A012-E28C4D1F11DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3AE9CAFD-5D5B-4799-8690-624225963595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndExcluding":"7.2.7","matchCriteriaId":"75DA0ED6-C606-4763-A7B0-575F8061237A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-127","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-35276","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:29.973","lastModified":"2026-07-08T14:16:52.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0.0 through 7.0.12, FortiAnalyzer 6.4.0 through 6.4.14, FortiAnalyzer Cloud 7.4.1 through 7.4.3, FortiAnalyzer Cloud 7.2.1 through 7.2.5, FortiAnalyzer Cloud 7.0.1 through 7.0.11, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager Cloud 7.4.1 through 7.4.3, FortiManager Cloud 7.2.1 through 7.2.5, FortiManager Cloud 7.0.1 through 7.0.11, FortiManager Cloud 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted packets."},{"lang":"es","value":"Un desbordamiento de búfer basado en pila en Fortinet FortiAnalyzer versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiManager versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.12, 6.4.0 a 6.4.14, FortiManager Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 a 7.0.11, 6.4.1 a 6.4.7, FortiAnalyzer Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 ...2, 6.4.0 a 6.4.14, FortiManager Cloud versiones 7.4.1 a 7.4.3, 7.2.1 a 7.2.5, 7.0.1 a 7.0.12, 7.0.11, 6.4.1 a 6.4.7 permite a los atacantes ejecutar código o comandos no autorizados a través de paquetes especialmente manipulados."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:6.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.1","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.1","lessThanOrEqual":"7.0.11","versionType":"semver","status":"affected"},{"version":"6.4.1","lessThanOrEqual":"6.4.7","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortianalyzercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.1","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.1","lessThanOrEqual":"7.0.11","versionType":"semver","status":"affected"},{"version":"6.4.1","lessThanOrEqual":"6.4.7","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.14","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-14T15:15:20.448933Z","id":"CVE-2024-35276","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.15","matchCriteriaId":"34F71CF0-4C81-4261-BDA8-30287969D137"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.13","matchCriteriaId":"BFAF2532-DF9C-458E-B69B-59C29507F775"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.6","matchCriteriaId":"6FCEF6EE-A923-4DCE-A225-C6D1FB0123E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"E6F162A7-0D01-43E0-99D8-D7B87B080853"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.0.12","matchCriteriaId":"DD54E27E-172A-4F2D-A09A-862C4B5F4957"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.1","versionEndExcluding":"7.2.6","matchCriteriaId":"F8614C7F-FC4D-4686-9E7A-071830318813"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"6EA0888C-2D95-46ED-9BA9-F99072C02FE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.15","matchCriteriaId":"D2AD66B0-9C99-4F83-80AA-B54E6354ADFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.13","matchCriteriaId":"37456E27-0EE2-4AF8-B92F-A5284FEC0409"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.6","matchCriteriaId":"605795FE-4D3E-48D4-B2E6-AED4C79B405F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3AE9CAFD-5D5B-4799-8690-624225963595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.0.12","matchCriteriaId":"CDAE920D-C7A3-47B2-A737-1ECB2C9AFBEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.1","versionEndExcluding":"7.2.6","matchCriteriaId":"482363A8-9BE6-46F1-8795-6268F6B84FDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-165","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-48884","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:32.873","lastModified":"2026-07-08T14:16:53.563","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder"},{"lang":"es","value":"Una limitación incorrecta de una ruta de acceso a un directorio restringido ('Path Traversal') en Fortinet FortiManager versiones 7.6.0 a 7.6.1, 7.4.1 a 7.4.3, FortiOS versiones 7.6.0, 7.4.0 a 7.4.4, 7.2.5 a 7.2.9, 7.0.0 a 7.0.15, 6.4.0 a 6.4.15, FortiProxy 7.4.0 a 7.4.5, 7.2.0 a 7.2.11, 7.0.0 a 7.0.18, 2.0.0 a 2.0.14, 1.2.0 a 1.2.13, 1.1.0 a 1.1.6, 1.0.0 a 1.0.7, FortiManager Cloud versiones 7.4.1 hasta 7.4.3, FortiRecorder versiones 7.2.0 hasta 7.2.1, 7.0.0 hasta 7.0.4, FortiVoice versiones 7.0.0 hasta 7.0.4, 6.4.0 hasta 6.4.9, 6.0.0 hasta 6.0.12, FortiWeb 7.6.0, 7.4.0 hasta 7.4.4, 7.2.0 hasta 7.2.10, 7.0.0 hasta 7.0.10, 6.4.0 hasta 6.4.3 permite al atacante activar una escalada de privilegios a través de paquetes especialmente manipulados."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.1","versionType":"semver","status":"affected"},{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.11","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.18","versionType":"semver","status":"affected"},{"version":"2.0.0","lessThanOrEqual":"2.0.14","versionType":"semver","status":"affected"},{"version":"1.2.0","lessThanOrEqual":"1.2.13","versionType":"semver","status":"affected"},{"version":"1.1.0","lessThanOrEqual":"1.1.6","versionType":"semver","status":"affected"},{"version":"1.0.0","lessThanOrEqual":"1.0.7","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.4","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.9","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.15","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.15","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortimanagercloud:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortimanagercloud:7.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-14T15:17:58.698254Z","id":"CVE-2024-48884","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"7269FDB6-A1D4-4912-8751-87BA52614FDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"241A8930-4ADA-4380-AA42-F10B28487595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"7.0.19","matchCriteriaId":"32CFAF1E-358A-4F6D-96CB-D7229F0D9D74"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.12","matchCriteriaId":"C8B93C73-1E94-4854-8405-C3689860A74C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.6","matchCriteriaId":"5B276403-CE85-445A-9E5D-BBFBD7AB7A68"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"CD60BA50-3F98-46BF-97E8-28AB207DE12A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.2","matchCriteriaId":"C0B0D078-2F52-46B4-B9C0-162447828E1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.4.10","matchCriteriaId":"BBF1E214-4BC5-47E8-BF02-072D6D830BAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.5","matchCriteriaId":"5EEE0DFA-DE31-4D26-AC98-6BCED8F008DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.5","matchCriteriaId":"CDB9CE13-AAF4-418C-BA26-1A0D53C5C1C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"28B43375-DA74-4C5F-BAEE-39F312EEF51F"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.16","matchCriteriaId":"B481963F-0415-42C8-BB38-C1A8BDF4B9F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.16","matchCriteriaId":"3EAE013D-7AE4-4C7A-81A0-296FE00F12CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.10","matchCriteriaId":"4D7D031B-221B-4738-AC83-4FB92A106528"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.5","matchCriteriaId":"A71AD879-997D-4787-A1E9-E4132AC521E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"44CE8EE3-D64A-49C8-87D7-C18B302F864A"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-259","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-55591","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-14T14:15:34.450","lastModified":"2026-07-08T14:16:53.953","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module."},{"lang":"es","value":"Una vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo [CWE-288] que afecta a FortiOS versión 7.0.0 a 7.0.16 y FortiProxy versión 7.0.0 a 7.0.19 y 7.2.0 a 7.2.12 permite que un atacante remoto obtenga privilegios de superadministrador mediante solicitudes manipuladas al módulo websocket Node.js."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","lessThanOrEqual":"7.2.12","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-23T04:55:44.336664Z","id":"CVE-2024-55591","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2025-01-14","cisaActionDue":"2025-01-21","cisaRequiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability","weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.20","matchCriteriaId":"1B14CD59-F557-48A0-8458-BECD3AD7DB3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.13","matchCriteriaId":"EDC18768-0891-465E-9900-3DF5D22A5CB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.17","matchCriteriaId":"BD357034-B2FD-4C2E-97FE-2C54D686D885"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535","source":"psirt@fortinet.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-55591","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2024-45331","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-16T09:15:06.500","lastModified":"2026-07-08T14:16:53.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.2, FortiAnalyzer Cloud 7.2.1 through 7.2.6, FortiAnalyzer Cloud 7.0 all versions, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.4.0 through 7.4.3, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions allows attacker to escalate privilege via specific shell commands"},{"lang":"es","value":"Una asignación de privilegios incorrecta en las versiones 7.4.0 a 7.4.3, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.15 de Fortinet FortiAnalyzer, las versiones 7.4.0 a 7.4.2, 7.2.0 a 7.2.5, 7.0.0 a 7.0.13, 6.4.0 a 6.4.15 de FortiManager, las versiones 7.4.1 a 7.4.2, 7.2.1 a 7.2.6, 7.0.1 a 7.0.13, 6.4.1 a 6.4.7 de FortiAnalyzer Cloud permite a un atacante escalar privilegios a través de comandos de shell específicos"}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiAnalyzer Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortianalyzercloud:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortianalyzercloud:6.4.1:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.1","lessThanOrEqual":"7.4.2","versionType":"semver","status":"affected"},{"version":"7.2.1","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.1","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"},{"version":"6.4.1","lessThanOrEqual":"6.4.7","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiManager","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.2","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.15","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAnalyzer","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.3","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-16T14:17:17.440183Z","id":"CVE-2024-45331","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"F07BE2AB-5F28-4773-B9C3-1D76EA1C2D06"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"E6F162A7-0D01-43E0-99D8-D7B87B080853"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.1","versionEndExcluding":"7.2.7","matchCriteriaId":"38BFF3B9-3927-4B15-A573-4EDB20362841"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.3","matchCriteriaId":"40C3665B-3E49-4D0C-B924-266D49F1E510"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.2.6","matchCriteriaId":"71CC4AA3-04CC-49CA-A012-E28C4D1F11DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3AE9CAFD-5D5B-4799-8690-624225963595"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1","versionEndExcluding":"7.2.7","matchCriteriaId":"75DA0ED6-C606-4763-A7B0-575F8061237A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.1","versionEndExcluding":"7.4.4","matchCriteriaId":"164DEDC3-B1C0-42AC-9ADB-CE03CF6A71CC"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-127","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2024-48885","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-16T09:15:06.737","lastModified":"2026-07-08T14:16:53.783","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiVoice 7.0.0 through 7.0.4, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions, FortiWeb 7.6.0, FortiWeb 7.4.0 through 7.4.4, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions, FortiWeb 6.4 all versions allows attacker to escalate privilege via specially crafted packets."},{"lang":"es","value":" Una limitación incorrecta de una ruta de acceso a un directorio restringido (\"path traversal\") en Fortinet FortiRecorder versiones 7.2.0 a 7.2.1, 7.0.0 a 7.0.4, FortiWeb versiones 7.6.0, 7.4.0 a 7.4.4, 7.2.0 a 7.2.10, 7.0.0 a 7.0.10, 6.4.0 a 6.4.3, FortiVoice versiones 7.0.0 a 7.0.4, 6.4.0 a 6.4.9, 6.0.0 a 6.0.12 permite a un atacante escalar privilegios a través de paquetes especialmente manipulados."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiVoice","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortivoice:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.9","versionType":"semver","status":"affected"},{"version":"6.0.0","lessThanOrEqual":"6.0.12","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiRecorder","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortirecorder:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortirecorder:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","lessThanOrEqual":"7.2.1","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.4","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiWeb","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:6.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:6.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.4","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.12","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.12","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-01-16T14:15:57.157206Z","id":"CVE-2024-48885","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.5","matchCriteriaId":"CD60BA50-3F98-46BF-97E8-28AB207DE12A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortirecorder:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.2","matchCriteriaId":"C0B0D078-2F52-46B4-B9C0-162447828E1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.4.10","matchCriteriaId":"BBF1E214-4BC5-47E8-BF02-072D6D830BAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortivoice:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.0.5","matchCriteriaId":"5EEE0DFA-DE31-4D26-AC98-6BCED8F008DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.5","matchCriteriaId":"CDB9CE13-AAF4-418C-BA26-1A0D53C5C1C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"28B43375-DA74-4C5F-BAEE-39F312EEF51F"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-259","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-24472","sourceIdentifier":"psirt@fortinet.com","published":"2025-02-11T17:15:34.867","lastModified":"2026-07-08T14:16:54.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests."},{"lang":"es","value":"Una vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo [CWE-288] que afecta a FortiOS 7.0.0 a 7.0.16 y FortiProxy 7.2.0 a 7.2.12, 7.0.0 a 7.0.19 puede permitir que un atacante remoto obtenga privilegios de superadministrador a través de solicitudes de proxy CSF manipuladas."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.2.0","lessThanOrEqual":"7.2.12","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-18T18:32:10.857001Z","id":"CVE-2025-24472","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2025-03-18","cisaActionDue":"2025-04-08","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability","weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.20","matchCriteriaId":"1B14CD59-F557-48A0-8458-BECD3AD7DB3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.13","matchCriteriaId":"EDC18768-0891-465E-9900-3DF5D22A5CB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.17","matchCriteriaId":"BD357034-B2FD-4C2E-97FE-2C54D686D885"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-535","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24472","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2025-6170","sourceIdentifier":"secalert@redhat.com","published":"2025-06-16T16:15:20.430","lastModified":"2026-07-08T15:16:24.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections."},{"lang":"es","value":"Se detectó una falla en el shell interactivo de la herramienta de línea de comandos xmllint, utilizada para analizar archivos XML. Cuando un usuario introduce un comando demasiado largo, el programa no verifica correctamente el tamaño de entrada, lo que puede provocar un bloqueo. Este problema podría permitir a los atacantes ejecutar código dañino en configuraciones poco comunes sin protecciones modernas."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.gnome.org/GNOME/libxml2/","packageName":"libxml2","versions":[{"version":"0","lessThan":"2.14.5","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.9.7-21.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:2.9.7-21.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"libxml2-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"2.15.2-0.3.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libxml2","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat JBoss Core Services","defaultStatus":"affected","collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","packageName":"libxml2","cpes":["cpe:/a:redhat:jboss_core_services:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM RST2428P","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"V4.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-16T16:05:03.613731Z","id":"CVE-2025-6170","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*","matchCriteriaId":"9B453CF7-9AA6-4B94-A003-BF7AE0B82F53"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xmlsoft:libxml2:-:*:*:*:*:*:*:*","matchCriteriaId":"61F6944D-0CFD-4525-8A80-3AB1360AE6F5"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36734","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:7519","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2025-6170","source":"secalert@redhat.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2372952","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libxml2/-/issues/941","source":"secalert@redhat.com"},{"url":"https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-253495.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-31366","sourceIdentifier":"psirt@fortinet.com","published":"2025-10-14T16:15:37.423","lastModified":"2026-07-08T13:16:24.753","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSASE","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisase:25.2.a:*:*:*:*:*:*:*"],"versions":[{"version":"25.2.a","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.7","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.13","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.3","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.8","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.16","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.23","versionType":"semver","status":"affected"}]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM APE1808","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-10-14T16:45:04.804545Z","id":"CVE-2025-31366","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.9","matchCriteriaId":"1B6548FD-E370-45D7-81D5-6EF892810052"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"C1C30E0D-7F09-42D2-9EB1-E2196BD50D75"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.6.4","matchCriteriaId":"4DA70753-E996-4081-9C13-7F60AC993B09"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:feature:*:*:*","matchCriteriaId":"53197A72-5D08-4938-A415-72C573024BF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:mature:*:*:*","matchCriteriaId":"2603C391-AEC6-450A-A30A-4F8682F9565D"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-542","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-864900.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-47890","sourceIdentifier":"psirt@fortinet.com","published":"2025-10-14T16:15:38.667","lastModified":"2026-07-08T13:16:24.977","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","cpes":["cpe:2.3:o:fortinet:fortios:7.6.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.6.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.19:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.18:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.17:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*","cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.8","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.13","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.19","versionType":"semver","status":"affected"},{"version":"6.4.0","lessThanOrEqual":"6.4.16","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiproxy:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.23:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.22:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.21:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.20:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.18:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.17:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.15:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.13:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.3","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.14","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.16","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.23","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSASE","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisase:25.2.a:*:*:*:*:*:*:*"],"versions":[{"version":"25.2.a","status":"affected"}]}]},{"source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","affectedData":[{"vendor":"Siemens","product":"RUGGEDCOM APE1808","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":2.6,"baseSeverity":"LOW","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-10-16T17:27:26.292358Z","id":"CVE-2025-47890","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.9","matchCriteriaId":"1B6548FD-E370-45D7-81D5-6EF892810052"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"C1C30E0D-7F09-42D2-9EB1-E2196BD50D75"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.6.4","matchCriteriaId":"4DA70753-E996-4081-9C13-7F60AC993B09"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:feature:*:*:*","matchCriteriaId":"53197A72-5D08-4938-A415-72C573024BF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisase:25.3.40:*:*:*:mature:*:*:*","matchCriteriaId":"2603C391-AEC6-450A-A30A-4F8682F9565D"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-542","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-864900.html","source":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}},{"cve":{"id":"CVE-2025-67288","sourceIdentifier":"cve@mitre.org","published":"2025-12-22T19:15:49.710","lastModified":"2026-07-08T17:17:19.793","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself. The Supplier also states that PDF JavaScript runs in a completely isolated sandbox, not the browser's DOM context, which means that privilege boundaries would not be crossed, a related issue to CVE-2023-49279."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-12-22T18:59:14.508768Z","id":"CVE-2025-67288","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco_cms:16.3.3:*:*:*:*:*:*:*","matchCriteriaId":"3219BD08-2A93-46BC-847C-493BE4220357"}]}]}],"references":[{"url":"https://github.com/vuquyen03/CVE/tree/main/CVE-2025-67288","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2025-69872","sourceIdentifier":"cve@mitre.org","published":"2026-02-11T19:15:50.360","lastModified":"2026-07-08T13:16:27.110","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache."},{"lang":"es","value":"DiskCache (python-diskcache) hasta la versión 5.6.3 utiliza Python pickle para la serialización por defecto. Un atacante con acceso de escritura al directorio de caché puede lograr ejecución de código arbitrario cuando una aplicación víctima lee de la caché."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI 3.3","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai:3.3::el9"]},{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AI (RHEL AI) 3","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:enterprise_linux_ai:3"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":5.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-12T15:11:02.221552Z","id":"CVE-2025-69872","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md","source":"cve@mitre.org"},{"url":"https://github.com/grantjenks/python-diskcache","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2026:36350","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:3713","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-69872","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439059","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69872.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-20074","sourceIdentifier":"psirt@cisco.com","published":"2026-03-11T17:16:55.470","lastModified":"2026-07-08T19:07:12.303","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) multi-instance routing feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the IS-IS process to restart unexpectedly.\r\n\r\nThis vulnerability is due to insufficient input validation of ingress IS-IS packets. An attacker could exploit this vulnerability by sending crafted IS-IS packets to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the IS-IS process to restart unexpectedly, resulting in a temporary loss of connectivity to advertised networks and a denial of service (DoS) condition.\r\nNote: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and must have formed an adjacency.&nbsp;&nbsp;"},{"lang":"es","value":"Una vulnerabilidad en la función de enrutamiento multi-instancia de Intermediate System-to-Intermediate System (IS-IS) de Cisco IOS XR Software podría permitir a un atacante no autenticado y adyacente causar que el proceso IS-IS se reinicie inesperadamente.\n\nEsta vulnerabilidad se debe a una validación de entrada insuficiente de los paquetes IS-IS de entrada. Un atacante podría explotar esta vulnerabilidad enviando paquetes IS-IS manipulados a un dispositivo afectado después de formar una adyacencia. Un exploit exitoso podría permitir al atacante causar que el proceso IS-IS se reinicie inesperadamente, lo que resultaría en una pérdida temporal de conectividad a las redes anunciadas y una condición de denegación de servicio (DoS).\nNota: El protocolo IS-IS es un protocolo de enrutamiento. Para explotar esta vulnerabilidad, un atacante debe ser adyacente en Capa 2 al dispositivo afectado y debe haber formado una adyacencia."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco IOS XR Software","defaultStatus":"unknown","versions":[{"version":"7.8.1","status":"affected"},{"version":"7.9.1","status":"affected"},{"version":"7.10.1","status":"affected"},{"version":"7.8.2","status":"affected"},{"version":"7.8.22","status":"affected"},{"version":"7.9.2","status":"affected"},{"version":"7.11.1","status":"affected"},{"version":"7.9.21","status":"affected"},{"version":"7.10.2","status":"affected"},{"version":"24.1.1","status":"affected"},{"version":"7.11.2","status":"affected"},{"version":"24.2.1","status":"affected"},{"version":"24.1.2","status":"affected"},{"version":"24.2.11","status":"affected"},{"version":"24.3.1","status":"affected"},{"version":"24.4.1","status":"affected"},{"version":"24.2.2","status":"affected"},{"version":"7.8.23","status":"affected"},{"version":"7.11.21","status":"affected"},{"version":"24.2.20","status":"affected"},{"version":"24.3.2","status":"affected"},{"version":"24.4.10","status":"affected"},{"version":"25.1.1","status":"affected"},{"version":"24.4.2","status":"affected"},{"version":"24.3.20","status":"affected"},{"version":"24.4.15","status":"affected"},{"version":"25.2.1","status":"affected"},{"version":"25.1.2","status":"affected"},{"version":"24.3.30","status":"affected"},{"version":"24.4.30","status":"affected"},{"version":"24.2.21","status":"affected"},{"version":"25.2.15","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-11T17:04:46.266844Z","id":"CVE-2026-20074","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*","versionStartIncluding":"7.8.0","versionEndExcluding":"25.2.2","matchCriteriaId":"8352E25F-6467-4428-B677-013F64C9F130"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xr:25.3.0:*:*:*:*:*:*:*","matchCriteriaId":"1B34524C-985A-421D-91D8-3447294A44B3"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-isis-dos-kDMxpSzK","source":"psirt@cisco.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20117","sourceIdentifier":"psirt@cisco.com","published":"2026-03-11T17:16:55.973","lastModified":"2026-07-08T19:12:13.653","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface of an affected system does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Contact Center Express (Unified CCX) podría permitir a un atacante remoto no autenticado realizar ataques de cross-site scripting (XSS) contra un usuario de la interfaz.\n\nEsta vulnerabilidad existe porque la interfaz de gestión basada en web de un sistema afectado no valida suficientemente la entrada proporcionada por el usuario. Un atacante podría explotar esta vulnerabilidad inyectando código malicioso en páginas específicas de la interfaz. Un exploit exitoso podría permitir al atacante ejecutar código de script arbitrario en el contexto de la interfaz afectada o acceder a información sensible basada en el navegador."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Unified Contact Center Express","defaultStatus":"unknown","versions":[{"version":"10.5(1)SU1","status":"affected"},{"version":"10.6(1)","status":"affected"},{"version":"11.6(1)","status":"affected"},{"version":"10.6(1)SU1","status":"affected"},{"version":"10.6(1)SU3","status":"affected"},{"version":"11.6(2)","status":"affected"},{"version":"12.0(1)","status":"affected"},{"version":"11.0(1)SU1","status":"affected"},{"version":"11.5(1)SU1","status":"affected"},{"version":"10.5(1)","status":"affected"},{"version":"12.5(1)","status":"affected"},{"version":"12.5(1)SU1","status":"affected"},{"version":"12.5(1)SU2","status":"affected"},{"version":"12.5(1)SU3","status":"affected"},{"version":"12.5(1)_SU03_ES01","status":"affected"},{"version":"12.5(1)_SU03_ES02","status":"affected"},{"version":"12.5(1)_SU02_ES03","status":"affected"},{"version":"12.5(1)_SU02_ES04","status":"affected"},{"version":"12.5(1)_SU02_ES02","status":"affected"},{"version":"12.5(1)_SU01_ES02","status":"affected"},{"version":"12.5(1)_SU01_ES03","status":"affected"},{"version":"12.5(1)_SU02_ES01","status":"affected"},{"version":"11.6(2)ES07","status":"affected"},{"version":"11.6(2)ES08","status":"affected"},{"version":"12.5(1)_SU01_ES01","status":"affected"},{"version":"12.0(1)ES04","status":"affected"},{"version":"12.5(1)ES02","status":"affected"},{"version":"12.5(1)ES03","status":"affected"},{"version":"11.6(2)ES06","status":"affected"},{"version":"12.5(1)ES01","status":"affected"},{"version":"12.0(1)ES03","status":"affected"},{"version":"12.0(1)ES01","status":"affected"},{"version":"11.6(2)ES05","status":"affected"},{"version":"12.0(1)ES02","status":"affected"},{"version":"11.6(2)ES04","status":"affected"},{"version":"11.6(2)ES03","status":"affected"},{"version":"11.6(2)ES02","status":"affected"},{"version":"11.6(2)ES01","status":"affected"},{"version":"10.6(1)SU3ES03","status":"affected"},{"version":"11.0(1)SU1ES03","status":"affected"},{"version":"10.6(1)SU3ES01","status":"affected"},{"version":"10.5(1)SU1ES10","status":"affected"},{"version":"11.5(1)SU1ES03","status":"affected"},{"version":"11.6(1)ES02","status":"affected"},{"version":"11.5(1)ES01","status":"affected"},{"version":"10.6(1)SU2","status":"affected"},{"version":"10.6(1)SU2ES04","status":"affected"},{"version":"11.6(1)ES01","status":"affected"},{"version":"10.6(1)SU3ES02","status":"affected"},{"version":"11.5(1)SU1ES02","status":"affected"},{"version":"11.5(1)SU1ES01","status":"affected"},{"version":"11.0(1)SU1ES02","status":"affected"},{"version":"12.5(1)_SU03_ES03","status":"affected"},{"version":"12.5(1)_SU03_ES04","status":"affected"},{"version":"12.5(1)_SU03_ES05","status":"affected"},{"version":"UCCX 15.0.1","status":"affected"},{"version":"12.5(1)_SU03_ES06","status":"affected"},{"version":"12.5(1)_SU03_ES07","status":"affected"},{"version":"15.0(1)","status":"affected"},{"version":"15.0(1)ES01","status":"affected"},{"version":"15.0(1)ES-MSOauth","status":"affected"},{"version":"1501_ES01_CSCws06843","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-11T17:05:14.798354Z","id":"CVE-2026-20117","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*","versionEndIncluding":"15.0\\(1\\)ES01","matchCriteriaId":"6E7F7C37-40B9-40E2-A650-AFCD25B643FE"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-xss-MrNAH5Jh","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-69196","sourceIdentifier":"security-advisories@github.com","published":"2026-03-16T19:16:14.397","lastModified":"2026-07-08T13:16:26.740","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FastMCP is the standard framework for building MCP applications. Prior to version 2.14.2, the server does not properly respect the resource parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for the MCP server, the token is issued for the base_url passed to the OAuthProxy during initialization. This issue has been patched 2.14.2."},{"lang":"es","value":"FastMCP es el framework estándar para construir aplicaciones MCP. Antes de la versión 2.14.2, el servidor no respeta adecuadamente el parámetro de recurso enviado por el cliente en la solicitud de autorización y de token. En lugar de emitir el token explícitamente para el servidor MCP, el token se emite para la base_url pasada al OAuthProxy durante la inicialización. Este problema ha sido parcheado en 2.14.2."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"jlowin","product":"fastmcp","versions":[{"version":"< 2.14.2","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:rhdh:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-16T19:09:19.463530Z","id":"CVE-2025-69196","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-1220"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.14.2","matchCriteriaId":"D20B7869-1019-4F0B-9135-0EE29889FF4F"}]}]}],"references":[{"url":"https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-5h2m-4q8j-pqpj","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36350","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-69196","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448179","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69196.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-23401","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-01T09:16:15.260","lastModified":"2026-07-08T13:16:30.563","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE\n\nWhen installing an emulated MMIO SPTE, do so *after* dropping/zapping the\nexisting SPTE (if it's shadow-present).  While commit a54aa15c6bda3 was\nright about it being impossible to convert a shadow-present SPTE to an\nMMIO SPTE due to a _guest_ write, it failed to account for writes to guest\nmemory that are outside the scope of KVM.\n\nE.g. if host userspace modifies a shadowed gPTE to switch from a memslot\nto emulted MMIO and then the guest hits a relevant page fault, KVM will\ninstall the MMIO SPTE without first zapping the shadow-present SPTE.\n\n  ------------[ cut here ]------------\n  is_shadow_present_pte(*sptep)\n  WARNING: arch/x86/kvm/mmu/mmu.c:484 at mark_mmio_spte+0xb2/0xc0 [kvm], CPU#0: vmx_ept_stale_r/4292\n  Modules linked in: kvm_intel kvm irqbypass\n  CPU: 0 UID: 1000 PID: 4292 Comm: vmx_ept_stale_r Not tainted 7.0.0-rc2-eafebd2d2ab0-sink-vm #319 PREEMPT\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n  RIP: 0010:mark_mmio_spte+0xb2/0xc0 [kvm]\n  Call Trace:\n   <TASK>\n   mmu_set_spte+0x237/0x440 [kvm]\n   ept_page_fault+0x535/0x7f0 [kvm]\n   kvm_mmu_do_page_fault+0xee/0x1f0 [kvm]\n   kvm_mmu_page_fault+0x8d/0x620 [kvm]\n   vmx_handle_exit+0x18c/0x5a0 [kvm_intel]\n   kvm_arch_vcpu_ioctl_run+0xc55/0x1c20 [kvm]\n   kvm_vcpu_ioctl+0x2d5/0x980 [kvm]\n   __x64_sys_ioctl+0x8a/0xd0\n   do_syscall_64+0xb5/0x730\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n  RIP: 0033:0x47fa3f\n   </TASK>\n  ---[ end trace 0000000000000000 ]---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/mmu/mmu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"20656cd1f243d3a154aac5dd1b823110b6906fe1","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"ed5909992f344a7d3f4024261e9f751d9618a27d","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"fd28c5618699180cd69619801e9ae6a5266c0a22","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"459158151a158a6703b49f3c9de0e536d8bd553f","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"695320de6eadb75aaed8be1787c4ce4c189e4c7b","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"bce7fe59d43531623f3e43779127bfb33804925d","versionType":"git","status":"affected"},{"version":"a54aa15c6bda3ca7e2f9e040ba968a1da303e24f","lessThan":"aad885e774966e97b675dfe928da164214a71605","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/mmu/mmu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.13","status":"affected"},{"version":"0","lessThan":"5.13","versionType":"semver","status":"unaffected"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.131","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.80","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.21","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.11","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.0::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.4,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.13.1","versionEndExcluding":"5.15.203","matchCriteriaId":"CC3F58C6-09EC-41E6-8E82-613F5965C0DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.168","matchCriteriaId":"E2DDDCA1-6DAB-4018-B920-8F045DDD8D3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.131","matchCriteriaId":"CE6ED4D4-0046-4573-BFA9-D64143B6A89F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.80","matchCriteriaId":"97EB19EC-A11E-49C6-9D2F-6F6EC6CB98B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.21","matchCriteriaId":"ED39847A-3B46-4729-B7CA-B2C30B9FA8FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.11","matchCriteriaId":"4CA2E747-A9EC-4518-9AA2-B4247FC748B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.13:-:*:*:*:*:*:*","matchCriteriaId":"8F0E7012-0BA3-4E6A-ADE9-57973CBDEE28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*","matchCriteriaId":"512EE3A8-A590-4501-9A94-5D4B268D6138"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/20656cd1f243d3a154aac5dd1b823110b6906fe1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/459158151a158a6703b49f3c9de0e536d8bd553f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/695320de6eadb75aaed8be1787c4ce4c189e4c7b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aad885e774966e97b675dfe928da164214a71605","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bce7fe59d43531623f3e43779127bfb33804925d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ed5909992f344a7d3f4024261e9f751d9618a27d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fd28c5618699180cd69619801e9ae6a5266c0a22","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:13577","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13578","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13932","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13936","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14137","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14230","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14339","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:15883","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19521","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19568","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19569","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19875","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20593","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36530","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36531","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36533","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36534","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-23401","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453803","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-23401.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-20042","sourceIdentifier":"psirt@cisco.com","published":"2026-04-01T17:28:26.173","lastModified":"2026-07-08T13:24:15.127","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information.\r\n\r\nThis vulnerability exists because authentication details are included in the encrypted backup files. An attacker with a valid backup file and encryption password from an affected device could decrypt the backup file. The attacker could then use the authentication details in the backup file to access internal-only APIs on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as the root user."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Nexus Dashboard","defaultStatus":"unknown","versions":[{"version":"1.1(3e)","status":"affected"},{"version":"1.1(3c)","status":"affected"},{"version":"1.1(3d)","status":"affected"},{"version":"1.1(0d)","status":"affected"},{"version":"1.1(2i)","status":"affected"},{"version":"2.0(1b)","status":"affected"},{"version":"1.1(2h)","status":"affected"},{"version":"1.1(0c)","status":"affected"},{"version":"1.1(3f)","status":"affected"},{"version":"2.1(1d)","status":"affected"},{"version":"2.1(1e)","status":"affected"},{"version":"2.0(2g)","status":"affected"},{"version":"2.0(2h)","status":"affected"},{"version":"2.1(2d)","status":"affected"},{"version":"2.0(1d)","status":"affected"},{"version":"2.2(1h)","status":"affected"},{"version":"2.2(1e)","status":"affected"},{"version":"2.2(2d)","status":"affected"},{"version":"2.1(2f)","status":"affected"},{"version":"2.3(1c)","status":"affected"},{"version":"2.3(2b)","status":"affected"},{"version":"2.3(2c)","status":"affected"},{"version":"2.3(2d)","status":"affected"},{"version":"2.3(2e)","status":"affected"},{"version":"3.0(1f)","status":"affected"},{"version":"3.0(1i)","status":"affected"},{"version":"3.1(1k)","status":"affected"},{"version":"3.1(1l)","status":"affected"},{"version":"3.2(1e)","status":"affected"},{"version":"3.2(1i)","status":"affected"},{"version":"3.3(1a)","status":"affected"},{"version":"3.3(1b)","status":"affected"},{"version":"3.3(2b)","status":"affected"},{"version":"4.0(1i)","status":"affected"},{"version":"3.3(2g)","status":"affected"},{"version":"3.2(2f)","status":"affected"},{"version":"3.2(2g)","status":"affected"},{"version":"3.2(2m)","status":"affected"},{"version":"3.1(1n)","status":"affected"},{"version":"4.1(1g)","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-01T00:00:00+00:00","id":"CVE-2026-20042","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:nexus_dashboard:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.1","matchCriteriaId":"0045E301-38B4-4B35-96E4-A3F0F844AE3B"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-cbid-5YqkOSHu","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20151","sourceIdentifier":"psirt@cisco.com","published":"2026-04-01T17:28:31.097","lastModified":"2026-07-08T13:25:32.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\n\r\nThis vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to elevate privileges on the affected system from low to administrative.\r\nTo exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of System User.\r\nNote: This vulnerability exposes information only about users who logged in to the Cisco SSM On-Prem host using the web interface and who are currently logged in. SSH sessions are not affected."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Smart Software Manager On-Prem","defaultStatus":"unknown","versions":[{"version":"7-202001","status":"affected"},{"version":"8-202004","status":"affected"},{"version":"8-202006","status":"affected"},{"version":"8-202012","status":"affected"},{"version":"8-202010","status":"affected"},{"version":"8-202008","status":"affected"},{"version":"9-202201","status":"affected"},{"version":"8-202102","status":"affected"},{"version":"8-202105","status":"affected"},{"version":"8-202108","status":"affected"},{"version":"8-202112","status":"affected"},{"version":"8-202201","status":"affected"},{"version":"8-202206","status":"affected"},{"version":"8-202212","status":"affected"},{"version":"8-202302","status":"affected"},{"version":"8-202303","status":"affected"},{"version":"8-202304","status":"affected"},{"version":"8-202308","status":"affected"},{"version":"8-202401","status":"affected"},{"version":"8-202404","status":"affected"},{"version":"9-202406","status":"affected"},{"version":"9-202407","status":"affected"},{"version":"9-202410","status":"affected"},{"version":"9-202412","status":"affected"},{"version":"9-202501","status":"affected"},{"version":"9-202502","status":"affected"},{"version":"9-202504","status":"affected"},{"version":"9-202507","status":"affected"},{"version":"9-202510","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-01T00:00:00+00:00","id":"CVE-2026-20151","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:smart_software_manager_on-prem:*:*:*:*:*:*:*:*","versionEndExcluding":"9-202601","matchCriteriaId":"D2F0EA7E-9F9D-4A2A-B64D-8335F4A169E3"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-xRAnOuO8","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-32871","sourceIdentifier":"security-advisories@github.com","published":"2026-04-02T15:16:38.740","lastModified":"2026-07-08T13:16:36.240","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerability exists in the _build_url() method. When an OpenAPI operation defines path parameters (e.g., /api/v1/users/{user_id}), the system directly substitutes parameter values into the URL template string without URL-encoding. Subsequently, urllib.parse.urljoin() resolves the final URL. Since urljoin() interprets ../ sequences as directory traversal, an attacker controlling a path parameter can perform path traversal attacks to escape the intended API prefix and access arbitrary backend endpoints. This results in authenticated SSRF, as requests are sent with the authorization headers configured in the MCP provider. This issue has been patched in version 3.2.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"PrefectHQ","product":"fastmcp","versions":[{"version":"< 3.2.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Satellite 6.18","defaultStatus":"affected","cpes":["cpe:/a:redhat:satellite:6.18::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-02T15:59:21.963304Z","id":"CVE-2026-32871","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jlowin:fastmcp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.0","matchCriteriaId":"4247F36F-7D37-47DF-A475-E607F1BAD799"}]}]}],"references":[{"url":"https://github.com/PrefectHQ/fastmcp/commit/40bdfb6b1de0ce30609ee9ba5bb95ecd04a9fb71","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/PrefectHQ/fastmcp/pull/3507","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/PrefectHQ/fastmcp/releases/tag/v3.2.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36350","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-32871","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454434","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/PrefectHQ/fastmcp/security/advisories/GHSA-vv7q-7jx5-f767","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32871.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-31402","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-03T16:16:39.283","lastModified":"2026-07-08T13:16:34.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/nfsd/nfs4xdr.c","fs/nfsd/state.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f9fcb4441f6c02bb20c2eb340101e27dfe23607c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2665887a69437a8a4f552f69509eecfb73d4aa19","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c9452c0797c95cf2378170df96cf4f4b3bca7eff","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8afb437ea1f70cacb4bbdf11771fb5c4d720b965","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"0f0e2a54a31a7f9ad2915db99156114872317388","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ae8498337dfdfda71bdd0b807c9a23a126011d76","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5133b61aaf437e5f25b1b396b14242a6bb0508e2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/nfsd/nfs4xdr.c","fs/nfsd/state.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.167","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.130","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.20","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.10","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux for Real Time (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_extras_rt_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.0::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.253","matchCriteriaId":"5F0E43E1-33E5-4828-9B4A-F710AF2E7217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"6.1.167","matchCriteriaId":"56D62904-7C85-4BED-9EC0-3982B880F72D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.130","matchCriteriaId":"C57BB918-DF28-46B3-94F7-144176841267"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.78","matchCriteriaId":"28D591F5-B196-4CC9-905C-DC80F116E7A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.20","matchCriteriaId":"E5571059-6552-48E7-9BEF-3E358C387171"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.10","matchCriteriaId":"96D34333-38BE-4414-9E79-6EB764329581"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f0e2a54a31a7f9ad2915db99156114872317388","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2665887a69437a8a4f552f69509eecfb73d4aa19","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5133b61aaf437e5f25b1b396b14242a6bb0508e2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8afb437ea1f70cacb4bbdf11771fb5c4d720b965","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae8498337dfdfda71bdd0b807c9a23a126011d76","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9452c0797c95cf2378170df96cf4f4b3bca7eff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f9fcb4441f6c02bb20c2eb340101e27dfe23607c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:10108","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:11313","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13565","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13566","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13577","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13578","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13664","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13681","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13734","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:13936","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14137","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14165","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14301","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14823","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14869","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:14925","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:15883","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19568","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19569","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36530","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36531","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36533","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36534","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-31402","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454844","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31402.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5590","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-04-05T04:16:16.370","lastModified":"2026-07-08T13:38:21.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been released. If tcp_conn_search() returns NULL while processing a SYN packet, a NULL pointer derived from stale context data is passed to tcp_backlog_is_full() and dereferenced without validation, leading to a crash."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-06T14:21:53.207121Z","id":"CVE-2026-5590","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4vqm-pw24-g9jp","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-39848","sourceIdentifier":"security-advisories@github.com","published":"2026-04-09T22:16:34.407","lastModified":"2026-07-08T14:42:35.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"10ij","product":"dockyard","versions":[{"version":"< 1.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-10T13:54:19.256778Z","id":"CVE-2026-39848","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:10ij:dockyard:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.0","matchCriteriaId":"3015DA96-86AA-4CE0-B7E7-4C6E3159E02E"}]}]}],"references":[{"url":"https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g","source":"security-advisories@github.com","tags":["Broken Link"]},{"url":"https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2026-5724","sourceIdentifier":"security@temporal.io","published":"2026-04-10T21:16:28.497","lastModified":"2026-07-08T20:17:00.123","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests without credentials. This endpoint is registered on the same port as WorkflowService and cannot be disabled independently. An attacker with network access to the frontend port could open the replication stream without authentication. Data exfiltration is possible, but  only when a configured replication target is correctly configured and the attacker has knowledge of the cluster configuration, as the history service validates cluster IDs and peer membership before returning replication data.\n\n\n\n\nThe fix was applied per release line: it is present in 1.28.4, 1.29.6, 1.30.4, 1.31.2, and 1.32.0 and later releases on each line. Releases 1.31.0 and 1.31.1 do not contain the fix and are affected.\n\n\n\n\nTemporal Cloud is not affected."}],"affected":[{"source":"security@temporal.io","affectedData":[{"vendor":"Temporal Technologies, Inc.","product":"temporal","defaultStatus":"unaffected","collectionURL":"https://github.com","packageName":"temporal","repo":"https://github.com/temporalio/temporal","versions":[{"version":"1.24.0","lessThan":"1.28.4","versionType":"semver","status":"affected"},{"version":"1.29.0","lessThan":"1.29.6","versionType":"semver","status":"affected"},{"version":"1.30.0","lessThan":"1.30.4","versionType":"semver","status":"affected"},{"version":"1.31.0","lessThan":"1.31.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@temporal.io","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:X/RE:L/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"NO","Recovery":"USER","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T16:10:36.242097Z","id":"CVE-2026-5724","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@temporal.io","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/temporalio/temporal/releases/tag/v1.28.4","source":"security@temporal.io"},{"url":"https://github.com/temporalio/temporal/releases/tag/v1.29.6","source":"security@temporal.io"},{"url":"https://github.com/temporalio/temporal/releases/tag/v1.30.4","source":"security@temporal.io"},{"url":"https://github.com/temporalio/temporal/releases/tag/v1.31.2","source":"security@temporal.io"}]}},{"cve":{"id":"CVE-2026-31419","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-04-13T14:16:11.447","lastModified":"2026-07-08T13:16:34.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix use-after-free in bond_xmit_broadcast()\n\nbond_xmit_broadcast() reuses the original skb for the last slave\n(determined by bond_is_last_slave()) and clones it for others.\nConcurrent slave enslave/release can mutate the slave list during\nRCU-protected iteration, changing which slave is \"last\" mid-loop.\nThis causes the original skb to be double-consumed (double-freed).\n\nReplace the racy bond_is_last_slave() check with a simple index\ncomparison (i + 1 == slaves_count) against the pre-snapshot slave\ncount taken via READ_ONCE() before the loop.  This preserves the\nzero-copy optimization for the last slave while making the \"last\"\ndetermination stable against concurrent list mutations.\n\nThe UAF can trigger the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in skb_clone\nRead of size 8 at addr ffff888100ef8d40 by task exploit/147\n\nCPU: 1 UID: 0 PID: 147 Comm: exploit Not tainted 7.0.0-rc3+ #4 PREEMPTLAZY\nCall Trace:\n <TASK>\n dump_stack_lvl (lib/dump_stack.c:123)\n print_report (mm/kasan/report.c:379 mm/kasan/report.c:482)\n kasan_report (mm/kasan/report.c:597)\n skb_clone (include/linux/skbuff.h:1724 include/linux/skbuff.h:1792 include/linux/skbuff.h:3396 net/core/skbuff.c:2108)\n bond_xmit_broadcast (drivers/net/bonding/bond_main.c:5334)\n bond_start_xmit (drivers/net/bonding/bond_main.c:5567 drivers/net/bonding/bond_main.c:5593)\n dev_hard_start_xmit (include/linux/netdevice.h:5325 include/linux/netdevice.h:5334 net/core/dev.c:3871 net/core/dev.c:3887)\n __dev_queue_xmit (include/linux/netdevice.h:3601 net/core/dev.c:4838)\n ip6_finish_output2 (include/net/neighbour.h:540 include/net/neighbour.h:554 net/ipv6/ip6_output.c:136)\n ip6_finish_output (net/ipv6/ip6_output.c:208 net/ipv6/ip6_output.c:219)\n ip6_output (net/ipv6/ip6_output.c:250)\n ip6_send_skb (net/ipv6/ip6_output.c:1985)\n udp_v6_send_skb (net/ipv6/udp.c:1442)\n udpv6_sendmsg (net/ipv6/udp.c:1733)\n __sys_sendto (net/socket.c:730 net/socket.c:742 net/socket.c:2206)\n __x64_sys_sendto (net/socket.c:2209)\n do_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n </TASK>\n\nAllocated by task 147:\n\nFreed by task 147:\n\nThe buggy address belongs to the object at ffff888100ef8c80\n which belongs to the cache skbuff_head_cache of size 224\nThe buggy address is located 192 bytes inside of\n freed 224-byte region [ffff888100ef8c80, ffff888100ef8d60)\n\nMemory state around the buggy address:\n ffff888100ef8c00: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888100ef8c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n>ffff888100ef8d00: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc\n                                                    ^\n ffff888100ef8d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb\n ffff888100ef8e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n=================================================================="}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/bonding/bond_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"2de5c8eea0a9db99dae7c36f4b541b74b41d3a04","versionType":"git","status":"affected"},{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"a0f661918edc79d7a75e468128af8d41e2a1a83a","versionType":"git","status":"affected"},{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"d4cc7e4c80b1634c7b1497574a2fdb18df6c026c","versionType":"git","status":"affected"},{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"f5b94654a4a19891a8108d66ef166de6c028c6cd","versionType":"git","status":"affected"},{"version":"4e5bd03ae34652cd932ab4c91c71c511793df75c","lessThan":"2884bf72fb8f03409e423397319205de48adca16","versionType":"git","status":"affected"},{"version":"20949c3816463e97c6f8fe84c0280c7e5ae83a8d","versionType":"git","status":"affected"},{"version":"f1d206181f19b00b275b258fea1418718a2f4173","versionType":"git","status":"affected"},{"version":"c1f1691ef84fa6d38fa5e5148eca073145e97ffa","versionType":"git","status":"affected"},{"version":"5.10.94","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"5.15.17","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"5.16.3","lessThan":"5.17","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/bonding/bond_main.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.95","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.94","versionEndExcluding":"5.11","matchCriteriaId":"D97173A0-CD12-4773-B2F5-A9037AAB0383"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.17","versionEndExcluding":"5.16","matchCriteriaId":"FE141E86-782B-4D36-B214-2FB7AC66A083"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.3","versionEndExcluding":"5.17","matchCriteriaId":"7532EA4E-6958-4B4C-8270-4601DA8D95B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.12.86","matchCriteriaId":"E9F33D27-F3AA-49EF-8A71-D0AA86C50602"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.22","matchCriteriaId":"C9DF8BCE-36D3-475D-9D21-19E4F02F9029"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.12","matchCriteriaId":"0A2B9540-02D5-41B4-B16A-82AF66FD4F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2884bf72fb8f03409e423397319205de48adca16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2de5c8eea0a9db99dae7c36f4b541b74b41d3a04","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/a0f661918edc79d7a75e468128af8d41e2a1a83a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d4cc7e4c80b1634c7b1497574a2fdb18df6c026c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5b94654a4a19891a8108d66ef166de6c028c6cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:13566","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:19521","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:21209","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22334","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22900","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:22940","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:23224","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25191","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25217","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27353","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:27354","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35870","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36172","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36530","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36531","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36533","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36534","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-31419","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457829","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31419.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-21742","sourceIdentifier":"psirt@fortinet.com","published":"2026-04-14T16:16:35.930","lastModified":"2026-07-08T13:16:30.300","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured"}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSOAR on-premise","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.5.0","lessThanOrEqual":"7.5.1","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.3.0","lessThanOrEqual":"7.3.3","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSOAR PaaS","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.5.0","lessThanOrEqual":"7.5.1","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.3.0","lessThanOrEqual":"7.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-14T16:35:12.570489Z","id":"CVE-2026-21742","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndExcluding":"7.5.3","matchCriteriaId":"CD42D7DF-B095-44E1-B7E1-D203678DF740"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"6E11F916-A349-4C7F-8F39-2A3C9F2FB006"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-106","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-22155","sourceIdentifier":"psirt@fortinet.com","published":"2026-04-14T16:16:36.267","lastModified":"2026-07-08T13:16:30.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow attacker to information disclosure via <insert attack vector here>"}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSOAR PaaS","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisoarpaas:7.6.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoarpaas:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.3","versionType":"semver","status":"affected"},{"version":"7.5.0","lessThanOrEqual":"7.5.2","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.3.0","lessThanOrEqual":"7.3.3","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSOAR on-premise","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisoaron-premise:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.5.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisoaron-premise:7.3.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.5.0","lessThanOrEqual":"7.5.1","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.3.0","lessThanOrEqual":"7.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-14T16:34:58.769731Z","id":"CVE-2026-22155","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3.0","versionEndExcluding":"7.5.3","matchCriteriaId":"CD42D7DF-B095-44E1-B7E1-D203678DF740"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.4","matchCriteriaId":"6E11F916-A349-4C7F-8F39-2A3C9F2FB006"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-106","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20147","sourceIdentifier":"psirt@cisco.com","published":"2026-04-15T17:17:02.410","lastModified":"2026-07-08T14:20:19.670","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.3 Patch 8","status":"affected"},{"version":"3.2 Patch 8","status":"affected"},{"version":"3.5 Patch 1","status":"affected"},{"version":"3.3 Patch 9","status":"affected"},{"version":"3.2 Patch 9","status":"affected"},{"version":"3.4 Patch 5","status":"affected"},{"version":"3.5 Patch 2","status":"affected"}]},{"vendor":"Cisco","product":"Cisco ISE Passive Identity Connector","defaultStatus":"unknown","versions":[{"version":"3.2.0","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T00:00:00+00:00","id":"CVE-2026-20147","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"BB8FD39E-819E-48CB-AD6C-2F9F6AEF600E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:-:*:*:*:*:*:*","matchCriteriaId":"006E0D77-534C-447F-8E97-EC0AB906D978"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch1:*:*:*:*:*:*","matchCriteriaId":"AC07A742-D194-425C-945C-3977E96B61B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch10:*:*:*:*:*:*","matchCriteriaId":"00D4B446-EDCE-41DC-A03B-97D8A371B0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch2:*:*:*:*:*:*","matchCriteriaId":"97787372-9A0D-4916-A7A2-19237B84419F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch3:*:*:*:*:*:*","matchCriteriaId":"2E2D9D7C-A36E-489D-A2E1-ACE9E9C399BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch4:*:*:*:*:*:*","matchCriteriaId":"3ABA57DA-78C9-489B-88E5-6E5275E53388"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2ABFB0CE-60CF-4969-A91E-186F457C8014"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B8CF7EF0-FBAA-47C7-8386-F67264CA8D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5F08ACD7-2867-428A-966C-6509283FCA10"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch8:*:*:*:*:*:*","matchCriteriaId":"B365970F-9239-45F8-80C6-DA426FCA2E32"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch9:*:*:*:*:*:*","matchCriteriaId":"5A66142F-712F-4EFA-9FC4-E499D3015DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"50D8B7DD-14A8-4C67-8B32-E1F9C7D9C01E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"CB65DFF8-33D8-4840-8A63-7C4797FF0B51"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"890FDA62-DED9-401B-9D44-26F3624118CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"604079BA-78F5-4D20-AF27-E7A9A899DA0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"25344C6F-8EB6-4709-A51B-DCA26AA885E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51DE5AD0-5DFA-460D-B22D-0F5E367A9A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"683F2E87-9759-4A98-B7C9-489E74837D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"22BF8687-84E4-4609-8100-FD2408DF3247"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch8:*:*:*:*:*:*","matchCriteriaId":"19F88640-BC3E-42D2-ADDC-59114974103C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch9:*:*:*:*:*:*","matchCriteriaId":"40A94055-EF01-4799-813D-7BFFDD13C685"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"3CA3315D-8A45-43F4-A0F0-094D325F285B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"B3736136-9FD8-4B12-B119-EA15201224D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"FB15AE6D-F4EF-40AD-A88E-D22612AEF2A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"654ED77E-22D3-4E76-9E6D-B1581F5982F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"A0648EE9-F042-479F-9AAB-C6B5DBC46511"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"83F3BA58-4F38-41C8-956F-38A2F44EECE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"6C30FA1D-91E2-48C5-B181-A88FDF668278"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"768215B1-80B7-40FF-8772-BA4C0B3913F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"40239DA8-43B6-466B-85B0-6D644D7027D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"9118B7ED-E678-47C3-9D17-F522D9362B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"C2ED3257-CB9D-4FD5-A482-3648CF292128"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"CC0525FD-C4D7-4B48-BF35-1791391AB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"68C96F6B-51EE-4D03-9598-CBFD16DA22EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"62F25185-D19E-4EC5-8A68-7AB669B76E90"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"C457D2EC-FB63-49B7-A90E-CE67ED763BAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"6566330F-A048-44A1-9821-7A5844C82CEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"1154F196-2CB3-4AC2-BE00-11A8942EA999"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2A7003EB-C578-4C02-B768-F8C4C8421382"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"16B32F60-CEB7-4816-AA7C-3130D1053DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"755761D7-8DDD-4219-8E37-FA535757710A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"3283F4AC-CAD8-49B7-956E-05B1C1672A42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*","matchCriteriaId":"7A789B44-7E6C-4FE9-BD40-702A871AB8AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*","matchCriteriaId":"93920663-445E-4456-A905-81CEC6CA1833"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch10:*:*:*:*:*:*","matchCriteriaId":"DF9CCBFA-0004-48F7-B142-6FDD4B3E1081"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*","matchCriteriaId":"33DA5BB8-4CFE-44BD-9CEB-BC26577E8477"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*","matchCriteriaId":"D3AEFA85-66B5-4145-A4AD-96D1FF86B46D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*","matchCriteriaId":"7A6A0697-6A9E-48EF-82D8-36C75E0CDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*","matchCriteriaId":"E939B65A-7912-4C36-8799-03A1526D7BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*","matchCriteriaId":"833B438F-0869-4C0D-9952-750C00702E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*","matchCriteriaId":"E8B2588D-01F9-450B-B2E3-ADC4125E354E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*","matchCriteriaId":"E41016C0-19E6-4BCC-A8DD-F6C9A2B0003E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*","matchCriteriaId":"654E946A-07C5-4036-BC54-85EF42B808DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"7932D5D5-83E1-4BEF-845A-D0783D4BB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"1B818846-4A6E-4256-B344-281E8C786C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"A44858A2-922A-425A-8B38-0C47DB911A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"53484A32-757B-42F8-B655-554C34222060"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"0CCAC61F-C273-49B3-A631-31D3AE3EB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B452B4F0-8510-475E-9AE8-B48FABB4D7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5733512D-12B5-4098-AF90-9D68217FAC27"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch8:*:*:*:*:*:*","matchCriteriaId":"4ED98020-7BAF-4E5E-8B7B-22537200C283"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch9:*:*:*:*:*:*","matchCriteriaId":"4C6839DC-F3A2-4133-BF60-2E678E6DD4A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"43F3A55D-D4FC-4D93-9513-94B64B21A2B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"D4B14684-EB9E-405B-85FA-B62E57CB292C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"22B752D1-9E8F-4FB7-8EEB-F9234492372B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"85A1CC7D-FE54-4AC0-B98F-972C4B1F3189"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"D3727619-E0CA-4CA9-BE35-0C732BCF1741"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2CFB7565-3930-409C-B5DB-CE77E6ED7C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2610FD35-BC4B-41B7-9C92-E6E5264FEE54"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"3FEE4377-B238-4442-9892-28CECFB2319E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"6598563B-7E32-43FB-96A7-88C53E4CE226"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20148","sourceIdentifier":"psirt@cisco.com","published":"2026-04-15T17:17:02.637","lastModified":"2026-07-08T14:20:10.177","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials.\r\n\r\nThis vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.4 Patch 4","status":"affected"},{"version":"3.3 Patch 8","status":"affected"},{"version":"3.2 Patch 8","status":"affected"},{"version":"3.5 Patch 1","status":"affected"},{"version":"3.3 Patch 9","status":"affected"},{"version":"3.2 Patch 9","status":"affected"}]},{"vendor":"Cisco","product":"Cisco ISE Passive Identity Connector","defaultStatus":"unknown","versions":[{"version":"3.2.0","status":"affected"},{"version":"3.1.0","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.4.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T16:50:58.114801Z","id":"CVE-2026-20148","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"742B3761-9FD6-4E67-BDDD-D4DD2C3111D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*","matchCriteriaId":"7A789B44-7E6C-4FE9-BD40-702A871AB8AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*","matchCriteriaId":"93920663-445E-4456-A905-81CEC6CA1833"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch10:*:*:*:*:*:*","matchCriteriaId":"DF9CCBFA-0004-48F7-B142-6FDD4B3E1081"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*","matchCriteriaId":"33DA5BB8-4CFE-44BD-9CEB-BC26577E8477"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*","matchCriteriaId":"D3AEFA85-66B5-4145-A4AD-96D1FF86B46D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*","matchCriteriaId":"7A6A0697-6A9E-48EF-82D8-36C75E0CDFDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*","matchCriteriaId":"E939B65A-7912-4C36-8799-03A1526D7BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*","matchCriteriaId":"833B438F-0869-4C0D-9952-750C00702E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*","matchCriteriaId":"E8B2588D-01F9-450B-B2E3-ADC4125E354E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*","matchCriteriaId":"E41016C0-19E6-4BCC-A8DD-F6C9A2B0003E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*","matchCriteriaId":"654E946A-07C5-4036-BC54-85EF42B808DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"7932D5D5-83E1-4BEF-845A-D0783D4BB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"1B818846-4A6E-4256-B344-281E8C786C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"A44858A2-922A-425A-8B38-0C47DB911A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"53484A32-757B-42F8-B655-554C34222060"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"0CCAC61F-C273-49B3-A631-31D3AE3EB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B452B4F0-8510-475E-9AE8-B48FABB4D7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5733512D-12B5-4098-AF90-9D68217FAC27"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch8:*:*:*:*:*:*","matchCriteriaId":"4ED98020-7BAF-4E5E-8B7B-22537200C283"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch9:*:*:*:*:*:*","matchCriteriaId":"4C6839DC-F3A2-4133-BF60-2E678E6DD4A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"43F3A55D-D4FC-4D93-9513-94B64B21A2B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"D4B14684-EB9E-405B-85FA-B62E57CB292C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"22B752D1-9E8F-4FB7-8EEB-F9234492372B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"85A1CC7D-FE54-4AC0-B98F-972C4B1F3189"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"D3727619-E0CA-4CA9-BE35-0C732BCF1741"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2CFB7565-3930-409C-B5DB-CE77E6ED7C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2610FD35-BC4B-41B7-9C92-E6E5264FEE54"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"3FEE4377-B238-4442-9892-28CECFB2319E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"6598563B-7E32-43FB-96A7-88C53E4CE226"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"BB8FD39E-819E-48CB-AD6C-2F9F6AEF600E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:-:*:*:*:*:*:*","matchCriteriaId":"006E0D77-534C-447F-8E97-EC0AB906D978"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch1:*:*:*:*:*:*","matchCriteriaId":"AC07A742-D194-425C-945C-3977E96B61B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch10:*:*:*:*:*:*","matchCriteriaId":"00D4B446-EDCE-41DC-A03B-97D8A371B0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch2:*:*:*:*:*:*","matchCriteriaId":"97787372-9A0D-4916-A7A2-19237B84419F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch3:*:*:*:*:*:*","matchCriteriaId":"2E2D9D7C-A36E-489D-A2E1-ACE9E9C399BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch4:*:*:*:*:*:*","matchCriteriaId":"3ABA57DA-78C9-489B-88E5-6E5275E53388"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch5:*:*:*:*:*:*","matchCriteriaId":"2ABFB0CE-60CF-4969-A91E-186F457C8014"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B8CF7EF0-FBAA-47C7-8386-F67264CA8D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5F08ACD7-2867-428A-966C-6509283FCA10"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch8:*:*:*:*:*:*","matchCriteriaId":"B365970F-9239-45F8-80C6-DA426FCA2E32"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch9:*:*:*:*:*:*","matchCriteriaId":"5A66142F-712F-4EFA-9FC4-E499D3015DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"50D8B7DD-14A8-4C67-8B32-E1F9C7D9C01E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"CB65DFF8-33D8-4840-8A63-7C4797FF0B51"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"890FDA62-DED9-401B-9D44-26F3624118CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"604079BA-78F5-4D20-AF27-E7A9A899DA0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"25344C6F-8EB6-4709-A51B-DCA26AA885E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51DE5AD0-5DFA-460D-B22D-0F5E367A9A28"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"683F2E87-9759-4A98-B7C9-489E74837D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"22BF8687-84E4-4609-8100-FD2408DF3247"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch8:*:*:*:*:*:*","matchCriteriaId":"19F88640-BC3E-42D2-ADDC-59114974103C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch9:*:*:*:*:*:*","matchCriteriaId":"40A94055-EF01-4799-813D-7BFFDD13C685"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"3CA3315D-8A45-43F4-A0F0-094D325F285B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"B3736136-9FD8-4B12-B119-EA15201224D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch10:*:*:*:*:*:*","matchCriteriaId":"FB15AE6D-F4EF-40AD-A88E-D22612AEF2A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"654ED77E-22D3-4E76-9E6D-B1581F5982F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"A0648EE9-F042-479F-9AAB-C6B5DBC46511"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"83F3BA58-4F38-41C8-956F-38A2F44EECE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"6C30FA1D-91E2-48C5-B181-A88FDF668278"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"768215B1-80B7-40FF-8772-BA4C0B3913F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"40239DA8-43B6-466B-85B0-6D644D7027D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch8:*:*:*:*:*:*","matchCriteriaId":"9118B7ED-E678-47C3-9D17-F522D9362B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch9:*:*:*:*:*:*","matchCriteriaId":"C2ED3257-CB9D-4FD5-A482-3648CF292128"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"CC0525FD-C4D7-4B48-BF35-1791391AB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"68C96F6B-51EE-4D03-9598-CBFD16DA22EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"62F25185-D19E-4EC5-8A68-7AB669B76E90"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"C457D2EC-FB63-49B7-A90E-CE67ED763BAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch4:*:*:*:*:*:*","matchCriteriaId":"6566330F-A048-44A1-9821-7A5844C82CEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch5:*:*:*:*:*:*","matchCriteriaId":"1154F196-2CB3-4AC2-BE00-11A8942EA999"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:-:*:*:*:*:*:*","matchCriteriaId":"2A7003EB-C578-4C02-B768-F8C4C8421382"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch1:*:*:*:*:*:*","matchCriteriaId":"16B32F60-CEB7-4816-AA7C-3130D1053DC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.5.0:patch2:*:*:*:*:*:*","matchCriteriaId":"755761D7-8DDD-4219-8E37-FA535757710A"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-traversal-8bYndVrZ","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-20180","sourceIdentifier":"psirt@cisco.com","published":"2026-04-15T17:17:03.460","lastModified":"2026-07-08T14:24:46.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to&nbsp;root. In single-node ISE deployments, successful exploitation of these vulnerabilities could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Identity Services Engine Software","defaultStatus":"unknown","versions":[{"version":"3.1.0","status":"affected"},{"version":"3.1.0 p1","status":"affected"},{"version":"3.1.0 p3","status":"affected"},{"version":"3.1.0 p2","status":"affected"},{"version":"3.2.0","status":"affected"},{"version":"3.1.0 p4","status":"affected"},{"version":"3.1.0 p5","status":"affected"},{"version":"3.2.0 p1","status":"affected"},{"version":"3.1.0 p6","status":"affected"},{"version":"3.2.0 p2","status":"affected"},{"version":"3.1.0 p7","status":"affected"},{"version":"3.3.0","status":"affected"},{"version":"3.2.0 p3","status":"affected"},{"version":"3.2.0 p4","status":"affected"},{"version":"3.1.0 p8","status":"affected"},{"version":"3.2.0 p5","status":"affected"},{"version":"3.2.0 p6","status":"affected"},{"version":"3.1.0 p9","status":"affected"},{"version":"3.3 Patch 2","status":"affected"},{"version":"3.3 Patch 1","status":"affected"},{"version":"3.3 Patch 3","status":"affected"},{"version":"3.4.0","status":"affected"},{"version":"3.2.0 p7","status":"affected"},{"version":"3.3 Patch 4","status":"affected"},{"version":"3.4 Patch 1","status":"affected"},{"version":"3.1.0 p10","status":"affected"},{"version":"3.3 Patch 5","status":"affected"},{"version":"3.3 Patch 6","status":"affected"},{"version":"3.4 Patch 2","status":"affected"},{"version":"3.3 Patch 7","status":"affected"},{"version":"3.4 Patch 3","status":"affected"},{"version":"3.5.0","status":"affected"},{"version":"3.2 Patch 8","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-15T00:00:00+00:00","id":"CVE-2026-20180","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.0","matchCriteriaId":"68181711-C28D-4464-8C67-0A4FA0F338BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*","matchCriteriaId":"7932D5D5-83E1-4BEF-845A-D0783D4BB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*","matchCriteriaId":"1B818846-4A6E-4256-B344-281E8C786C43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*","matchCriteriaId":"A44858A2-922A-425A-8B38-0C47DB911A3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*","matchCriteriaId":"53484A32-757B-42F8-B655-554C34222060"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*","matchCriteriaId":"0CCAC61F-C273-49B3-A631-31D3AE3EB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*","matchCriteriaId":"51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*","matchCriteriaId":"B452B4F0-8510-475E-9AE8-B48FABB4D7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*","matchCriteriaId":"5733512D-12B5-4098-AF90-9D68217FAC27"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch7:*:*:*:*:*:*","matchCriteriaId":"D4B14684-EB9E-405B-85FA-B62E57CB292C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch2:*:*:*:*:*:*","matchCriteriaId":"CD05FF93-7B8C-4283-9DB7-E03FE98FAADF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch3:*:*:*:*:*:*","matchCriteriaId":"0F9B6A8E-E773-44A3-9266-878F0C58EB41"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40938","sourceIdentifier":"security-advisories@github.com","published":"2026-04-21T21:16:46.283","lastModified":"2026-07-08T13:16:41.590","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"tektoncd","product":"pipeline","versions":[{"version":">= 1.0.0, < 1.0.2","status":"affected"},{"version":">= 1.2.0, < 1.3.4","status":"affected"},{"version":">= 1.4.0, < 1.6.2","status":"affected"},{"version":">= 1.7.0, < 1.9.3","status":"affected"},{"version":">= 1.10.0, < 1.11.1","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Builds 1.7.4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_builds:1.7::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Builds 1.8.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_builds:1.8::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Pipelines 1.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1.21::el9"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"OpenShift Serverless","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:serverless:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Virtualization 4","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:container_native_virtualization:4"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-22T18:31:54.871943Z","id":"CVE-2026-40938","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:tekton_pipelines:*:*:*:*:*:go:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.11.0","matchCriteriaId":"64DC28D5-E9D3-4D6A-8006-ADDE91D144BA"}]}]}],"references":[{"url":"https://github.com/tektoncd/pipeline/releases/tag/v1.11.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:17546","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24359","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:24484","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26519","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26538","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-40938","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460292","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40938.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-0711","sourceIdentifier":"security@zyxel.com.tw","published":"2026-04-28T03:16:02.167","lastModified":"2026-07-08T15:26:09.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A post-authentication command injection vulnerability in the EasyMesh-related APIs of Zyxel DX3300-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated, adjacent attacker with administrator privileges to execute OS commands on an affected device."}],"affected":[{"source":"security@zyxel.com.tw","affectedData":[{"vendor":"Zyxel","product":"DX3300-T0 firmware","defaultStatus":"unaffected","versions":[{"version":"<= 5.50(ABVY.7.1)C0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zyxel.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T00:00:00+00:00","id":"CVE-2026-0711","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zyxel.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nr5307_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2.00\\(acjt.3\\)c0","matchCriteriaId":"E3CFB41B-C3A8-42FC-98F2-D0CA9FC4B2C5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nr5307:-:*:*:*:*:*:*:*","matchCriteriaId":"27C408EF-36D8-4111-8CC5-C1278A884F67"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa515_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acpz.0\\)v0","matchCriteriaId":"82904F03-AE99-434C-AFDD-8AC6605269AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa515:-:*:*:*:*:*:*:*","matchCriteriaId":"7C814005-F021-4AFC-8043-0B00EED3FBA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"3D1FA8F1-2B41-41AA-82DD-97A8CE957A57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"6D3E176E-F728-4385-8533-4C694D43898A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"A30578C5-2232-4596-ADD3-3826D5AC7298"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"2456F691-C182-4BE6-A08F-5E1717366DCA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"4D323A56-1FC9-4B18-A73B-83369558039A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"3BBDC072-5D40-4130-9B5F-22FDA9BF909A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx5401-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"333EADF7-021A-447E-A741-20924B05E874"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx5401-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"B293E564-2C48-442A-A415-34383DF3ADBA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"A1166223-0BC7-44A9-9941-D22EFFEE903D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"AFE5C53C-4255-4AEE-A49E-36C1A2CF10F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acmu.3.1\\)c0","matchCriteriaId":"5C612237-6809-4820-97A2-D7A1E177971F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee3301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"6360F4D5-AFA7-4BE2-A3DE-8936453FF7ED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee5301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acld.3.1\\)c0","matchCriteriaId":"78231491-3C65-47AD-9F59-1CDD5EF3A381"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee5301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"B28CD570-8DF0-428D-9EF6-87B05DD019D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19\\(acjq.4.2\\)c0","matchCriteriaId":"CB6321BA-7B09-4758-A55C-55EBD73ED6B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*","matchCriteriaId":"CD4AE46D-E374-4224-9A66-4291B6A10C00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"6D365F50-DE02-4861-AB54-67CEBC7E634C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"9259E2F6-885D-4B44-8D40-20758DA599D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"8C47A92E-1595-4A9F-A10E-F6195CD4CD46"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"F3ECE0EB-C429-4716-ABFB-73540847EB9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C4E173F5-57FA-429E-8CAA-E47D6CA79436"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"137F8B94-4176-4D9B-8704-28525E7352D1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C41A2CEB-DD8A-4396-809A-F4C5259373B8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"F766221F-7478-4E39-B4CD-A2498ACEE754"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C413302B-9472-4C39-A5A2-3C3F18D8A4DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(achr.6\\)c0","matchCriteriaId":"94FC0334-D656-419E-9F6F-CE1F0BB63880"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"8714EB1B-38E5-4295-AD26-EE13E2161DEA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(achr.6\\)c0","matchCriteriaId":"38BB03D3-A558-484C-AB85-707763F8853F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"A98F76BD-0404-46DD-AE6A-EB630FEC8904"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acif.3\\)c0","matchCriteriaId":"4E52AF49-FF16-4A0F-9F50-6F8F9C0EFA7F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"D3BCC6A9-1CAE-459D-BE7D-AAB956BD1B92"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5401-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"F459F871-7B1A-4140-9202-CDEA9BF2CFE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5401-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"6B1B9D0C-AB6C-43E1-BFCA-50EF231510FC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"49F5F019-919C-4912-B2B6-4D6A5624F774"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"7213FA12-5CD6-4E9B-8387-A52AEF17EA10"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(aceg.5.5\\)c0","matchCriteriaId":"ECFF8291-4F5E-4E34-98C6-BC985DD98AFF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"F32FA3FB-CE89-4CC1-9D8D-765B90A122DF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acdz.6\\)c0","matchCriteriaId":"1659651E-11BA-4A5E-AC88-51B56FE951FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"ABFF2039-5DCC-4850-8BDA-3D418629C226"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acdz.6\\)c0","matchCriteriaId":"F416BF40-DB7A-4F78-A887-45E62E25B58D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"D629D4B6-B2F2-45F1-9295-71751570C231"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.18\\(achn.3.2\\)c0","matchCriteriaId":"4166B089-90E7-4B42-B968-6CB6336C5973"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex7501-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"1CE049DE-A5DA-4A4F-BA30-BBD09FF34DE0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"F35B4F0C-53E5-454F-B187-B9BDCDD7CABA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"BB5E8468-D12F-4CBE-AC7E-27D5A928A85A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"FD94B78C-9F9E-406C-A940-434B4DDE21E6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"C3535B63-318C-4EB5-ADC8-0AF3FB443DFC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ax7501-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abpc.7.2\\)c0","matchCriteriaId":"A402953C-88D0-4797-9B6C-D649E3CB4555"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ax7501-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"78473083-F702-4B81-AAA0-B66A0984FF6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abpc.7.2\\)c0","matchCriteriaId":"AA956C29-AA9E-433D-8613-D700B34C7C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"780BBA7D-7E2C-4624-AA15-8A51F3DF428F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:pe3301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acmt.3.1\\)c0","matchCriteriaId":"CFCE007D-5E4D-42ED-9F38-6909C7976745"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:pe3301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"B4171802-2480-4F21-A17A-49D8D0E3727A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:pe5301-01_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acoj.3.1\\)c0","matchCriteriaId":"30CBAF7B-4B7B-4764-9DDA-A4A2FC710B0C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:pe5301-01:-:*:*:*:*:*:*:*","matchCriteriaId":"8CFFB6F6-F8ED-4AFA-B1D7-4E9C5D1F7897"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:px5302-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(acnm.0.1\\)c0","matchCriteriaId":"B3888E31-CE3A-416E-B24A-E6AA160D3E4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:px5302-00:-:*:*:*:*:*:*:*","matchCriteriaId":"27CF1A98-893C-4586-A6EF-A205B2204645"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(ackb.0.7\\)c0","matchCriteriaId":"B23A6540-2FE2-4B4B-A86C-B3F16D32BA68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"7EBB4C27-DAEB-4297-98DC-3B22353B5184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:we3300-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acka.2\\)c0","matchCriteriaId":"B3DF52F9-8AF0-49BB-8482-82562BE1AAC5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:we3300-00:-:*:*:*:*:*:*:*","matchCriteriaId":"532CBEBB-0D42-42F7-9916-7D8E360E0776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:wx3100-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvl.4.10\\)c0","matchCriteriaId":"906387F0-9AC2-4355-A7CE-08E13C76EEB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:wx3100-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"C2C56248-D12F-46DC-A52F-0607E4A5DCCC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:we4600-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.70\\(ackt.1\\)c0","matchCriteriaId":"DDA6A438-CDD1-41F0-9216-BC3C042D9CA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:we4600-00:-:*:*:*:*:*:*:*","matchCriteriaId":"39E894F1-DA55-4E1A-90F6-002271E55B88"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(aceb.6\\)c0","matchCriteriaId":"AB90CEA7-B554-49BF-9B23-C7B75AA5DAE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE"}]}]}],"references":[{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026","source":"security@zyxel.com.tw","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-1460","sourceIdentifier":"security@zyxel.com.tw","published":"2026-04-28T03:16:02.313","lastModified":"2026-07-08T15:29:20.913","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A post-authentication command injection vulnerability in the “DomainName” parameter of the DHCP configuration file in Zyxel DX3301-T0 and EX3301-T0 firmware versions through 5.50(ABVY.7.1)C0 could allow an authenticated attacker with administrator privileges to execute OS commands on an affected device."}],"affected":[{"source":"security@zyxel.com.tw","affectedData":[{"vendor":"Zyxel","product":"DX3301-T0 firmware","defaultStatus":"unaffected","versions":[{"version":"<= 5.50(ABVY.7.1)C0","status":"affected"}]},{"vendor":"Zyxel","product":"EX3301-T0 firmware","defaultStatus":"unaffected","versions":[{"version":"<= 5.50(ABVY.7.1)C0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@zyxel.com.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T00:00:00+00:00","id":"CVE-2026-1460","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@zyxel.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa70_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.51\\(acrf.0\\)v0","matchCriteriaId":"ACA5EF54-F74E-49CC-B8C1-73ECCE348C40"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa70:-:*:*:*:*:*:*:*","matchCriteriaId":"5D6EB26F-F986-4051-A50F-46CB32096635"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa505_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acko.3\\)v0","matchCriteriaId":"830BF8ED-3CE2-476D-8529-CA55A8647CAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa505:-:*:*:*:*:*:*:*","matchCriteriaId":"5052039B-5273-4CDF-AFA5-609855801D24"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa510_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acgd.1\\)v0","matchCriteriaId":"CACF5A53-A5B5-40ED-90E1-EE95F7870BBD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa510:-:*:*:*:*:*:*:*","matchCriteriaId":"80B7099C-DAA5-4902-A62B-B680C9450575"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa515_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acpz.1\\)v0","matchCriteriaId":"54F76733-2D49-4888-9678-3E506FE8265E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa515:-:*:*:*:*:*:*:*","matchCriteriaId":"7C814005-F021-4AFC-8043-0B00EED3FBA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_fwa710_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.60\\(acgc.2\\)v0","matchCriteriaId":"C9934637-E668-45CF-8375-8A7C12E43646"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_fwa710:-:*:*:*:*:*:*:*","matchCriteriaId":"92221518-C7EA-46D7-8037-A580CEA01093"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_lte3301-plus_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.18\\(acca.7\\)v0","matchCriteriaId":"EEEDA6F0-765C-4121-AAF7-9CE42CDAA853"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_lte3301-plus:-:*:*:*:*:*:*:*","matchCriteriaId":"42297A6A-3E50-4E9E-ABF6-58C77F222DC1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_lte7461-m602_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.15\\(acev.4\\)v0","matchCriteriaId":"6AEE1A81-4D5C-42B2-B10B-BB1F9D106DF7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_lte7461-m602:-:*:*:*:*:*:*:*","matchCriteriaId":"44AA94AF-24B0-4C91-A990-9418EA5A5DAC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_nr5101_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16\\(accg.1\\)v0","matchCriteriaId":"7D0775F7-602B-47A7-B07E-1BC4AB8BF29E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_nr5101:-:*:*:*:*:*:*:*","matchCriteriaId":"F9F605B8-A892-4119-AB7A-D14CDC5DFC88"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nebula_nr7101_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.16\\(accc.2\\)v0","matchCriteriaId":"A7D775A9-9D21-435D-A7AC-8F3D849554E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nebula_nr7101:-:*:*:*:*:*:*:*","matchCriteriaId":"52096C1F-F73C-413E-9D37-82EFA4703AEC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3300-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"3D1FA8F1-2B41-41AA-82DD-97A8CE957A57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3300-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"6D3E176E-F728-4385-8533-4C694D43898A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3300-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"A30578C5-2232-4596-ADD3-3826D5AC7298"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3300-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"2456F691-C182-4BE6-A08F-5E1717366DCA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx3301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"4D323A56-1FC9-4B18-A73B-83369558039A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx3301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"3BBDC072-5D40-4130-9B5F-22FDA9BF909A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:dx5401-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"A1166223-0BC7-44A9-9941-D22EFFEE903D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:dx5401-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"AFE5C53C-4255-4AEE-A49E-36C1A2CF10F5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee3301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acmu.3.1\\)c0","matchCriteriaId":"5C612237-6809-4820-97A2-D7A1E177971F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee3301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"6360F4D5-AFA7-4BE2-A3DE-8936453FF7ED"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee5301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acld.3.1\\)c0","matchCriteriaId":"78231491-3C65-47AD-9F59-1CDD5EF3A381"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee5301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"B28CD570-8DF0-428D-9EF6-87B05DD019D7"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ee6510-10_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.19\\(acjq.4.2\\)c0","matchCriteriaId":"CB6321BA-7B09-4758-A55C-55EBD73ED6B6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ee6510-10:-:*:*:*:*:*:*:*","matchCriteriaId":"CD4AE46D-E374-4224-9A66-4291B6A10C00"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:emg3525-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"6D365F50-DE02-4861-AB54-67CEBC7E634C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:emg3525-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"9259E2F6-885D-4B44-8D40-20758DA599D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:emg5523-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"8C47A92E-1595-4A9F-A10E-F6195CD4CD46"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:emg5523-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"F3ECE0EB-C429-4716-ABFB-73540847EB9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex2210-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(acdi.2.5\\)c0","matchCriteriaId":"6B8CDF27-C9F7-4B6F-925F-28B20AF606EB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex2210-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"A71E4E6F-357E-4DAA-B7D7-7CF44000F0CF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3300-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C4E173F5-57FA-429E-8CAA-E47D6CA79436"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3300-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"137F8B94-4176-4D9B-8704-28525E7352D1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3300-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C41A2CEB-DD8A-4396-809A-F4C5259373B8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3300-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"F766221F-7478-4E39-B4CD-A2498ACEE754"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abvy.7.2\\)c0","matchCriteriaId":"C413302B-9472-4C39-A5A2-3C3F18D8A4DA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"B37B17D8-76CF-4A26-B2DB-41B1BC9FD0A2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3500-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(achr.6\\)c0","matchCriteriaId":"94FC0334-D656-419E-9F6F-CE1F0BB63880"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3500-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"8714EB1B-38E5-4295-AD26-EE13E2161DEA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3501-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(achr.6\\)c0","matchCriteriaId":"38BB03D3-A558-484C-AB85-707763F8853F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3501-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"A98F76BD-0404-46DD-AE6A-EB630FEC8904"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex3600-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acif.3\\)c0","matchCriteriaId":"4E52AF49-FF16-4A0F-9F50-6F8F9C0EFA7F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex3600-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"D3BCC6A9-1CAE-459D-BE7D-AAB956BD1B92"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5401-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abyo.7.2\\)c0","matchCriteriaId":"49F5F019-919C-4912-B2B6-4D6A5624F774"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5401-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"7213FA12-5CD6-4E9B-8387-A52AEF17EA10"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5512-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(aceg.5.5\\)c0","matchCriteriaId":"ECFF8291-4F5E-4E34-98C6-BC985DD98AFF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5512-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"F32FA3FB-CE89-4CC1-9D8D-765B90A122DF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5601-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acdz.6\\)c0","matchCriteriaId":"1659651E-11BA-4A5E-AC88-51B56FE951FC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5601-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"ABFF2039-5DCC-4850-8BDA-3D418629C226"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex5601-t1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acdz.6\\)c0","matchCriteriaId":"F416BF40-DB7A-4F78-A887-45E62E25B58D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex5601-t1:-:*:*:*:*:*:*:*","matchCriteriaId":"D629D4B6-B2F2-45F1-9295-71751570C231"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex7501-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.18\\(achn.3.2\\)c0","matchCriteriaId":"4166B089-90E7-4B42-B968-6CB6336C5973"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex7501-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"1CE049DE-A5DA-4A4F-BA30-BBD09FF34DE0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ex7710-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.18\\(acak.1.7\\)c0","matchCriteriaId":"6EE63106-FEEE-4722-A4BE-12A1BD3E407C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ex7710-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"07727D9C-723B-4761-B6B6-07FE1784D3C1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:gm4100-b0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.18\\(accl.2.1\\)c0","matchCriteriaId":"8543CC65-F1EA-4D19-97E9-8EFC028E212D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:gm4100-b0:-:*:*:*:*:*:*:*","matchCriteriaId":"182AB7CA-DFD4-4C0A-958B-6794A39FFAEF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg3625-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"F35B4F0C-53E5-454F-B187-B9BDCDD7CABA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg3625-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"BB5E8468-D12F-4CBE-AC7E-27D5A928A85A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg4005-b50a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abqa.3.3\\)c0","matchCriteriaId":"E62FCD44-DBBD-4809-ADD8-C6596AB9C71D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg4005-b50a:-:*:*:*:*:*:*:*","matchCriteriaId":"88F74228-AC0C-4150-974D-54D77BBF9A90"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg4005-b60a_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abqa.3.3\\)c0","matchCriteriaId":"434F9EDF-91E2-4113-B358-A51E1B33D488"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg4005-b60a:-:*:*:*:*:*:*:*","matchCriteriaId":"30C1B91D-3EA0-4A1D-833A-6767A6C84DA3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:vmg8623-t50b_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.50\\(abpm.9.8\\)c0","matchCriteriaId":"FD94B78C-9F9E-406C-A940-434B4DDE21E6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:vmg8623-t50b:-:*:*:*:*:*:*:*","matchCriteriaId":"C3535B63-318C-4EB5-ADC8-0AF3FB443DFC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:am7510-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acor.0.2\\)c0","matchCriteriaId":"753A36DC-BC06-408D-90B3-00D7CE5261F3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:am7510-00:-:*:*:*:*:*:*:*","matchCriteriaId":"0B70256B-4916-4CBC-ADCB-6CB31E805564"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:ax7501-b1_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.17\\(abpc.7.2\\)c0","matchCriteriaId":"AA956C29-AA9E-433D-8613-D700B34C7C9C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:ax7501-b1:-:*:*:*:*:*:*:*","matchCriteriaId":"780BBA7D-7E2C-4624-AA15-8A51F3DF428F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:pe3301-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acmt.3.1\\)c0","matchCriteriaId":"CFCE007D-5E4D-42ED-9F38-6909C7976745"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:pe3301-00:-:*:*:*:*:*:*:*","matchCriteriaId":"B4171802-2480-4F21-A17A-49D8D0E3727A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:pe5301-01_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.63\\(acoj.3.1\\)c0","matchCriteriaId":"30CBAF7B-4B7B-4764-9DDA-A4A2FC710B0C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:pe5301-01:-:*:*:*:*:*:*:*","matchCriteriaId":"8CFFB6F6-F8ED-4AFA-B1D7-4E9C5D1F7897"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:px5301-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(ackb.0.7\\)c0","matchCriteriaId":"B23A6540-2FE2-4B4B-A86C-B3F16D32BA68"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:px5301-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"7EBB4C27-DAEB-4297-98DC-3B22353B5184"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:px5302-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.44\\(acnm.0.1\\)c0","matchCriteriaId":"B3888E31-CE3A-416E-B24A-E6AA160D3E4E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:px5302-00:-:*:*:*:*:*:*:*","matchCriteriaId":"27CF1A98-893C-4586-A6EF-A205B2204645"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:we3300-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(acka.2\\)c0","matchCriteriaId":"B3DF52F9-8AF0-49BB-8482-82562BE1AAC5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:we3300-00:-:*:*:*:*:*:*:*","matchCriteriaId":"532CBEBB-0D42-42F7-9916-7D8E360E0776"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:we4600-00_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"6.70\\(ackt.1\\)c0","matchCriteriaId":"DDA6A438-CDD1-41F0-9216-BC3C042D9CA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:we4600-00:-:*:*:*:*:*:*:*","matchCriteriaId":"39E894F1-DA55-4E1A-90F6-002271E55B88"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:wx5600-t0_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"5.70\\(aceb.6\\)c0","matchCriteriaId":"AB90CEA7-B554-49BF-9B23-C7B75AA5DAE3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:wx5600-t0:-:*:*:*:*:*:*:*","matchCriteriaId":"303DB62A-2A7E-4CB7-ADA0-29C23BFD41BE"}]}]}],"references":[{"url":"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerabilities-in-certain-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wireless-extenders-04-28-2026","source":"security@zyxel.com.tw","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40355","sourceIdentifier":"cve@mitre.org","published":"2026-04-28T06:16:03.663","lastModified":"2026-07-08T12:48:28.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MIT","product":"Kerberos 5","defaultStatus":"unaffected","versions":[{"version":"1.18","lessThan":"1.22.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T12:53:15.785781Z","id":"CVE-2026-40355","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*","versionStartIncluding":"1.18.0","versionEndIncluding":"1.22.2","matchCriteriaId":"7A5665F4-71F4-4A71-A0A0-1E1F2BECA288"}]}]}],"references":[{"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","Patch"]},{"url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://web.mit.edu/kerberos/advisories/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory","Patch"]}]}},{"cve":{"id":"CVE-2026-40356","sourceIdentifier":"cve@mitre.org","published":"2026-04-28T07:16:03.197","lastModified":"2026-07-08T12:48:10.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"MIT","product":"Kerberos 5","defaultStatus":"unaffected","versions":[{"version":"1.18","lessThan":"1.22.3","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-28T13:10:05.740836Z","id":"CVE-2026-40356","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*","versionStartIncluding":"1.18.0","versionEndIncluding":"1.22.2","matchCriteriaId":"7A5665F4-71F4-4A71-A0A0-1E1F2BECA288"}]}]}],"references":[{"url":"https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","Patch"]},{"url":"https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://web.mit.edu/kerberos/advisories/","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42997","sourceIdentifier":"cve@mitre.org","published":"2026-05-05T19:16:22.817","lastModified":"2026-07-08T13:16:44.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token (which provides access to all OpenStack services Ironic is authorized for); or basic credentials configured for molds storage. The fixed versions are 26.1.6, 29.0.5, 32.0.1, and 35.0.1."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","versions":[{"version":"17.0.0","lessThan":"26.1.6","versionType":"semver","status":"affected"},{"version":"27.0.0","lessThan":"29.0.5","versionType":"semver","status":"affected"},{"version":"30.0.0","lessThan":"32.0.1","versionType":"semver","status":"affected"},{"version":"33.0.0","lessThan":"35.0.1","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:17.1"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"affected","cpes":["cpe:/a:redhat:openstack:18.0"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:16.2"]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-05T18:38:38.789483Z","id":"CVE-2026-42997","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-669"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"17.0.0","versionEndExcluding":"26.1.6","matchCriteriaId":"175C310D-6E5A-49AE-94DA-7B0FCD5DA2E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"27.0.0","versionEndExcluding":"29.0.5","matchCriteriaId":"4F948886-9748-40E0-A3C2-2C95CCB2D498"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"30.0.0","versionEndExcluding":"32.0.1","matchCriteriaId":"23B410FC-0DC1-4BB8-98C2-6EB01DF839CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"33.0.0","versionEndExcluding":"35.0.1","matchCriteriaId":"40C73777-6AE0-4FAE-BBE6-C499CD51A3C0"}]}]}],"references":[{"url":"https://security.openstack.org/ossa/OSSA-2026-010.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://www.openwall.com/lists/oss-security/2026/05/05/10","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/05/05/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-42997","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466844","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42997.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-43112","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T10:16:24.927","lastModified":"2026-07-08T13:16:44.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath\n\nWhen cifs_sanitize_prepath is called with an empty string or a string\ncontaining only delimiters (e.g., \"/\"), the current logic attempts to\ncheck *(cursor2 - 1) before cursor2 has advanced. This results in an\nout-of-bounds read.\n\nThis patch adds an early exit check after stripping prepended\ndelimiters. If no path content remains, the function returns NULL.\n\nThe bug was identified via manual audit and verified using a\nstandalone test case compiled with AddressSanitizer, which\ntriggered a SEGV on affected inputs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/client/fs_context.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c63433a09d6ae4c226fcbc66da4c58fc189fd746","lessThan":"a2ba20c17de8eb028f96b1d85f119d3d25655bd9","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"fbced33599653471b4581dfe1abc7b467031f126","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"5d4fe469fe7dbff7d874c196bb680a82f2625d95","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"86f9c23e0814cfdffda9eedf0c591c51ba209010","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"49b1ce6d7cfb6c5a49f68bf5ccfcfb6ba14e63c3","versionType":"git","status":"affected"},{"version":"a31080899d5fdafcccf7f39dd214a814a2c82626","lessThan":"78ec5bf2f589ec7fd8f169394bfeca541b077317","versionType":"git","status":"affected"},{"version":"5.15.11","lessThan":"5.15.209","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/client/fs_context.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.136","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.83","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.24","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.14","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16.1","versionEndExcluding":"6.6.136","matchCriteriaId":"005FE1BE-809A-4536-BE37-C2437DE0927E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.83","matchCriteriaId":"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.24","matchCriteriaId":"8126B8B8-6D0B-4443-86C1-672AEE893555"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.14","matchCriteriaId":"D6A8A074-BBF4-4803-ABED-519A839435BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*","matchCriteriaId":"FF588A58-013F-4DBF-A3AB-70EC054B1892"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc6:*:*:*:*:*:*","matchCriteriaId":"8A0915FE-A4AA-4C94-B783-CF29D81E7E54"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc7:*:*:*:*:*:*","matchCriteriaId":"4EAC2750-F7C6-4A4E-9C04-1E450722B853"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.16:rc8:*:*:*:*:*:*","matchCriteriaId":"ED611C74-E83A-4AFA-8688-9B829C02B038"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*","matchCriteriaId":"F666C8D8-6538-46D4-B318-87610DE64C34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*","matchCriteriaId":"02259FDA-961B-47BC-AE7F-93D7EC6E90C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*","matchCriteriaId":"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*","matchCriteriaId":"1D2315C0-D46F-4F85-9754-F9E5E11374A6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2d29214448ec0f4e7e18bb1c14dd4a6c07f1c439","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/49b1ce6d7cfb6c5a49f68bf5ccfcfb6ba14e63c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d4fe469fe7dbff7d874c196bb680a82f2625d95","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78ec5bf2f589ec7fd8f169394bfeca541b077317","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86f9c23e0814cfdffda9eedf0c591c51ba209010","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a2ba20c17de8eb028f96b1d85f119d3d25655bd9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fbced33599653471b4581dfe1abc7b467031f126","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://access.redhat.com/errata/RHSA-2026:34911","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36018","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36365","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36366","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-43112","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467015","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43112.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-43198","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-06T12:16:38.857","lastModified":"2026-07-08T13:16:45.187","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix potential race in tcp_v6_syn_recv_sock()\n\nCode in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock()\nis done too late.\n\nAfter tcp_v4_syn_recv_sock(), the child socket is already visible\nfrom TCP ehash table and other cpus might use it.\n\nSince newinet->pinet6 is still pointing to the listener ipv6_pinfo\nbad things can happen as syzbot found.\n\nMove the problematic code in tcp_v6_mapped_child_init()\nand call this new helper from tcp_v4_syn_recv_sock() before\nthe ehash insertion.\n\nThis allows the removal of one tcp_sync_mss(), since\ntcp_v4_syn_recv_sock() will call it with the correct\ncontext."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/inet_connection_sock.h","include/net/tcp.h","net/ipv4/syncookies.c","net/ipv4/tcp_fastopen.c","net/ipv4/tcp_ipv4.c","net/ipv4/tcp_minisocks.c","net/ipv6/tcp_ipv6.c","net/mptcp/subflow.c","net/smc/af_smc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"fe89b2f05b854847784f91127319172945c1fadd","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"7178e2a8027423b2af17ab95df73a749a5b72e5b","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"858d2a4f67ff69e645a43487ef7ea7f28f06deae","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/inet_connection_sock.h","include/net/tcp.h","net/ipv4/syncookies.c","net/ipv4/tcp_fastopen.c","net/ipv4/tcp_ipv4.c","net/ipv4/tcp_minisocks.c","net/ipv6/tcp_ipv6.c","net/mptcp/subflow.c","net/smc/af_smc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-821"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"6.18.16","matchCriteriaId":"0565F020-6741-42F7-A887-6FEBC0627804"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.6","matchCriteriaId":"373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F253B622-8837-4245-BCE5-A7BF8FC76A16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7178e2a8027423b2af17ab95df73a749a5b72e5b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/858d2a4f67ff69e645a43487ef7ea7f28f06deae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe89b2f05b854847784f91127319172945c1fadd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:30129","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33215","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33285","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34094","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34443","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35863","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35894","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35896","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35904","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36073","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36348","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36349","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-43198","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467228","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-43198.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-20035","sourceIdentifier":"psirt@cisco.com","published":"2026-05-06T17:16:20.280","lastModified":"2026-07-08T13:15:03.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device.\r\n\r\nThis vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"Cisco","product":"Cisco Unity Connection","defaultStatus":"unknown","versions":[{"version":"12.5(1)","status":"affected"},{"version":"12.5(1)SU1","status":"affected"},{"version":"12.5(1)SU2","status":"affected"},{"version":"12.5(1)SU3","status":"affected"},{"version":"12.5(1)SU4","status":"affected"},{"version":"14","status":"affected"},{"version":"12.5(1)SU5","status":"affected"},{"version":"14SU1","status":"affected"},{"version":"12.5(1)SU6","status":"affected"},{"version":"14SU2","status":"affected"},{"version":"12.5(1)SU7","status":"affected"},{"version":"14SU3","status":"affected"},{"version":"12.5(1)SU8","status":"affected"},{"version":"14SU3a","status":"affected"},{"version":"12.5(1)SU8a","status":"affected"},{"version":"15","status":"affected"},{"version":"15SU1","status":"affected"},{"version":"14SU4","status":"affected"},{"version":"12.5(1)SU9","status":"affected"},{"version":"15SU2","status":"affected"},{"version":"15SU3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-06T17:27:15.669186Z","id":"CVE-2026-20035","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","matchCriteriaId":"6313AB2B-8CBB-48FF-BCBF-B24DE98855EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14.0:*:*:*:*:*:*:*","matchCriteriaId":"A85D56C0-D4A3-43A7-9CD1-FCEB6C8AEF66"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14su1:*:*:*:*:*:*:*","matchCriteriaId":"774C01A1-9328-45E8-9BDD-470A10BC3C2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14su2:*:*:*:*:*:*:*","matchCriteriaId":"CD8AB4B5-12C2-4F02-A4C3-4B8C06AFFD53"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14su3:*:*:*:*:*:*:*","matchCriteriaId":"181866CE-6279-4422-8EF8-7A12DB5B21F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:14su4:*:*:*:*:*:*:*","matchCriteriaId":"D09F3655-B513-48F6-82A8-F0F946C52D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:15.0:*:*:*:*:*:*:*","matchCriteriaId":"97CC6719-1A7F-48BA-8014-802E235ED80D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:15su1:*:*:*:*:*:*:*","matchCriteriaId":"2C9412EC-282C-4926-83F8-932E24E0FC22"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:15su2:*:*:*:*:*:*:*","matchCriteriaId":"37EFE547-7D3C-4D71-8D46-2C5734B9D64B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unity_connection:15su3:*:*:*:*:*:*:*","matchCriteriaId":"CE6AF25B-E6F9-4E15-902D-4516DFE8C8E2"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42010","sourceIdentifier":"secalert@redhat.com","published":"2026-05-07T12:16:17.977","lastModified":"2026-07-08T13:16:42.610","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream","cpe:/o:redhat:rhel_e4s:9.4::baseos"],"versions":[{"version":"0:3.8.3-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:3.8.3-6.el9_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"4.20.9.6.202607010620-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"4.21.9.6.202607011303-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.22::el9"],"versions":[{"version":"4.22.9.8.202606301732-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951051","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951012","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-07T13:47:12.364306Z","id":"CVE-2026-42010","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-170"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-626"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-170"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*","matchCriteriaId":"33A22858-21E1-479F-A9C4-AD2EFD059B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34790","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42010","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467289","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34790","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42010","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467289","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42010.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-1677","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-05-11T06:16:08.683","lastModified":"2026-07-08T13:36:24.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS (e.g. via `mbedtls_ssl_conf_min_tls_version`). The ClientHello advertises both versions and the peer can establish TLS 1.2, so applications that assumed `IPPROTO_TLS_1_3` enforces TLS 1.3 may silently use TLS 1.2 and remain exposed to TLS 1.2-specific weaknesses. As a workaround, the `TLS_CIPHERSUITE_LIST` socket option can be restricted to TLS 1.3-only cipher suites."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-11T16:31:12.694213Z","id":"CVE-2026-1677","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-757"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-23r2-m5wx-4rvq","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory","Mitigation"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-23r2-m5wx-4rvq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-1681","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-05-12T07:16:09.843","lastModified":"2026-07-08T13:34:13.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are processed inline before the current frame returns. The nested input-path frames exceed the work-queue stack and trigger a stack overflow."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-12T13:15:37.113227Z","id":"CVE-2026-1681","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-674"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-6fcc-8rwr-w7xx","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2025-53680","sourceIdentifier":"psirt@fortinet.com","published":"2026-05-12T18:16:35.687","lastModified":"2026-07-08T14:16:54.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper neutralization of special elements used in an OS command (\"OS Command Injection\") vulnerability [CWE-78] vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-U 7.0.0 through 7.0.5, FortiAP-U 6.2 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2 7.2 all versions, FortiAP-W2 7.0 all versions allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiAP-U","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiap-u:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-u:6.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.0.0","lessThanOrEqual":"7.0.5","versionType":"semver","status":"affected"},{"version":"6.2.0","lessThanOrEqual":"6.2.6","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAP-W2","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiap-w2:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap-w2:7.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"7.4.0","lessThanOrEqual":"7.4.4","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.5","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.8","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiAP","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortiap:7.6.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.6.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.6.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:7.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.9:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortiap:6.4.3:*:*:*:*:*:*:*"],"versions":[{"version":"7.6.0","lessThanOrEqual":"7.6.2","versionType":"semver","status":"affected"},{"version":"7.4.0","lessThanOrEqual":"7.4.5","versionType":"semver","status":"affected"},{"version":"7.2.0","lessThanOrEqual":"7.2.6","versionType":"semver","status":"affected"},{"version":"7.0.0","lessThanOrEqual":"7.0.7","versionType":"semver","status":"affected"},{"version":"6.4.3","lessThanOrEqual":"6.4.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-12T00:00:00+00:00","id":"CVE-2025-53680","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.4.6","matchCriteriaId":"18EEF706-844E-42A4-A8A7-A76EDFD75CA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiap:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.3","matchCriteriaId":"4CC1B150-4BDE-473A-833E-C680933B585F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiap-u:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.6","matchCriteriaId":"3A204363-7F30-46EB-AB10-9A40235EE24F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiap-w2:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.4.5","matchCriteriaId":"D0616584-0837-4800-9A3D-90D0F0F43278"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-131","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-26083","sourceIdentifier":"psirt@fortinet.com","published":"2026-05-12T18:16:39.817","lastModified":"2026-07-08T14:16:57.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all versions, FortiSandbox PaaS 22.1 all versions, FortiSandbox PaaS 21.4 all versions, FortiSandbox PaaS 21.3 all versions, FortiSandbox PaaS 5.0.0 through 5.0.1, FortiSandbox PaaS 4.4.5 through 4.4.8 may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests."}],"affected":[{"source":"psirt@fortinet.com","affectedData":[{"vendor":"Fortinet","product":"FortiSandbox","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandbox:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.5:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.0","lessThanOrEqual":"5.0.1","versionType":"semver","status":"affected"},{"version":"4.4.0","lessThanOrEqual":"4.4.8","versionType":"semver","status":"affected"},{"version":"4.2.1","lessThanOrEqual":"4.2.8","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSandbox PaaS","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4374:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.4.4350:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.3.4329:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:23.1.4245:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4151:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.2.4134:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:22.1.4113:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:21.4.4072:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:21.3.4055:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxpaas:4.4.5:*:*:*:*:*:*:*"],"versions":[{"version":"23.4.4374","status":"affected"},{"version":"23.4.4350","status":"affected"},{"version":"23.3.4329","status":"affected"},{"version":"23.1.4245","status":"affected"},{"version":"22.2.4151","status":"affected"},{"version":"22.2.4134","status":"affected"},{"version":"22.1.4113","status":"affected"},{"version":"21.4.4072","status":"affected"},{"version":"21.3.4055","status":"affected"},{"version":"5.0.0","lessThanOrEqual":"5.0.1","versionType":"semver","status":"affected"},{"version":"4.4.5","lessThanOrEqual":"4.4.8","versionType":"semver","status":"affected"}]},{"vendor":"Fortinet","product":"FortiSandbox Cloud","defaultStatus":"unaffected","cpes":["cpe:2.3:a:fortinet:fortisandboxcloud:5.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:4.4.8:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:4.4.7:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:4.4.6:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortisandboxcloud:4.4.5:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.0","lessThanOrEqual":"5.0.1","versionType":"semver","status":"affected"},{"version":"4.4.5","lessThanOrEqual":"4.4.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-12T00:00:00+00:00","id":"CVE-2026-26083","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.4.9","matchCriteriaId":"0025C9C0-8D61-4563-96F9-F4E09DD83B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.2","matchCriteriaId":"42640C50-5490-4B50-840B-D35031671C42"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.2","versionEndExcluding":"5.0.6","matchCriteriaId":"BB973322-626C-4821-882A-125DD5177251"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:*:*:*:*:*:*:*:*","versionStartIncluding":"23.1.4245","versionEndIncluding":"23.4.4374","matchCriteriaId":"7100CD0B-358B-4610-BB84-6E378571176D"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_cloud:24.1.4436:*:*:*:*:*:*:*","matchCriteriaId":"529FB46C-C0E5-43F5-A753-DD9E928FD4E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.5","versionEndExcluding":"4.4.9","matchCriteriaId":"251F88A0-B42A-475B-80BA-1A6B53620EF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.2","matchCriteriaId":"704EB14E-435A-4AC6-9FBC-C8A926BA22F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*","versionStartIncluding":"21.3.4055","versionEndIncluding":"23.4.4374","matchCriteriaId":"594E2353-2D20-400E-B9EA-7A08A49104B3"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-26-136","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-42009","sourceIdentifier":"secalert@redhat.com","published":"2026-05-18T13:16:32.707","lastModified":"2026-07-08T13:16:42.117","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:3.8.10-4.el10_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:3.8.9-9.el10_0.19","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:3.3.29-9.el7_9.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"],"versions":[{"version":"0:3.6.16-8.el8_10.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:3.6.14-10.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream","cpe:/o:redhat:rhel_aus:8.4::baseos","cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"],"versions":[{"version":"0:4.13-3.el8_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:3.6.16-5.el8_6.5","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream","cpe:/o:redhat:rhel_aus:8.6::baseos","cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"],"versions":[{"version":"0:4.13-3.el8_6.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:3.6.16-7.el8_8.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libtasn1","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream","cpe:/o:redhat:rhel_e4s:8.8::baseos","cpe:/o:redhat:rhel_tus:8.8::baseos"],"versions":[{"version":"0:4.13-4.el8_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/o:redhat:enterprise_linux:9::baseos"],"versions":[{"version":"0:3.8.10-4.el9_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream","cpe:/o:redhat:rhel_e4s:9.4::baseos"],"versions":[{"version":"0:3.8.3-4.el9_4.6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/o:redhat:rhel_eus:9.6::baseos"],"versions":[{"version":"0:3.8.3-6.el9_6.4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.20::el9"],"versions":[{"version":"4.20.9.6.202607010620-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.21::el9"],"versions":[{"version":"4.21.9.6.202607011303-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4.22::el9"],"versions":[{"version":"4.22.9.8.202606230855-0","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/model-opt-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951051","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-cuda-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951012","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhaiis/vllm-rocm-rhel9","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"],"versions":[{"version":"1782951244","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-server-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782159791","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"discovery/discovery-ui-rhel9","cpes":["cpe:/a:redhat:discovery:2::el9"],"versions":[{"version":"1782166952","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"gnutls-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"3.8.13-1.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/cds-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525684","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/haproxy-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525671","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/installer-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525693","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"rhui5/rhua-rhel9","cpes":["cpe:/a:redhat:rhui:5::el9"],"versions":[{"version":"1781525739","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gnutls","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.20","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.20::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.21","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.21::el9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4.22","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4.22::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat AI Inference Server 3.2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ai_inference_server:3.2::el9"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","cpes":["cpe:/a:redhat:hummingbird:1"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-18T19:05:03.965288Z","id":"CVE-2026-42009","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-475"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-475"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:gnutls:-:*:*:*:*:*:*:*","matchCriteriaId":"33A22858-21E1-479F-A9C4-AD2EFD059B93"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:arm64:*","matchCriteriaId":"07670103-FC39-4797-AF5F-1604DA1E6BF5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:x64:*","matchCriteriaId":"C22199FA-BF64-4181-86AE-C0F2DAABF9FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:8.10:*:*:*:*:*:arm64:*","matchCriteriaId":"376CC134-BC5D-4454-B9B5-5D929E24014A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:8.10:*:*:*:*:*:x64:*","matchCriteriaId":"75F13C81-5F6A-47FE-9CB0-44DE040B80F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"32AF225E-94C0-4D07-900C-DD868C05F554"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_els:8.10:*:*:*:*:*:*:*","matchCriteriaId":"33BA8164-7E51-4A33-9409-795AFA2B8572"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"23D471AC-7DCA-4425-AD91-E5D928753A8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_els:8.10:*:*:*:*:*:*:*","matchCriteriaId":"6C663446-AA2F-44FE-8520-E4F9460EA401"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:arm64:*","matchCriteriaId":"153FA4D1-CEA5-4D70-A452-22D492C2E419"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:x64:*","matchCriteriaId":"4E76AE2B-667E-4A9A-AC4B-CC8CFA9B159E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.8:*:*:*:*:*:arm64:*","matchCriteriaId":"FEDF9ADA-C9F7-4FB5-9180-DA7C45426231"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:9.8:*:*:*:*:*:arm64:*","matchCriteriaId":"EB5DCB28-C27E-45A1-8B2E-A129FE2CA419"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:9.8:*:*:*:*:*:x64:*","matchCriteriaId":"DF68EF0A-21CD-4914-B888-CFF8C7E7F4A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_eus:9.8:*:*:*:*:*:arm64:*","matchCriteriaId":"5DE13BC8-C141-4E3A-9C45-5FB35F03E411"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_eus:9.8:*:*:*:*:*:x64:*","matchCriteriaId":"A97CC58D-4A37-4B58-A718-BB9A5B5B1A19"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FB056B47-1F45-4CE4-81F6-872F66C24C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_els:9.8:*:*:*:*:*:*:*","matchCriteriaId":"19942CC8-3B44-416B-92FB-3AE705E57D34"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.8:*:*:*:*:*:*:*","matchCriteriaId":"AF3926BD-3724-4870-98F9-274FBC575EC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*","matchCriteriaId":"E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_els:9.8:*:*:*:*:*:*:*","matchCriteriaId":"5C5E1710-FD30-4A31-895F-FD91A5B55F4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.8:*:*:*:*:*:*:*","matchCriteriaId":"DDBCD07C-C8A3-488F-B000-DBBCAEE78811"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_update_services_for_sap_solutions:9.8:*:*:*:*:*:x64:*","matchCriteriaId":"1229A296-33D0-4C29-A50B-69BD84B32D99"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.8:*:*:*:*:*:*:*","matchCriteriaId":"C3A304C9-C1CB-40FE-9A8B-EC3AB507BDAD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:arm64:*","matchCriteriaId":"63D81CCC-AECF-436A-B019-B3149585F92C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:x64:*","matchCriteriaId":"472208E5-9850-47CD-8C7D-E1EBF7FDB2C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.2:*:*:*:*:*:arm64:*","matchCriteriaId":"4DBA7603-2980-42BE-981C-FAE97568B00B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.2:*:*:*:*:*:x64:*","matchCriteriaId":"D28BC9F4-ECC6-411B-B445-B247FACD9530"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:10.2:*:*:*:*:*:arm64:*","matchCriteriaId":"C78AA720-6EBB-4CA7-8831-22A7CBFE7A1C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_els:10.2:*:*:*:*:*:x64:*","matchCriteriaId":"1D055CB8-FA3A-4DB8-AB58-9B17F7EC552B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_eus:10.2:*:*:*:*:*:arm64:*","matchCriteriaId":"ADFDF403-9B07-48CF-8BB2-11054879BCF8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_eus:10.2:*:*:*:*:*:x64:*","matchCriteriaId":"E7AB6D4F-D513-45F8-BC00-5F6C93D0002D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*","matchCriteriaId":"FB056B47-1F45-4CE4-81F6-872F66C24C29"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:10.2:*:*:*:*:*:*:*","matchCriteriaId":"157996FE-FC8B-4D4E-9538-E14BC0D8466F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_els:10.2:*:*:*:*:*:*:*","matchCriteriaId":"1B8AC302-55C1-44FB-B66C-C6D0D6F5DBFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:10.2:*:*:*:*:*:*:*","matchCriteriaId":"F7F02954-7CB7-46F9-BBF1-3FAD6736F712"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.0:*:*:*:*:*:*:*","matchCriteriaId":"06A3271F-112F-4FB7-A2F7-6401A365FCBA"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:10.2:*:*:*:*:*:*:*","matchCriteriaId":"D6F30042-532F-4A7C-897B-1084C0587957"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_els:10.2:*:*:*:*:*:*:*","matchCriteriaId":"9BB0DAF9-794A-4DAF-A4C6-3DDD8E42F48D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:10.2:*:*:*:*:*:*:*","matchCriteriaId":"DDDCBC52-F003-4776-8D21-B525CF8D8B8D"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29794","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34372","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42009","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467279","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:13274","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20611","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20612","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:20613","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26409","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29794","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30849","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:30850","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:32962","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33125","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34372","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34764","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34788","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36004","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36005","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36006","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-42009","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467279","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42009.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5072","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-05-22T08:16:15.027","lastModified":"2026-07-08T13:31:40.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to set an unvalidated negative log_announce_interval value in the port's data set. When a subsequent PTP_MSG_ANNOUNCE message is processed, port_timer_set_timeout_random computes a timeout as NSEC_PER_SEC >> -log_seconds; if the attacker-supplied value is sufficiently negative (e.g., -127), the shift amount exceeds the 64-bit integer width, triggering undefined behavior in C. This can cause a system crash via a compiler-generated illegal instruction trap on some architectures, or produce an erroneous zero timeout leading to resource starvation loops or other logical errors."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-22T16:27:18.853870Z","id":"CVE-2026-5072","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1335"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3v98-458v-388r","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40033","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-05-26T15:16:34.480","lastModified":"2026-07-08T13:16:41.350","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"3.26.0","versionType":"semver","status":"affected"},{"version":"3.26.0","versionType":"semver","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-05-26T00:00:00+00:00","id":"CVE-2026-40033","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/commit/d7508ebcd82842a691ae4941e5104d14240a89ae","source":"disclosure@vulncheck.com"},{"url":"https://github.com/FreeRDP/FreeRDP/pull/12713","source":"disclosure@vulncheck.com"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"disclosure@vulncheck.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/freerdp-heap-buffer-overflow-in-gdi-cachetosurface-via-rectangle-validation-bypass","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-40033","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481473","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40033.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46181","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-28T10:16:33.743","lastModified":"2026-07-08T13:16:48.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()\n\nSashiko points out the radix_tree itself is RCU safe, but nothing ever\nfrees the mlx4_srq struct with RCU, and it isn't even accessed within the\nRCU critical section. It also will crash if an event is delivered before\nthe srq object is finished initializing.\n\nUse the spinlock since it isn't easy to make RCU work, use\nrefcount_inc_not_zero() to protect against partially initialized objects,\nand order the refcount_set() to be after the srq is fully initialized."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/mellanox/mlx4/srq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"30353bfc43a1602c020f31d95cf27182ffd23824","lessThan":"1e2a44875b6afb4add1115f7f3351dcbeb6f273d","versionType":"git","status":"affected"},{"version":"30353bfc43a1602c020f31d95cf27182ffd23824","lessThan":"8b7833f3bce35cb0d01c1503781523c099c675f0","versionType":"git","status":"affected"},{"version":"30353bfc43a1602c020f31d95cf27182ffd23824","lessThan":"c9341307ea16b9395c2e4c9c94d8499d91fe31d0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/mellanox/mlx4/srq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server Optional (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_aus:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.2::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.2::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-366"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"6.18.30","matchCriteriaId":"30E456CE-E137-4419-A5F0-4A21EECAC362"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1e2a44875b6afb4add1115f7f3351dcbeb6f273d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b7833f3bce35cb0d01c1503781523c099c675f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9341307ea16b9395c2e4c9c94d8499d91fe31d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:25120","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25121","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25217","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:33900","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34094","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34095","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34443","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35863","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35894","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35896","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36216","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46181","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482532","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46181.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44420","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T20:16:24.383","lastModified":"2026-07-08T13:16:45.760","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","versions":[{"version":"< 3.26.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T00:00:00+00:00","id":"CVE-2026-44420","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-131"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvpx-xj7r-3p3r","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44420","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483480","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h6wq-j5mv-f3q8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44420.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44421","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T20:16:24.513","lastModified":"2026-07-08T13:16:45.947","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX, but then performs the copy using the original cacheEntry->width/height. This can cause a large out-of-bounds heap write and may lead to client crashes or code execution. This bug is reachable from a malicious RDP server, but only when the client has RDPGFX enabled. This vulnerability is fixed in 3.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","versions":[{"version":"< 3.26.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T00:00:00+00:00","id":"CVE-2026-44421","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44421","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483471","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6r2-4hgm-m6ff","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44421.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-44422","sourceIdentifier":"security-advisories@github.com","published":"2026-05-29T20:16:24.660","lastModified":"2026-07-08T13:16:46.123","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two pointer fields, the parser assigns the same heap object to both output fields. The generic destructor later walks each field independently and destroys/frees both pointers. This causes a malicious-server-triggerable heap use-after-free / double-free in the FreeRDP client's RDPEAR authentication-redirection path. This vulnerability is fixed in 3.26.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FreeRDP","product":"FreeRDP","versions":[{"version":"< 3.26.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T00:00:00+00:00","id":"CVE-2026-44422","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"},{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*","versionEndExcluding":"3.26.0","matchCriteriaId":"186FAA8A-CF9D-40F3-8509-DAC168BFDA2F"}]}]}],"references":[{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j9q5-7g8m-jc9v","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36203","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-44422","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483467","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-j9q5-7g8m-jc9v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44422.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5071","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-05-30T08:16:16.370","lastModified":"2026-07-08T13:30:31.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socketcan_to_can_frame(). In production builds where assertions are disabled, a userspace application that controls the length passed to a sendto syscall can supply an incomplete or truncated frame, causing socketcan_to_can_frame() to dereference fields beyond the end of the buffer. This results in an out-of-bounds read that can cause denial-of-service crashes or, because the parsed frame contents are transmitted on the network, leak adjacent memory."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-01T13:51:23.839460Z","id":"CVE-2026-5071","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3w6-x7m3-3c58","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41283","sourceIdentifier":"cve@mitre.org","published":"2026-06-04T04:17:12.700","lastModified":"2026-07-08T13:16:41.930","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Mistral","defaultStatus":"unaffected","versions":[{"version":"20.0.0","lessThan":"20.1.1","versionType":"semver","status":"affected"},{"version":"21.0.0","versionType":"semver","status":"affected"},{"version":"22.0.0","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:16.2"]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T13:09:33.475751Z","id":"CVE-2026-41283","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-749"}]}],"references":[{"url":"https://github.com/openstack/mistral/tags","source":"cve@mitre.org"},{"url":"https://security.openstack.org/ossa/OSSA-2026-020.html","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2026/06/03/14","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/03/14","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/security/cve/CVE-2026-41283","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484607","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41283.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-10840","sourceIdentifier":"secalert@redhat.com","published":"2026-06-04T12:16:24.813","lastModified":"2026-07-08T13:16:27.410","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Builds 1.7.4","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openshift-builds/openshift-builds-rhel9-operator","cpes":["cpe:/a:redhat:openshift_builds:1.7::el9"],"versions":[{"version":"1783341609","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-operator-proxy-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-operator-proxy-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-operator-webhook-rhel8","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-operator-webhook-rhel9","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-rhel8-operator","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines/pipelines-rhel9-operator","cpes":["cpe:/a:redhat:openshift_pipelines:1"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Builds 1.7.4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_builds:1.7::el9"]},{"vendor":"Red Hat","product":"OpenShift Pipelines","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-04T13:11:57.092142Z","id":"CVE-2026-10840","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36648","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-10840","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484720","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36648","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-10840","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484720","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-10840.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-5589","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-04T20:16:58.540","lastModified":"2026-07-08T13:28:55.243","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an attacker-controlled length byte (reported_len) and computes reported_len - 3 without checking that reported_len >= 3. When reported_len is less than 3, the subtraction is performed in signed int arithmetic and yields a negative value that bypasses the length guard and is then implicitly converted to a very large size_t when passed to net_buf_simple_pull_mem(). In builds without assertions, this wraps the buffer length and advances the data pointer far out of bounds, so subsequent reads dereference invalid memory. A nearby BLE device can trigger this with a non-connectable advertisement carrying a UUID16 AD structure and a crafted length byte, with no pairing or prior association required, potentially leading to denial of service or arbitrary code execution."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-05T18:27:34.569513Z","id":"CVE-2026-5589","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-4pm9-4v7f-x6gr","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5066","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-04T21:16:30.907","lastModified":"2026-07-08T13:27:57.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() and tls_session_restore() memcpy the caller-supplied address into a fixed-size buffer using the caller-controlled addrlen value without validating it against the destination size. struct net_sockaddr is an opaque type, so an application can pass an addrlen larger than sizeof(struct net_sockaddr) (for example 128 bytes into a 24-byte stack buffer), causing the memcpy to read and write past the end of the address memory used by the TLS session cache. This out-of-bounds write can lead to a crash and denial of service, and potentially to arbitrary code execution."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"*","lessThanOrEqual":"4.3","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-05T18:26:28.322491Z","id":"CVE-2026-5066","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"7D912614-A39E-4C9B-AA54-187BC26337B9"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgrc-jrf6-24f3","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgrc-jrf6-24f3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50589","sourceIdentifier":"cve@mitre.org","published":"2026-06-05T00:17:09.213","lastModified":"2026-07-08T13:16:53.243","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"OpenStack","product":"Ironic","defaultStatus":"unaffected","repo":"https://opendev.org/openstack/ironic","versions":[{"version":"32.0.0","lessThan":"37.0.0","versionType":"semver","status":"unknown"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 16.2","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:16.2"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 17.1","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:17.1"]},{"vendor":"Red Hat","product":"Red Hat OpenStack Platform 18.0","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openstack:18.0"]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T15:08:27.511506Z","id":"CVE-2026-50589","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:ironic:*:*:*:*:*:*:*:*","versionStartIncluding":"32.0.0","versionEndExcluding":"37.0.0","matchCriteriaId":"481D4CB3-6333-4EEB-A4E0-BCF17129F83A"}]}]}],"references":[{"url":"https://bugs.launchpad.net/ironic/+bug/2154288","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation"]},{"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0099","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/06/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-50589","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugs.launchpad.net/ironic/+bug/2154288","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Mitigation"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485353","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-50589.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-50262","sourceIdentifier":"secalert@redhat.com","published":"2026-06-05T12:16:39.770","lastModified":"2026-07-08T20:16:51.127","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:24.1.9-4.el10_2.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:24.1.5-6.el10_0.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:1.20.4-35.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:21.1.3-20.el8_10.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/a:redhat:enterprise_linux:8::crb"],"versions":[{"version":"0:1.20.11-28.el8_10.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.15.0-10.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"],"versions":[{"version":"0:1.20.10-5.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"],"versions":[{"version":"0:1.20.10-5.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"],"versions":[{"version":"0:1.20.11-8.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"],"versions":[{"version":"0:1.20.11-8.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream"],"versions":[{"version":"0:1.20.11-19.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream"],"versions":[{"version":"0:1.20.11-19.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb"],"versions":[{"version":"0:24.1.9-4.el9_8.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb"],"versions":[{"version":"0:1.20.11-34.el9_8.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.15.0-7.el9_8.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"versions":[{"version":"0:1.20.11-21.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"versions":[{"version":"0:21.1.3-10.el9_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"],"versions":[{"version":"0:1.20.11-29.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"],"versions":[{"version":"0:22.1.9-8.el9_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/a:redhat:rhel_eus:9.6::crb"],"versions":[{"version":"0:1.20.11-34.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/a:redhat:rhel_eus:9.6::crb"],"versions":[{"version":"0:23.2.7-6.el9_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:37:02.899907Z","id":"CVE-2026-50262","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.23","matchCriteriaId":"2F16F762-98D6-437F-8771-0F6C70AF65FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*","versionEndExcluding":"24.1.12","matchCriteriaId":"ED4EB1F5-9BBA-4751-9BC6-1639C7E02E0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:26562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26566","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26590","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26610","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26709","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28923","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29844","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36083","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36085","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36086","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36087","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36632","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36633","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36634","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36768","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36791","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36792","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36798","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-50262","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485387","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/commit/6d459e4daf715bea8abdafa8fb130be2f8a1d145","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://lists.x.org/archives/xorg-announce/2026-June/003702.html","source":"secalert@redhat.com","tags":["Mailing List","Vendor Advisory"]},{"url":"https://redhat.atlassian.net/browse/PSIRTSUPT-16950","source":"secalert@redhat.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2026-50263","sourceIdentifier":"secalert@redhat.com","published":"2026-06-05T12:16:39.927","lastModified":"2026-07-08T20:16:51.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:24.1.9-4.el10_2.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10.0 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"versions":[{"version":"0:24.1.5-6.el10_0.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7 Extended Lifecycle Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:rhel_els:7"],"versions":[{"version":"0:1.20.4-35.el7_9","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:21.1.3-20.el8_10.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/a:redhat:enterprise_linux:8::crb"],"versions":[{"version":"0:1.20.11-28.el8_10.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"versions":[{"version":"0:1.15.0-10.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"],"versions":[{"version":"0:1.20.10-5.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream","cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"],"versions":[{"version":"0:1.20.10-5.el8_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"],"versions":[{"version":"0:1.20.11-8.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream","cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"],"versions":[{"version":"0:1.20.11-8.el8_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Telecommunications Update Service","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream"],"versions":[{"version":"0:1.20.11-19.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream","cpe:/a:redhat:rhel_tus:8.8::appstream"],"versions":[{"version":"0:1.20.11-19.el8_8","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb"],"versions":[{"version":"0:24.1.9-4.el9_8.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream","cpe:/a:redhat:enterprise_linux:9::crb"],"versions":[{"version":"0:1.20.11-34.el9_8.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.15.0-7.el9_8.2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"versions":[{"version":"0:1.20.11-21.el9_2","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"versions":[{"version":"0:21.1.3-10.el9_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"],"versions":[{"version":"0:1.20.11-29.el9_4","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"],"versions":[{"version":"0:22.1.9-8.el9_4.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/a:redhat:rhel_eus:9.6::crb"],"versions":[{"version":"0:1.20.11-34.el9_6","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.6 Extended Update Support","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server-Xwayland","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream","cpe:/a:redhat:rhel_eus:9.6::crb"],"versions":[{"version":"0:23.2.7-6.el9_6.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"xorg-x11-server","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"tigervnc","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-08T16:01:18.730750Z","id":"CVE-2026-50263","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:x_server:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.23","matchCriteriaId":"2F16F762-98D6-437F-8771-0F6C70AF65FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:xwayland:*:*:*:*:*:*:*:*","versionEndExcluding":"24.1.12","matchCriteriaId":"ED4EB1F5-9BBA-4751-9BC6-1639C7E02E0C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:26562","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26566","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26590","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26610","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:26709","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:28923","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:29844","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36083","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36085","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36086","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36087","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36632","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36633","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36634","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36768","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36791","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36792","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36798","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-50263","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485388","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gitlab.freedesktop.org/xorg/xserver/-/commit/ecc634f1b2f7aa473d3a267eada98c4918bf9e05","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://lists.x.org/archives/xorg-announce/2026-June/003702.html","source":"secalert@redhat.com","tags":["Mailing List","Vendor Advisory"]},{"url":"https://redhat.atlassian.net/browse/PSIRTSUPT-16950","source":"secalert@redhat.com","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2025-71315","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T16:16:33.500","lastModified":"2026-07-08T14:42:50.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vkms: Convert to DRM's vblank timer\n\nReplace vkms' vblank timer with the DRM implementation. The DRM\ncode is identical in concept, but differs in implementation.\n\nVblank timers are covered in vblank helpers and initializer macros,\nso remove the corresponding hrtimer in struct vkms_output. The\nvblank timer calls vkms' custom timeout code via handle_vblank_timeout\nin struct drm_crtc_helper_funcs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/vkms/vkms_crtc.c","drivers/gpu/drm/vkms/vkms_drv.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3a0709928b172a4123a76078f70e0a706265690c","lessThan":"a0582cc923985c6b72fe871b5f7aa7c682bfc230","versionType":"git","status":"affected"},{"version":"3a0709928b172a4123a76078f70e0a706265690c","lessThan":"02e2681ffe1addde1fc8c35d05657b16bfa79613","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/vkms/vkms_crtc.c","drivers/gpu/drm/vkms/vkms_drv.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.19","status":"affected"},{"version":"0","lessThan":"4.19","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19","versionEndExcluding":"6.18.34","matchCriteriaId":"BDE475CD-6157-49FF-8571-10BDC3180DF3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/02e2681ffe1addde1fc8c35d05657b16bfa79613","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0582cc923985c6b72fe871b5f7aa7c682bfc230","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46274","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T16:16:40.707","lastModified":"2026-07-08T14:46:03.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: check that the predecessor is hashed in io_wq_remove_pending()\n\nio_wq_remove_pending() needs to fix up wq->hash_tail[] if the cancelled\nwork was the tail of its hash bucket. When doing this, it checks whether\nthe preceding entry in acct->work_list has the same hash value, but\nnever checks that the predecessor is hashed at all. io_get_work_hash()\nis simply atomic_read(&work->flags) >> IO_WQ_HASH_SHIFT, and the hash\nbits are never set for non-hashed work, so it returns 0. Thus, when a\nhashed bucket-0 work is cancelled while a non-hashed work is its list\npredecessor, the check spuriously passes and a pointer to the non-hashed\nio_kiocb is stored in wq->hash_tail[0].\n\nBecause non-hashed work is dequeued via the fast path in\nio_get_next_work(), which never touches hash_tail[], the stale pointer\nis never cleared. Therefore, after the non-hashed io_kiocb completes and\nis freed back to req_cachep, wq->hash_tail[0] is a dangling pointer. The\nio_wq is per-task (tctx->io_wq) and survives ring open/close, so the\ndangling pointer persists for the lifetime of the task; the next hashed\nbucket-0 enqueue dereferences it in io_wq_insert_work() and\nwq_list_add_after() writes through freed memory.\n\nAdd the missing io_wq_is_hashed() check so a non-hashed predecessor\nnever inherits a hash_tail[] slot."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["io_uring/io-wq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"d6bda9df0c0a3080804181464d5c0f4d78a4e769","versionType":"git","status":"affected"},{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"5a20ebf0c81b61f5ea3b1b529c100cad69b9f603","versionType":"git","status":"affected"},{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"252c5051dba9c709b6a72f2866f93e5e618b3f06","versionType":"git","status":"affected"},{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"d376c131af7c7739a87ff037ed2fdb67c2542c8a","versionType":"git","status":"affected"},{"version":"204361a77f4018627addd4a06877448f088ddfc0","lessThan":"d6a2d7b04b5a093021a7a0e2e69e9d5237dfa8cc","versionType":"git","status":"affected"},{"version":"13f35a2c0fd5c6a4fcd8903542b053bcc914fcf5","versionType":"git","status":"affected"},{"version":"5.8.6","lessThan":"5.9","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["io_uring/io-wq.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.9","status":"affected"},{"version":"0","lessThan":"5.9","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.6","versionEndExcluding":"5.9","matchCriteriaId":"D1A2FB6C-A45E-4E1B-8FE3-D0CDD7BE36C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.1","versionEndExcluding":"6.6.141","matchCriteriaId":"971F5EF2-3F57-4AF7-8366-2D4437ABE0FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:-:*:*:*:*:*:*","matchCriteriaId":"F79A2EB6-623E-4749-AEE0-DCB58C4C42F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc3:*:*:*:*:*:*","matchCriteriaId":"A52A4ABE-5C24-4CD4-A348-E303B7F23C71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc4:*:*:*:*:*:*","matchCriteriaId":"12019CF2-FD8E-4D59-BA4C-7093DF0BB091"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc5:*:*:*:*:*:*","matchCriteriaId":"9B1AB90E-C0C6-4027-B27D-BA214BE33561"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc6:*:*:*:*:*:*","matchCriteriaId":"103FE5BA-7315-4263-9C95-EABEAD7E174F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc7:*:*:*:*:*:*","matchCriteriaId":"47E31D6A-31EC-4F63-9CAE-B7A52B58E149"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.9:rc8:*:*:*:*:*:*","matchCriteriaId":"3497462B-A3DA-47CC-A5DD-C1C2D2E6DFDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/252c5051dba9c709b6a72f2866f93e5e618b3f06","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5a20ebf0c81b61f5ea3b1b529c100cad69b9f603","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d376c131af7c7739a87ff037ed2fdb67c2542c8a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6a2d7b04b5a093021a7a0e2e69e9d5237dfa8cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6bda9df0c0a3080804181464d5c0f4d78a4e769","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46275","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T16:16:40.863","lastModified":"2026-07-08T14:46:18.613","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_uart: fix UAFs and race conditions in close and init paths\n\nVulnerabilities leading to Use-After-Free (UAF) and Null Pointer\nDereference (NPD) conditions were observed in the lifecycle management\nof hci_uart.\n\nThe primary issue arises because the workqueues (init_ready and\nwrite_work) are only flushed/cancelled if the HCI_UART_PROTO_READY\nflag is set during TTY close. If a hangup occurs before setup completes,\nhci_uart_tty_close() skips the teardown of these workqueues and\nproceeds to free the `hu` struct. When the scheduled work executes\nlater, it blindly dereferences the freed `hu` struct.\n\nFurthermore, several data races and UAFs were identified in the teardown\nsequence:\n1. Calling hci_uart_flush() from hci_uart_close() without effectively\n   disabling write_work causes a race condition where both can concurrently\n   double-free hu->tx_skb. This happens because protocol timers can\n   concurrently invoke hci_uart_tx_wakeup() and requeue write_work.\n2. Calling hci_free_dev(hdev) before hu->proto->close(hu) causes a UAF\n   when vendor specific protocol close callbacks dereference hu->hdev.\n3. In the initialization error paths, failing to take the proto_lock\n   write lock before clearing PROTO_READY leads to races with active\n   readers. Additionally, hci_uart_tty_receive() accesses hu->hdev\n   outside the read lock, leading to UAFs if the initialization error\n   path frees hdev concurrently.\n\nFix these synchronization and lifecycle issues by:\n1. Re-ordering hci_uart_tty_close() to clear HCI_UART_PROTO_READY first,\n   followed immediately by a cancel_work_sync(&hu->write_work). Clearing\n   the flag locks out concurrent protocol timers from successfully invoking\n   hci_uart_tx_wakeup(), effectively rendering the cancellation permanent\n   and preventing the tx_skb double-free.\n2. Note: Clearing PROTO_READY early causes hci_uart_close() to skip\n   hu->proto->flush(). This is perfectly safe in the tty_close path\n   because hu->proto->close() executes shortly after, which intrinsically\n   purges all protocol SKB queues and tears down the state.\n3. Relocating hu->proto->close(hu) strictly prior to hci_free_dev(hdev)\n   across all close and error paths to prevent vendor-level UAFs.\n4. Moving the hdev->stat.byte_rx increment in hci_uart_tty_receive()\n   inside the proto_lock read-side critical section to safely synchronize\n   with device unregistration.\n5. Adding cancel_work_sync(&hu->write_work) to hci_uart_close() to safely\n   flush the workqueue before hci_uart_flush() is invoked via the HCI core.\n6. Utilizing cancel_work_sync() instead of disable_work_sync() across\n   all paths to prevent permanently breaking user-space retry capabilities."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/bluetooth/hci_ldisc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"78aad93e938f013d9272fe0ee168f27883afa95c","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"e2d19969c8d9198ecc3090bcd5312ecd503a3339","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"c85cff648a2bc92322912db5f1727ad05afae7b6","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"9d20d48be2c4a071fb015eb09bda2cecd25daf34","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"81c7a3c22a0f2808cf4ae0b4908f59763b23606d","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"192cb0f1ca706d9a1bc36ae0ad5f666d1e4fd894","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"7338031946bd06f6dff149e67b60c4cd083bfea8","versionType":"git","status":"affected"},{"version":"3b799254cf6f481460719023d7a18f46651e5e7f","lessThan":"c1bb9336ae6b54a5f6a353c4bd4ed9a4307e429b","versionType":"git","status":"affected"},{"version":"cd27019bc149f20f12ebec943c2b4c775745a5a0","versionType":"git","status":"affected"},{"version":"aea63181b6fcb6b9ccde1ada9ea51be19c4015af","versionType":"git","status":"affected"},{"version":"0d234d1135dcd8876de0576dac68efd0a87eef87","versionType":"git","status":"affected"},{"version":"3fe978892ab46efc2f3830d9abc015eff72caaf9","versionType":"git","status":"affected"},{"version":"0d987e14bebaf0f67ee7dbefaf6165c62cd1d27f","versionType":"git","status":"affected"},{"version":"4.14.203","lessThan":"4.15","versionType":"semver","status":"affected"},{"version":"4.19.153","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"5.4.73","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.8.17","lessThan":"5.9","versionType":"semver","status":"affected"},{"version":"5.9.2","lessThan":"5.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/bluetooth/hci_ldisc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.203","versionEndExcluding":"4.15","matchCriteriaId":"27A7D190-0093-49D0-BC13-C06D04205CB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.153","versionEndExcluding":"4.20","matchCriteriaId":"F9F8E966-D84B-4A94-8A67-E1B47A05557F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.73","versionEndExcluding":"5.5","matchCriteriaId":"886AB560-B760-44F0-AD89-3F275E4C0F58"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8.17","versionEndExcluding":"5.9","matchCriteriaId":"BEFC3ACE-365D-48E7-9C0A-019C74CC0725"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9.2","versionEndExcluding":"5.10.258","matchCriteriaId":"38EA52EA-57DE-4180-953C-1512932A936A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/192cb0f1ca706d9a1bc36ae0ad5f666d1e4fd894","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7338031946bd06f6dff149e67b60c4cd083bfea8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78aad93e938f013d9272fe0ee168f27883afa95c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81c7a3c22a0f2808cf4ae0b4908f59763b23606d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9d20d48be2c4a071fb015eb09bda2cecd25daf34","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1bb9336ae6b54a5f6a353c4bd4ed9a4307e429b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c85cff648a2bc92322912db5f1727ad05afae7b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2d19969c8d9198ecc3090bcd5312ecd503a3339","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46276","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.103","lastModified":"2026-07-08T14:55:24.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix zero-size GDS range init on RDNA4\n\nRDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory\nresources. The gfx_v12_0 initialisation code correctly leaves\nadev->gds.gds_size, adev->gds.gws_size, and adev->gds.oa_size at\nzero to reflect this.\n\namdgpu_ttm_init() unconditionally calls amdgpu_ttm_init_on_chip() for\neach of these resources regardless of size. When the size is zero,\namdgpu_ttm_init_on_chip() forwards the call to ttm_range_man_init(),\nwhich calls drm_mm_init(mm, 0, 0). drm_mm_init() immediately fires\nDRM_MM_BUG_ON(start + size <= start) -- trivially true when size is\nzero -- crashing the kernel during modprobe of amdgpu on an RX 9070 XT.\n\nGuard against this by returning 0 early from\namdgpu_ttm_init_on_chip() when size_in_page is zero. This skips TTM\nresource manager registration for hardware resources that are absent,\nwithout affecting any other GPU type.\n\nDRM_MM_BUG_ON() only asserts if CONFIG_DRM_DEBUG_MM is enabled in\nthe kernel config.  This is apparently rarely enabled as these chips\nhave been in the market for over a year and this issue was only reported\nnow.\n\nOops-Analysis: http://oops.fenrus.org/reports/bugzilla.korg/221376/report.html\n(cherry picked from commit 5719ce5865279cad4fd5f01011fe037168503f2d)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"1f5d33e7b0a9a2a140f46e22fb52eede323c5946","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"9bc925759c05feae7dfa9570e77131d54729c8ea","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"36f9602fb22ede69fcc8b422be0cf8105bf655ad","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"be0376affcafa0bbb371bb501579a825eae32281","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"0e21db1a77967bc15df662efdca8ea8a61d124ea","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"30c000a49094ec568c9b51b7421f7a4a3f0b0298","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"3e26c76891ab99fa173e9c501119fbb5c9f4600f","versionType":"git","status":"affected"},{"version":"c832c346cdf9022872655be621880e0f66f4135d","lessThan":"095a8b0ad3c3b5cdc3850d961adb8a8f735220bb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.258","matchCriteriaId":"719A9C48-4A93-46A1-8B53-2D668FEF05E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/095a8b0ad3c3b5cdc3850d961adb8a8f735220bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0e21db1a77967bc15df662efdca8ea8a61d124ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f5d33e7b0a9a2a140f46e22fb52eede323c5946","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30c000a49094ec568c9b51b7421f7a4a3f0b0298","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36f9602fb22ede69fcc8b422be0cf8105bf655ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e26c76891ab99fa173e9c501119fbb5c9f4600f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bc925759c05feae7dfa9570e77131d54729c8ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be0376affcafa0bbb371bb501579a825eae32281","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46277","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.277","lastModified":"2026-07-08T14:58:31.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/zone_device: do not touch device folio after calling ->folio_free()\n\nThe contents of a device folio can immediately change after calling\n->folio_free(), as the folio may be reallocated by a driver with a\ndifferent order.  Instead of touching the folio again to extract the\npgmap, use the local stack variable when calling percpu_ref_put_many()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/memremap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d245f9b4ab806733a77e51a218ca7b8bc3135cd9","lessThan":"85be0a262e39c706edb53c88af8afde2e98222ba","versionType":"git","status":"affected"},{"version":"d245f9b4ab806733a77e51a218ca7b8bc3135cd9","lessThan":"39928984956037cabd304321cb8f342e47421db5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/memremap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/39928984956037cabd304321cb8f342e47421db5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85be0a262e39c706edb53c88af8afde2e98222ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46278","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.390","lastModified":"2026-07-08T14:59:16.410","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imagination: Fix segfault when updating ftrace mask\n\nFix invalid data access by passing right data for debugfs entry.\n\n[  171.549793] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[  171.559248] Mem abort info:\n[  171.562173]   ESR = 0x0000000096000044\n[  171.566227]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  171.573108]   SET = 0, FnV = 0\n[  171.576448]   EA = 0, S1PTW = 0\n[  171.579745]   FSC = 0x04: level 0 translation fault\n[  171.584760] Data abort info:\n[  171.588012]   ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000\n[  171.593734]   CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[  171.598962]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  171.604471] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000083837000\n[  171.611358] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n[  171.618500] Internal error: Oops: 0000000096000044 [#1]  SMP\n[  171.624222] Modules linked in: powervr drm_shmem_helper drm_gpuvm...\n[  171.656580] CPU: 0 UID: 0 PID: 549 Comm: bash Not tainted 7.0.0-rc2-g730b257ba723-dirty #13 PREEMPT\n[  171.665773] Hardware name: BeagleBoard.org BeaglePlay (DT)\n[  171.671296] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  171.678306] pc : pvr_fw_trace_mask_set+0x78/0x154 [powervr]\n[  171.683959] lr : pvr_fw_trace_mask_set+0x4c/0x154 [powervr]\n[  171.689593] sp : ffff8000835ebb90\n[  171.692929] x29: ffff8000835ebc00 x28: ffff000005c60f80 x27: 0000000000000000\n[  171.700130] x26: 0000000000000000 x25: ffff00000504af28 x24: 0000000000000000\n[  171.707324] x23: ffff00000504af50 x22: 0000000000000203 x21: 0000000000000000\n[  171.714518] x20: ffff000005c44a80 x19: ffff000005c457b8 x18: 0000000000000000\n[  171.721715] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaae8887580\n[  171.728908] x14: 0000000000000000 x13: 0000000000000000 x12: ffff8000835ebc30\n[  171.736095] x11: ffff00000504af2a x10: ffff00008504af29 x9 : 0fffffffffffffff\n[  171.743286] x8 : ffff8000835ebbf8 x7 : 0000000000000000 x6 : 000000000000002a\n[  171.750479] x5 : ffff00000504af2e x4 : 0000000000000000 x3 : 0000000000000010\n[  171.757674] x2 : 0000000000000203 x1 : 0000000000000000 x0 : ffff8000835ebba0\n[  171.764871] Call trace:\n[  171.767342]  pvr_fw_trace_mask_set+0x78/0x154 [powervr] (P)\n[  171.772984]  simple_attr_write_xsigned.isra.0+0xe0/0x19c\n[  171.778341]  simple_attr_write+0x18/0x24\n[  171.782296]  debugfs_attr_write+0x50/0x98\n[  171.786341]  full_proxy_write+0x6c/0xa8\n[  171.790208]  vfs_write+0xd4/0x350\n[  171.793561]  ksys_write+0x70/0x108\n[  171.796995]  __arm64_sys_write+0x1c/0x28\n[  171.800952]  invoke_syscall+0x48/0x10c\n[  171.804740]  el0_svc_common.constprop.0+0x40/0xe0\n[  171.809487]  do_el0_svc+0x1c/0x28\n[  171.812834]  el0_svc+0x34/0x108\n[  171.816013]  el0t_64_sync_handler+0xa0/0xe4\n[  171.820237]  el0t_64_sync+0x198/0x19c\n[  171.823939] Code: 32000262 b90ac293 1a931056 9134e293 (b9000036)\n[  171.830073] ---[ end trace 0000000000000000 ]---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/imagination/pvr_fw_trace.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a331631496a0af9a6f4e7e1860983afd8b1bb013","lessThan":"ba422758981b61585c7da6429f50ef1c58d326f7","versionType":"git","status":"affected"},{"version":"a331631496a0af9a6f4e7e1860983afd8b1bb013","lessThan":"5dfd429591f8d7185bf63a08b5c30863fb605611","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/imagination/pvr_fw_trace.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"7.0.4","matchCriteriaId":"37C6A06A-578A-467F-8EE4-E50B9A46C871"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5dfd429591f8d7185bf63a08b5c30863fb605611","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ba422758981b61585c7da6429f50ef1c58d326f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46279","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.530","lastModified":"2026-07-08T14:59:41.053","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/alloc_tag: clear codetag for pages allocated before page_ext initialization\n\nDue to initialization ordering, page_ext is allocated and initialized\nrelatively late during boot.  Some pages have already been allocated and\nfreed before page_ext becomes available, leaving their codetag\nuninitialized.\n\nA clear example is in init_section_page_ext(): alloc_page_ext() calls\nkmemleak_alloc().  If the slab cache has no free objects, it falls back to\nthe buddy allocator to allocate memory.  However, at this point page_ext\nis not yet fully initialized, so these newly allocated pages have no\ncodetag set.  These pages may later be reclaimed by KASAN, which causes\nthe warning to trigger when they are freed because their codetag ref is\nstill empty.\n\nUse a global array to track pages allocated before page_ext is fully\ninitialized.  The array size is fixed at 8192 entries, and will emit a\nwarning if this limit is exceeded.  When page_ext initialization\ncompletes, set their codetag to empty to avoid warnings when they are\nfreed later.\n\nThis warning is only observed with CONFIG_MEM_ALLOC_PROFILING_DEBUG=Y and\nmem_profiling_compressed disabled:\n\n[    9.582133] ------------[ cut here ]------------\n[    9.582137] alloc_tag was not set\n[    9.582139] WARNING: ./include/linux/alloc_tag.h:164 at __pgalloc_tag_sub+0x40f/0x550, CPU#5: systemd/1\n[    9.582190] CPU: 5 UID: 0 PID: 1 Comm: systemd Not tainted 7.0.0-rc4 #1 PREEMPT(lazy)\n[    9.582192] Hardware name: Red Hat KVM, BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[    9.582194] RIP: 0010:__pgalloc_tag_sub+0x40f/0x550\n[    9.582196] Code: 00 00 4c 29 e5 48 8b 05 1f 88 56 05 48 8d 4c ad 00 48 8d 2c c8 e9 87 fd ff ff 0f 0b 0f 0b e9 f3 fe ff ff 48 8d 3d 61 2f ed 03 <67> 48 0f b9 3a e9 b3 fd ff ff 0f 0b eb e4 e8 5e cd 14 02 4c 89 c7\n[    9.582197] RSP: 0018:ffffc9000001f940 EFLAGS: 00010246\n[    9.582200] RAX: dffffc0000000000 RBX: 1ffff92000003f2b RCX: 1ffff110200d806c\n[    9.582201] RDX: ffff8881006c0360 RSI: 0000000000000004 RDI: ffffffff9bc7b460\n[    9.582202] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff3a62324\n[    9.582203] R10: ffffffff9d311923 R11: 0000000000000000 R12: ffffea0004001b00\n[    9.582204] R13: 0000000000002000 R14: ffffea0000000000 R15: ffff8881006c0360\n[    9.582206] FS:  00007ffbbcf2d940(0000) GS:ffff888450479000(0000) knlGS:0000000000000000\n[    9.582208] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[    9.582210] CR2: 000055ee3aa260d0 CR3: 0000000148b67005 CR4: 0000000000770ef0\n[    9.582211] PKRU: 55555554\n[    9.582212] Call Trace:\n[    9.582213]  <TASK>\n[    9.582214]  ? __pfx___pgalloc_tag_sub+0x10/0x10\n[    9.582216]  ? check_bytes_and_report+0x68/0x140\n[    9.582219]  __free_frozen_pages+0x2e4/0x1150\n[    9.582221]  ? __free_slab+0xc2/0x2b0\n[    9.582224]  qlist_free_all+0x4c/0xf0\n[    9.582227]  kasan_quarantine_reduce+0x15d/0x180\n[    9.582229]  __kasan_slab_alloc+0x69/0x90\n[    9.582232]  kmem_cache_alloc_noprof+0x14a/0x500\n[    9.582234]  do_getname+0x96/0x310\n[    9.582237]  do_readlinkat+0x91/0x2f0\n[    9.582239]  ? __pfx_do_readlinkat+0x10/0x10\n[    9.582240]  ? get_random_bytes_user+0x1df/0x2c0\n[    9.582244]  __x64_sys_readlinkat+0x96/0x100\n[    9.582246]  do_syscall_64+0xce/0x650\n[    9.582250]  ? __x64_sys_getrandom+0x13a/0x1e0\n[    9.582252]  ? __pfx___x64_sys_getrandom+0x10/0x10\n[    9.582254]  ? do_syscall_64+0x114/0x650\n[    9.582255]  ? ksys_read+0xfc/0x1d0\n[    9.582258]  ? __pfx_ksys_read+0x10/0x10\n[    9.582260]  ? do_syscall_64+0x114/0x650\n[    9.582262]  ? do_syscall_64+0x114/0x650\n[    9.582264]  ? __pfx_fput_close_sync+0x10/0x10\n[    9.582266]  ? file_close_fd_locked+0x178/0x2a0\n[    9.582268]  ? __x64_sys_faccessat2+0x96/0x100\n[    9.582269]  ? __x64_sys_close+0x7d/0xd0\n[    9.582271]  ? do_syscall_64+0x114/0x650\n[    9.582273]  ? do_syscall_64+0x114/0x650\n[    9.582275]  ? clear_bhb_loop+0x50/0xa0\n[    9.582277]  ? clear_bhb_l\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/linux/alloc_tag.h","include/linux/pgalloc_tag.h","lib/alloc_tag.c","mm/page_alloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"dcfe378c81f72f146890ce1dcfdcc742d3b66924","lessThan":"d5b495ba9de0423ef39f8bd86729a885870c7efe","versionType":"git","status":"affected"},{"version":"dcfe378c81f72f146890ce1dcfdcc742d3b66924","lessThan":"b49dfabc38cad5e50af24f63edd124a10de3ebb6","versionType":"git","status":"affected"},{"version":"dcfe378c81f72f146890ce1dcfdcc742d3b66924","lessThan":"6b1842775a460245e97d36d3a67d0cfba7c4ff79","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/linux/alloc_tag.h","include/linux/pgalloc_tag.h","lib/alloc_tag.c","mm/page_alloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.18.27","matchCriteriaId":"FAA9520C-4C1E-4B89-8A00-A5CB96EE5740"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/6b1842775a460245e97d36d3a67d0cfba7c4ff79","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b49dfabc38cad5e50af24f63edd124a10de3ebb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5b495ba9de0423ef39f8bd86729a885870c7efe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46280","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.683","lastModified":"2026-07-08T15:01:43.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlib: test_hmm: evict device pages on file close to avoid use-after-free\n\nPatch series \"Minor hmm_test fixes and cleanups\".\n\nTwo bugfixes a cleanup for the HMM kernel selftests.  These were mostly\nreported by Zenghui Yu with special thanks to Lorenzo for analysing and\npointing out the problems.\n\n\nThis patch (of 3):\n\nWhen dmirror_fops_release() is called it frees the dmirror struct but\ndoesn't migrate device private pages back to system memory first.  This\nleaves those pages with a dangling zone_device_data pointer to the freed\ndmirror.\n\nIf a subsequent fault occurs on those pages (eg.  during coredump) the\ndmirror_devmem_fault() callback dereferences the stale pointer causing a\nkernel panic.  This was reported [1] when running mm/ksft_hmm.sh on arm64,\nwhere a test failure triggered SIGABRT and the resulting coredump walked\nthe VMAs faulting in the stale device private pages.\n\nFix this by calling dmirror_device_evict_chunk() for each devmem chunk in\ndmirror_fops_release() to migrate all device private pages back to system\nmemory before freeing the dmirror struct.  The function is moved earlier\nin the file to avoid a forward declaration."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["lib/test_hmm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"234071b4318feaeb27cd2e4e1b16ef6b055adf89","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"bf477abd448c76bb8ea51c9b4f63a3a17c4b6239","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"5846715b6382dd4c6a69b35a56ca6115d33bc2a0","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"38f113f81d3f0adc658a4475dd3ecaec985e21d3","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"9de1eb0aac2862d6144b8db0ec1388e79f8bc3e1","versionType":"git","status":"affected"},{"version":"b2ef9f5a5cb37643ca5def3516c546457074b882","lessThan":"744dd97752ef1076a8d8672bb0d8aa2c7abc1144","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["lib/test_hmm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.8","status":"affected"},{"version":"0","lessThan":"5.8","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.8","versionEndExcluding":"6.1.176","matchCriteriaId":"3119E417-9FF5-4E06-9321-6696E979BECA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/234071b4318feaeb27cd2e4e1b16ef6b055adf89","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/38f113f81d3f0adc658a4475dd3ecaec985e21d3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5846715b6382dd4c6a69b35a56ca6115d33bc2a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/744dd97752ef1076a8d8672bb0d8aa2c7abc1144","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9de1eb0aac2862d6144b8db0ec1388e79f8bc3e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf477abd448c76bb8ea51c9b4f63a3a17c4b6239","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46281","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.817","lastModified":"2026-07-08T15:20:22.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvmalloc: fix buffer overflow in vrealloc_node_align()\n\nCommit 4c5d3365882d (\"mm/vmalloc: allow to set node and align in\nvrealloc\") added the ability to force a new allocation if the current\npointer is on the wrong NUMA node, or if an alignment constraint is not\nmet, even if the user is shrinking the allocation.\n\nOn this path (need_realloc), the code allocates a new object of 'size'\nbytes and then memcpy()s 'old_size' bytes into it.  If the request is to\nshrink the object (size < old_size), this results in an out-of-bounds\nwrite on the new buffer.\n\nFix this by bounding the copy length by the new allocation size."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4c5d3365882dbbc0784688784904f440d7a4c0f1","lessThan":"e9b057a44deff4c59c13f44672a5cc74dcd57522","versionType":"git","status":"affected"},{"version":"4c5d3365882dbbc0784688784904f440d7a4c0f1","lessThan":"b281adf71f786c325eb6d6d1582d4d05313438a8","versionType":"git","status":"affected"},{"version":"4c5d3365882dbbc0784688784904f440d7a4c0f1","lessThan":"82d1f01292d3f09bf063f829f8ab8de12b4280a1","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.27","matchCriteriaId":"1A10DA86-4154-4102-9D63-807CF10A4352"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/82d1f01292d3f09bf063f829f8ab8de12b4280a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b281adf71f786c325eb6d6d1582d4d05313438a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9b057a44deff4c59c13f44672a5cc74dcd57522","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46282","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:45.940","lastModified":"2026-07-08T15:12:16.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: frequency: admv1013: fix NULL pointer dereference on str\n\nWhen device_property_read_string() fails, str is left uninitialized\nbut the code falls through to strcmp(str, ...), dereferencing a garbage\npointer. Replace manual read/strcmp with\ndevice_property_match_property_string() and consolidate the SE mode\nenums into a single sequential enum, mapping to hardware register\nvalues via a switch consistent with other bitfields in the driver.\n\nSeveral cleanup patches have been applied to this driver recently so\nthis will need a manual backport."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iio/frequency/admv1013.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"da35a7b526d9b258a2cb8b7816f736a41b32176b","lessThan":"3a9d8ec2051c2d80158ed7bded5e158c42870037","versionType":"git","status":"affected"},{"version":"da35a7b526d9b258a2cb8b7816f736a41b32176b","lessThan":"5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac","versionType":"git","status":"affected"},{"version":"da35a7b526d9b258a2cb8b7816f736a41b32176b","lessThan":"2dc8d26690bf4e7226409563221c37bc095c94ff","versionType":"git","status":"affected"},{"version":"da35a7b526d9b258a2cb8b7816f736a41b32176b","lessThan":"aac0a51b16700b403a55b67ba495de021db78763","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iio/frequency/admv1013.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.17","status":"affected"},{"version":"0","lessThan":"5.17","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17","versionEndExcluding":"6.12.86","matchCriteriaId":"E9F33D27-F3AA-49EF-8A71-D0AA86C50602"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2dc8d26690bf4e7226409563221c37bc095c94ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3a9d8ec2051c2d80158ed7bded5e158c42870037","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5e9f1bad26df3d3afb3cbbfa408b6d6e809708ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aac0a51b16700b403a55b67ba495de021db78763","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46283","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:46.063","lastModified":"2026-07-08T15:11:08.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: Use kfree_sensitive() to free auth session in tpm_dev_release()\n\ntpm_dev_release() uses plain kfree() to free chip->auth, which contains\nsensitive cryptographic material including HMAC session keys, nonces,\nand passphrase data (struct tpm2_auth).\n\nEvery other code path that frees this structure uses kfree_sensitive()\nto zero the memory before releasing it: both tpm2_end_auth_session()\nand tpm_buf_check_hmac_response() do so. The tpm_dev_release() path\nis the only one that does not, leaving key material in freed slab\nmemory until it is eventually overwritten.\n\nUse kfree_sensitive() for consistency with the rest of the driver and\nto ensure session keys are scrubbed during device teardown."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/char/tpm/tpm-chip.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"699e3efd6c645c741ea4d6d58282c56b6d108cf7","lessThan":"dd3ac52ea7a001406c7dbc663aae4b9f89da679a","versionType":"git","status":"affected"},{"version":"699e3efd6c645c741ea4d6d58282c56b6d108cf7","lessThan":"53e6d2d834df40960b655b353e7a8ff4d927e1c7","versionType":"git","status":"affected"},{"version":"699e3efd6c645c741ea4d6d58282c56b6d108cf7","lessThan":"84ced03172da544c9f8c0862faad48104f519352","versionType":"git","status":"affected"},{"version":"699e3efd6c645c741ea4d6d58282c56b6d108cf7","lessThan":"c424d2664f08c77f08b4580b5f0cbaabf7c229b2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/char/tpm/tpm-chip.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.86","matchCriteriaId":"DE217E72-2117-418C-97F0-213685E36DC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/53e6d2d834df40960b655b353e7a8ff4d927e1c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/84ced03172da544c9f8c0862faad48104f519352","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c424d2664f08c77f08b4580b5f0cbaabf7c229b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dd3ac52ea7a001406c7dbc663aae4b9f89da679a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46286","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:46.627","lastModified":"2026-07-08T19:04:29.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nleds: qcom-lpg: Check for array overflow when selecting the high resolution\n\nWhen selecting the high resolution values from the array, FIELD_GET() is\nused to pull from a 3 bit register, yet the array being indexed has only\n5 values in it.  Odds are the hardware is sane, but just to be safe,\nproperly check before just overflowing and reading random data and then\nsetting up chip values based on that."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/leds/rgb/leds-qcom-lpg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b00d2ed37617b5f2f091c98acf542fbedefcbf9b","lessThan":"28a2e047d03721e0517c67ee726eaa6621c30e5f","versionType":"git","status":"affected"},{"version":"b00d2ed37617b5f2f091c98acf542fbedefcbf9b","lessThan":"36ce3094dc50598f38fd961b46688cd533940efc","versionType":"git","status":"affected"},{"version":"b00d2ed37617b5f2f091c98acf542fbedefcbf9b","lessThan":"438e357b3cc6cd6900df271e4bc567bfe1142281","versionType":"git","status":"affected"},{"version":"b00d2ed37617b5f2f091c98acf542fbedefcbf9b","lessThan":"f67a24e75d3251ba42538738120b6b659c0dca7d","versionType":"git","status":"affected"},{"version":"b00d2ed37617b5f2f091c98acf542fbedefcbf9b","lessThan":"d45963a93c1495e9f1338fde91d0ebba8fd22474","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/leds/rgb/leds-qcom-lpg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.4","status":"affected"},{"version":"0","lessThan":"6.4","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4","versionEndExcluding":"6.6.140","matchCriteriaId":"FA2B001B-CDB2-4EF3-8FCE-74CFF813CACD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/28a2e047d03721e0517c67ee726eaa6621c30e5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36ce3094dc50598f38fd961b46688cd533940efc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/438e357b3cc6cd6900df271e4bc567bfe1142281","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d45963a93c1495e9f1338fde91d0ebba8fd22474","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f67a24e75d3251ba42538738120b6b659c0dca7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46287","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:46.770","lastModified":"2026-07-08T19:04:32.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: txgbe: fix RTNL assertion warning when remove module\n\nFor the copper NIC with external PHY, the driver called\nphylink_connect_phy() during probe and phylink_disconnect_phy() during\nremove. It caused an RTNL assertion warning in phylink_disconnect_phy()\nupon module remove.\n\nTo fix this, add rtnl_lock() and rtnl_unlock() around the\nphylink_disconnect_phy() in remove function.\n\n ------------[ cut here ]------------\n RTNL: assertion failed at drivers/net/phy/phylink.c (2351)\n WARNING: drivers/net/phy/phylink.c:2351 at\nphylink_disconnect_phy+0xd8/0xf0 [phylink], CPU#0: rmmod/4464\n Modules linked in: ...\n CPU: 0 UID: 0 PID: 4464 Comm: rmmod Kdump: loaded Not tainted 7.0.0-rc4+\n Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING\nPLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024\n RIP: 0010:phylink_disconnect_phy+0xe4/0xf0 [phylink]\n Code: 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 31 d2 31 f6 31 ff e9 3a 38 8f e7\n48 8d 3d 48 87 e2 ff ba 2f 09 00 00 48 c7 c6 c1 22 24 c0 <67> 48 0f b9 3a\ne9 34 ff ff ff 66 90 90 90 90 90 90 90 90 90 90 90\n RSP: 0018:ffffce7288363ac0 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff89654b2a1a00 RCX: 0000000000000000\n RDX: 000000000000092f RSI: ffffffffc02422c1 RDI: ffffffffc0239020\n RBP: ffffce7288363ae8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff8964c4022000\n R13: ffff89654fce3028 R14: ffff89654ebb4000 R15: ffffffffc0226348\n FS:  0000795e80d93780(0000) GS:ffff896c52857000(0000)\nknlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005b528b592000 CR3: 0000000170d0f000 CR4: 0000000000f50ef0\n PKRU: 55555554\n Call Trace:\n  <TASK>\n  txgbe_remove_phy+0xbb/0xd0 [txgbe]\n  txgbe_remove+0x4c/0xb0 [txgbe]\n  pci_device_remove+0x41/0xb0\n  device_remove+0x43/0x80\n  device_release_driver_internal+0x206/0x270\n  driver_detach+0x4a/0xa0\n  bus_remove_driver+0x83/0x120\n  driver_unregister+0x2f/0x60\n  pci_unregister_driver+0x40/0x90\n  txgbe_driver_exit+0x10/0x850 [txgbe]\n  __do_sys_delete_module.isra.0+0x1c3/0x2f0\n  __x64_sys_delete_module+0x12/0x20\n  x64_sys_call+0x20c3/0x2390\n  do_syscall_64+0x11c/0x1500\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? do_syscall_64+0x15a/0x1500\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? do_fault+0x312/0x580\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? __handle_mm_fault+0x9d5/0x1040\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? count_memcg_events+0x101/0x1d0\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? handle_mm_fault+0x1e8/0x2f0\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? do_user_addr_fault+0x2f8/0x820\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? irqentry_exit+0xb2/0x600\n  ? srso_alias_return_thunk+0x5/0xfbef5\n  ? exc_page_fault+0x92/0x1c0\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"02b2a6f91b9042552bc3aa728622bda97e3916fa","lessThan":"0305e7118451c7c363c18f8113b0d8e0077ffa4c","versionType":"git","status":"affected"},{"version":"02b2a6f91b9042552bc3aa728622bda97e3916fa","lessThan":"3e223a7fd41ce6fffdb10577df9350385262bf33","versionType":"git","status":"affected"},{"version":"02b2a6f91b9042552bc3aa728622bda97e3916fa","lessThan":"d29cafc7e4ee9e28a150ba17e9a565ec5d881fbc","versionType":"git","status":"affected"},{"version":"02b2a6f91b9042552bc3aa728622bda97e3916fa","lessThan":"6c5ec52c68a6a442c8a159615ae092512562318a","versionType":"git","status":"affected"},{"version":"02b2a6f91b9042552bc3aa728622bda97e3916fa","lessThan":"e159f05e12cc1111a3103b99375ddf0dfd0e7d63","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.140","matchCriteriaId":"C002EFE2-D23C-430B-ACB7-0A4317429511"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0305e7118451c7c363c18f8113b0d8e0077ffa4c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e223a7fd41ce6fffdb10577df9350385262bf33","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c5ec52c68a6a442c8a159615ae092512562318a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d29cafc7e4ee9e28a150ba17e9a565ec5d881fbc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e159f05e12cc1111a3103b99375ddf0dfd0e7d63","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46288","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:46.957","lastModified":"2026-07-08T19:04:34.857","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nof: unittest: fix use-after-free in of_unittest_changeset()\n\nThe variable 'parent' is assigned the value of 'nchangeset' earlier in the\nfunction, meaning both point to the same struct device_node. The call to\nof_node_put(nchangeset) can decrement the reference count to zero and\nfree the node if there are no other holders. After that, the code still\nuses 'parent' to check for the presence of a property and to read a\nstring property, leading to a use-after-free.\n\nFix this by moving the of_node_put() call after the last access to\n'parent', avoiding the UAF."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/of/unittest.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1c668ea65506e67ce2eae07b69bb09fcdd86e309","lessThan":"37318d1a27c9cc5a70d3cd7e49e30ec86f2b8ca1","versionType":"git","status":"affected"},{"version":"1c668ea65506e67ce2eae07b69bb09fcdd86e309","lessThan":"7f0f0926f3010b10cff5e93446258f971e42f2fd","versionType":"git","status":"affected"},{"version":"1c668ea65506e67ce2eae07b69bb09fcdd86e309","lessThan":"6fdad20b7975bdc32e85b45f8f7c640f6687b81f","versionType":"git","status":"affected"},{"version":"1c668ea65506e67ce2eae07b69bb09fcdd86e309","lessThan":"faecdd423c27f0d6090156a435ba9dbbac0eaddb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/of/unittest.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.86","matchCriteriaId":"A868CB0E-7563-461B-9681-F1CE80B353EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/37318d1a27c9cc5a70d3cd7e49e30ec86f2b8ca1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6fdad20b7975bdc32e85b45f8f7c640f6687b81f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f0f0926f3010b10cff5e93446258f971e42f2fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/faecdd423c27f0d6090156a435ba9dbbac0eaddb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46289","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:47.097","lastModified":"2026-07-08T19:04:37.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nlib/scatterlist: fix length calculations in extract_kvec_to_sg\n\nPatch series \"Fix bugs in extract_iter_to_sg()\", v3.\n\nFix bugs in the kvec and user variants of extract_iter_to_sg.  This series\nis growing due to useful remarks made by sashiko.dev.\n\nThe main bugs are:\n- The length for an sglist entry when extracting from\n  a kvec can exceed the number of bytes in the page. This\n  is obviously not intended.\n- When extracting a user buffer the sglist is temporarily\n  used as a scratch buffer for extracted page pointers.\n  If the sglist already contains some elements this scratch\n  buffer could overlap with existing entries in the sglist.\n\nThe series adds test cases to the kunit_iov_iter test that demonstrate all\nof these bugs.  Additionally, there is a memory leak fix for the test\nitself.\n\nThe bugs were orignally introduced into kernel v6.3 where the function\nlived in fs/netfs/iterator.c.  It was later moved to lib/scatterlist.c in\nv6.5.  Thus the actual fix is only marked for backports to v6.5+.\n\n\nThis patch (of 5):\n\nWhen extracting from a kvec to a scatterlist, do not cross page\nboundaries.  The required length was already calculated but not used as\nintended.\n\nAdjust the copied length if the loop runs out of sglist entries without\nextracting everything.\n\nWhile there, return immediately from extract_iter_to_sg if there are no\nsglist entries at all.\n\nA subsequent commit will add kunit test cases that demonstrate that the\npatch is necessary."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["lib/scatterlist.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0185846975339a5c348373aa450a977f5242366b","lessThan":"3f17500e86d730c76db638bb3ae52f9b5e496c76","versionType":"git","status":"affected"},{"version":"0185846975339a5c348373aa450a977f5242366b","lessThan":"e5e22fc9963469e678c4f4bb38d26adcec107f1e","versionType":"git","status":"affected"},{"version":"0185846975339a5c348373aa450a977f5242366b","lessThan":"8fbba6829057979149d1b37d65690c037f3ddf4d","versionType":"git","status":"affected"},{"version":"0185846975339a5c348373aa450a977f5242366b","lessThan":"9d38756d0a93b66163554219fa9c3365f40c4035","versionType":"git","status":"affected"},{"version":"0185846975339a5c348373aa450a977f5242366b","lessThan":"07b7d66e65d9cfe6b9c2c34aa22cfcaac37a5c45","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["lib/scatterlist.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.140","matchCriteriaId":"AE397E0D-B39E-43DA-B546-2C72385DF22F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/07b7d66e65d9cfe6b9c2c34aa22cfcaac37a5c45","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3f17500e86d730c76db638bb3ae52f9b5e496c76","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8fbba6829057979149d1b37d65690c037f3ddf4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9d38756d0a93b66163554219fa9c3365f40c4035","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e5e22fc9963469e678c4f4bb38d26adcec107f1e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46290","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:47.230","lastModified":"2026-07-08T19:04:41.287","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/efi: Fix graceful fault handling after FPU softirq changes\n\nSince commit d02198550423 (\"x86/fpu: Improve crypto performance by\nmaking kernel-mode FPU reliably usable in softirqs\"), kernel_fpu_begin()\ncalls fpregs_lock() which uses local_bh_disable() instead of the\nprevious preempt_disable(). This sets SOFTIRQ_OFFSET in preempt_count\nduring the entire EFI runtime service call, causing in_interrupt() to\nreturn true in normal task context.\n\nThe graceful page fault handler efi_crash_gracefully_on_page_fault()\nuses in_interrupt() to bail out for faults in real interrupt context.\nWith SOFTIRQ_OFFSET now set, the handler always bails out, leaving EFI\nfirmware page faults unhandled. This escalates to die() which also sees\nin_interrupt() as true and calls panic(\"Fatal exception in interrupt\"),\nresulting in a hard system freeze. On systems with buggy firmware that\ntriggers page faults during EFI runtime calls (e.g., accessing unmapped\nmemory in GetTime()), this causes an unrecoverable hang instead of the\nexpected graceful EFI_ABORTED recovery.\n\nFix by replacing in_interrupt() with !in_task(). This preserves the\noriginal intent of bailing for interrupts or NMI faults, while no longer\nfalsely triggering from the FPU code path's local_bh_disable().\n\n[ardb: Sashiko spotted that using 'in_hardirq() || in_nmi()' leaves a\n       window where a softirq may be taken before fpregs_lock() is\n       called, but after efi_rts_work.efi_rts_id has been assigned,\n       and any page faults occurring in that window will then be\n       misidentified as having been caused by the firmware. Instead,\n       use !in_task(), which incorporates in_serving_softirq(). ]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/platform/efi/quirks.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d02198550423a0b695e7a24ec77153209ad45b09","lessThan":"22b365ba1af3d8c6036b8e5112fffe80998b85a0","versionType":"git","status":"affected"},{"version":"d02198550423a0b695e7a24ec77153209ad45b09","lessThan":"db155b86d1523e85941f61efd7d7ffb594cc9a29","versionType":"git","status":"affected"},{"version":"d02198550423a0b695e7a24ec77153209ad45b09","lessThan":"088f65e206087bf903743bd18417261d7a4c9644","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/platform/efi/quirks.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.30","matchCriteriaId":"7A99D29F-3622-4F26-9E29-80DF70FFF2B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/088f65e206087bf903743bd18417261d7a4c9644","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/22b365ba1af3d8c6036b8e5112fffe80998b85a0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db155b86d1523e85941f61efd7d7ffb594cc9a29","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46291","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:47.357","lastModified":"2026-07-08T15:21:30.257","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - guard HMAC key hex dumps in hash_digest_key\n\nUse print_hex_dump_devel() for dumping sensitive HMAC key bytes in\nhash_digest_key() to avoid leaking secrets at runtime when\nCONFIG_DYNAMIC_DEBUG is enabled."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/crypto/caam/caamalg_qi2.c","drivers/crypto/caam/caamhash.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"e8e72fdf47bd5ef7abe642b034c6178a61a8580a","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"cd849c07b8d706425e60a4dfcef54b7b67c967ce","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"a9207798fe619cbc85c8744a9b9e2af1db2b6e1a","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"2adbfca7452eeac45117b8e803288a2767f7075f","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"c7e52fe3f7901ccb9cd29b3f7c683d809ba87e48","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"5cffe3c136891aa4d579bf5c079a68f7cb371b0c","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"b8f12d9b00c1950779e5679b9c13908584682bb6","versionType":"git","status":"affected"},{"version":"045e36780f11523e26d1e4a8c78bdc57f4003bd0","lessThan":"177730a273b18e195263ed953853273e901b5064","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/crypto/caam/caamalg_qi2.c","drivers/crypto/caam/caamhash.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.6","status":"affected"},{"version":"0","lessThan":"3.6","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6","versionEndExcluding":"5.10.259","matchCriteriaId":"721E2892-A2C4-43EA-B05D-A638043DE3DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/177730a273b18e195263ed953853273e901b5064","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2adbfca7452eeac45117b8e803288a2767f7075f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5cffe3c136891aa4d579bf5c079a68f7cb371b0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a9207798fe619cbc85c8744a9b9e2af1db2b6e1a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b8f12d9b00c1950779e5679b9c13908584682bb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c7e52fe3f7901ccb9cd29b3f7c683d809ba87e48","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cd849c07b8d706425e60a4dfcef54b7b67c967ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8e72fdf47bd5ef7abe642b034c6178a61a8580a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46293","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:47.630","lastModified":"2026-07-08T19:04:45.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nclk: microchip: mpfs-ccc: fix out of bounds access during output registration\n\nUBSAN reported an out of bounds access during registration of the last\ntwo outputs. This out of bounds access occurs because space is only\nallocated in the hws array for two PLLs and the four output dividers\nthat each has, but the defined IDs contain two DLLS and their two\noutputs each, which are not supported by the driver. The ID order is\nPLLs -> DLLs -> PLL outputs -> DLL outputs. Decrement the PLL output IDs\nby two while adding them to the array to avoid the problem."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/clk/microchip/clk-mpfs-ccc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d39fb172760e426e0628f16b785c85e16d17bd5e","lessThan":"9ed9b580a814773482c0a4f1be045636e68cc109","versionType":"git","status":"affected"},{"version":"d39fb172760e426e0628f16b785c85e16d17bd5e","lessThan":"47bc7a03449c39805bc2665d3e57c73195d5bcf8","versionType":"git","status":"affected"},{"version":"d39fb172760e426e0628f16b785c85e16d17bd5e","lessThan":"dbfcb09656cb30439577325c9dea2250203c2e3c","versionType":"git","status":"affected"},{"version":"d39fb172760e426e0628f16b785c85e16d17bd5e","lessThan":"a0780aeea166a7cf4706c45af4cadbb2a43a1fc9","versionType":"git","status":"affected"},{"version":"d39fb172760e426e0628f16b785c85e16d17bd5e","lessThan":"f24efd415455b98a1f1cfc6071fe6fde71986706","versionType":"git","status":"affected"},{"version":"d39fb172760e426e0628f16b785c85e16d17bd5e","lessThan":"2f7ae8ab6aa73daaf080d5332110357c29df9c36","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/clk/microchip/clk-mpfs-ccc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1","versionEndExcluding":"6.1.175","matchCriteriaId":"A4CF44D2-E504-42EA-A313-4974CFE03BAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2f7ae8ab6aa73daaf080d5332110357c29df9c36","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/47bc7a03449c39805bc2665d3e57c73195d5bcf8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9ed9b580a814773482c0a4f1be045636e68cc109","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0780aeea166a7cf4706c45af4cadbb2a43a1fc9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dbfcb09656cb30439577325c9dea2250203c2e3c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f24efd415455b98a1f1cfc6071fe6fde71986706","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46294","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:47.757","lastModified":"2026-07-08T19:04:47.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix a buffer overflow in ioctl processing\n\nTony Asleson (using Claude) found a buffer overflow in dm-ioctl in the\nfunction retrieve_status:\n\n1. The code in retrieve_status checks that the output string fits into\n   the output buffer and writes the output string there\n2. Then, the code aligns the \"outptr\" variable to the next 8-byte\n   boundary:\n\toutptr = align_ptr(outptr);\n3. The alignment doesn't check overflow, so outptr could point past the\n   buffer end\n4. The \"for\" loop is iterated again, it executes:\n\tremaining = len - (outptr - outbuf);\n5. If \"outptr\" points past \"outbuf + len\", the arithmetics wraps around\n   and the variable \"remaining\" contains unusually high number\n6. With \"remaining\" being high, the code writes more data past the end of\n   the buffer\n\nLuckily, this bug has no security implications because:\n1. Only root can issue device mapper ioctls\n2. The commonly used libraries that communicate with device mapper\n   (libdevmapper and devicemapper-rs) use buffer size that is aligned to\n   8 bytes - thus, \"outptr = align_ptr(outptr)\" can't overshoot the input\n   buffer and the bug can't happen accidentally"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-ioctl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c8c5311237448f6ffeecc9aec2362e3692623668","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"448ee8fb79c26a26599ffa4b2adeb4322d3d3d8c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"526ff9126a0ae087b65726e1faf31114c718020d","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f0b0b09d9840838ae77ccdd6a62de0daef4e6e0a","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d271631023cbe1cbe7c31a0275ab797883be6e0a","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5af6a879e915ae7bcd83695c316ebb32e1c61bc2","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8daa6c708ef524089ae43f2aed9190acb26d7df8","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2fa49cc884f6496a915c35621ba4da35649bf159","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/dm-ioctl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.258","matchCriteriaId":"E03287AA-1109-4662-85B8-5E824B2EA646"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2fa49cc884f6496a915c35621ba4da35649bf159","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/448ee8fb79c26a26599ffa4b2adeb4322d3d3d8c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/526ff9126a0ae087b65726e1faf31114c718020d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5af6a879e915ae7bcd83695c316ebb32e1c61bc2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8daa6c708ef524089ae43f2aed9190acb26d7df8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c8c5311237448f6ffeecc9aec2362e3692623668","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d271631023cbe1cbe7c31a0275ab797883be6e0a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f0b0b09d9840838ae77ccdd6a62de0daef4e6e0a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46295","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:47.913","lastModified":"2026-07-08T19:04:50.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty\n\nFall back to apic_find_highest_vector() when PID.ON is set but PIR\nturns out to be empty, to correctly report the highest pending interrupt\nfrom the existing IRR.\n\nIn a nested VM stress test, the following WARNING fires in\nvmx_check_nested_events() when kvm_cpu_has_interrupt() reports a pending\ninterrupt but the subsequent kvm_apic_has_interrupt() (which invokes\nvmx_sync_pir_to_irr() again) returns -1:\n\n  WARNING: CPU: 99 PID: 57767 at arch/x86/kvm/vmx/nested.c:4449 vmx_check_nested_events+0x6bf/0x6e0 [kvm_intel]\n  Call Trace:\n   kvm_check_and_inject_events\n   vcpu_enter_guest.constprop.0\n   vcpu_run\n   kvm_arch_vcpu_ioctl_run\n   kvm_vcpu_ioctl\n   __x64_sys_ioctl\n   do_syscall_64\n   entry_SYSCALL_64_after_hwframe\n\nThe root cause is a race between vmx_sync_pir_to_irr() on the target vCPU\nand __vmx_deliver_posted_interrupt() on a sender vCPU.  The sender\nperforms two individually-atomic operations that are not a single\ntransaction:\n\n  1. pi_test_and_set_pir(vector)  -- sets the PIR bit\n  2. pi_test_and_set_on()         -- sets PID.ON\n\nThe following interleaving triggers the bug:\n\n  Sender vCPU (IPI):              Target vCPU (1st sync_pir_to_irr):\n  B1: set PIR[vector]\n                                  A1: pi_clear_on()\n                                  A2: pi_harvest_pir() -> sees B1 bit\n                                  A3: xchg() -> consumes bit, PIR=0\n                                      (1st sync returns correct max_irr)\n  B2: set PID.ON = 1\n\n                                  Target vCPU (2nd sync_pir_to_irr):\n                                  C1: pi_test_on() -> TRUE (from B2)\n                                  C2: pi_clear_on() -> ON=0\n                                  C3: pi_harvest_pir() -> PIR empty\n                                  C4: *max_irr = -1, early return\n                                      IRR NOT SCANNED\n\nThe interrupt is not lost (it resides in the IRR from the first sync and\nis recovered on the next vcpu_enter_guest() iteration), but the incorrect\nmax_irr causes a spurious WARNING and a wasted L2 VM-Enter/VM-Exit cycle."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/x86/kvm/lapic.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b41f8638b9d30fbe045b4ef83ff4136c56a57397","lessThan":"bb1703949dcaa9a49c338dee075f659f4634214d","versionType":"git","status":"affected"},{"version":"b41f8638b9d30fbe045b4ef83ff4136c56a57397","lessThan":"4b6b06a8b12bfd95f9015074b1430c1480908073","versionType":"git","status":"affected"},{"version":"b41f8638b9d30fbe045b4ef83ff4136c56a57397","lessThan":"33fd0ccd2590b470b65adcca288615ad3b5e3e06","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/x86/kvm/lapic.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"6.18.30","matchCriteriaId":"0C6ED95F-C349-4582-8D0B-43787F134EDA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/33fd0ccd2590b470b65adcca288615ad3b5e3e06","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4b6b06a8b12bfd95f9015074b1430c1480908073","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bb1703949dcaa9a49c338dee075f659f4634214d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46296","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.037","lastModified":"2026-07-08T19:04:53.393","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: s3c64xx: fix NULL-deref on driver unbind\n\nA change moving DMA channel allocation from probe() back to\ns3c64xx_spi_prepare_transfer() failed to remove the corresponding\ndeallocation from remove().\n\nDrop the bogus DMA channel release from remove() to avoid triggering a\nNULL-pointer dereference on driver unbind.\n\nThis issue was flagged by Sashiko when reviewing a controller\nderegistration fix."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/spi/spi-s3c64xx.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f52b03c707444c5a3d1a0b9c5724f93ddc3c588e","lessThan":"29e219a18e21258bdb4ee12cecd0e9ec87d7e6a7","versionType":"git","status":"affected"},{"version":"f52b03c707444c5a3d1a0b9c5724f93ddc3c588e","lessThan":"1108b8722b9ff0cdd3e8aa18d98244fcd93b6760","versionType":"git","status":"affected"},{"version":"f52b03c707444c5a3d1a0b9c5724f93ddc3c588e","lessThan":"323a258f4b1916b5a3098618e036e033b2f2317f","versionType":"git","status":"affected"},{"version":"f52b03c707444c5a3d1a0b9c5724f93ddc3c588e","lessThan":"1b66f16a571a10ba8889ac471755c8af9c5b9266","versionType":"git","status":"affected"},{"version":"f52b03c707444c5a3d1a0b9c5724f93ddc3c588e","lessThan":"22788b1a8611380b141e09a8896702e32d164238","versionType":"git","status":"affected"},{"version":"f52b03c707444c5a3d1a0b9c5724f93ddc3c588e","lessThan":"45daacbead8a009844bd5dba6cfa731332184d17","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/spi/spi-s3c64xx.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.176","matchCriteriaId":"8D193E9E-2E9B-468E-B920-AD1EA1BA82C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1108b8722b9ff0cdd3e8aa18d98244fcd93b6760","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1b66f16a571a10ba8889ac471755c8af9c5b9266","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/22788b1a8611380b141e09a8896702e32d164238","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/29e219a18e21258bdb4ee12cecd0e9ec87d7e6a7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/323a258f4b1916b5a3098618e036e033b2f2317f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/45daacbead8a009844bd5dba6cfa731332184d17","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46297","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.160","lastModified":"2026-07-08T19:04:56.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: libwx: use request_irq for VF misc interrupt\n\nCurrently, request_threaded_irq() is used with a primary handler but a\nNULL threaded handler, while also setting the IRQF_ONESHOT flag. This\nspecific combination triggers a WARNING since the commit aef30c8d569c\n(\"genirq: Warn about using IRQF_ONESHOT without a threaded handler\").\n\nWARNING: kernel/irq/manage.c:1502 at __setup_irq+0x4fa/0x760\n\nFix the issue by switching to request_irq(), which is the appropriate\ninterface or a non-threaded interrupt handler, and removing the\nunnecessary IRQF_ONESHOT flag."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/wangxun/libwx/wx_vf_common.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"eb4898fde1de8cf09f8a6b344dbd87536e0b1170","lessThan":"1bca036fe3607182c21f05e2b262167edbef086c","versionType":"git","status":"affected"},{"version":"eb4898fde1de8cf09f8a6b344dbd87536e0b1170","lessThan":"a841574c6e573132681aa57f9b43a0a897a423f6","versionType":"git","status":"affected"},{"version":"eb4898fde1de8cf09f8a6b344dbd87536e0b1170","lessThan":"7a33345153eeeda195c55f15be27074e4c3b5109","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/wangxun/libwx/wx_vf_common.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.30","matchCriteriaId":"0382719F-0247-436A-881F-C7382FD213E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1bca036fe3607182c21f05e2b262167edbef086c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7a33345153eeeda195c55f15be27074e4c3b5109","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a841574c6e573132681aa57f9b43a0a897a423f6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46298","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.280","lastModified":"2026-07-08T14:49:04.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npseries/papr-hvpipe: Fix race with interrupt handler\n\nWhile executing ->ioctl handler or ->release handler, if an interrupt\nfires on the same cpu, then we can enter into a deadlock.\n\nThis patch fixes both these handlers to take spin_lock_irq{save|restore}\nversions of the lock to prevent this deadlock."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/powerpc/platforms/pseries/papr-hvpipe.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"814ef095f12c9fa142043ee689500f3a41bb6dab","lessThan":"342c966f81cfc3cb6c297e80b37a9f3a5d637d2c","versionType":"git","status":"affected"},{"version":"814ef095f12c9fa142043ee689500f3a41bb6dab","lessThan":"7a4f0846ee6cc8cf44ae0046ed42e3259d1dd45b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/powerpc/platforms/pseries/papr-hvpipe.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"7.0.7","matchCriteriaId":"B6254F94-5978-493F-9B48-7613CD207BD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/342c966f81cfc3cb6c297e80b37a9f3a5d637d2c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7a4f0846ee6cc8cf44ae0046ed42e3259d1dd45b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46299","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.393","lastModified":"2026-07-08T14:48:53.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: fix held lock freed on hfsplus_fill_super()\n\nhfsplus_fill_super() calls hfs_find_init() to initialize a search\nstructure, which acquires tree->tree_lock. If the subsequent call to\nhfsplus_cat_build_key() fails, the function jumps to the out_put_root\nerror label without releasing the lock. The later cleanup path then\nfrees the tree data structure with the lock still held, triggering a\nheld lock freed warning.\n\nFix this by adding the missing hfs_find_exit(&fd) call before jumping\nto the out_put_root error label. This ensures that tree->tree_lock is\nproperly released on the error path.\n\nThe bug was originally detected on v6.13-rc1 using an experimental\nstatic analysis tool we are developing, and we have verified that the\nissue persists in the latest mainline kernel. The tool is specifically\ndesigned to detect memory management issues. It is currently under active\ndevelopment and not yet publicly available.\n\nWe confirmed the bug by runtime testing under QEMU with x86_64 defconfig,\nlockdep enabled, and CONFIG_HFSPLUS_FS=y. To trigger the error path, we\nused GDB to dynamically shrink the max_unistr_len parameter to 1 before\nhfsplus_asc2uni() is called. This forces hfsplus_asc2uni() to naturally\nreturn -ENAMETOOLONG, which propagates to hfsplus_cat_build_key() and\nexercises the faulty error path. The following warning was observed\nduring mount:\n\n\t=========================\n\tWARNING: held lock freed!\n\t7.0.0-rc3-00016-gb4f0dd314b39 #4 Not tainted\n\t-------------------------\n\tmount/174 is freeing memory ffff888103f92000-ffff888103f92fff, with a lock still held there!\n\tffff888103f920b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x154/0x1e0\n\t2 locks held by mount/174:\n\t#0: ffff888103f960e0 (&type->s_umount_key#42/1){+.+.}-{4:4}, at: alloc_super.constprop.0+0x167/0xa40\n\t#1: ffff888103f920b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfsplus_find_init+0x154/0x1e0\n\n\tstack backtrace:\n\tCPU: 2 UID: 0 PID: 174 Comm: mount Not tainted 7.0.0-rc3-00016-gb4f0dd314b39 #4 PREEMPT(lazy)\n\tHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n\tCall Trace:\n\t<TASK>\n\tdump_stack_lvl+0x82/0xd0\n\tdebug_check_no_locks_freed+0x13a/0x180\n\tkfree+0x16b/0x510\n\t? hfsplus_fill_super+0xcb4/0x18a0\n\thfsplus_fill_super+0xcb4/0x18a0\n\t? __pfx_hfsplus_fill_super+0x10/0x10\n\t? srso_return_thunk+0x5/0x5f\n\t? bdev_open+0x65f/0xc30\n\t? srso_return_thunk+0x5/0x5f\n\t? pointer+0x4ce/0xbf0\n\t? trace_contention_end+0x11c/0x150\n\t? __pfx_pointer+0x10/0x10\n\t? srso_return_thunk+0x5/0x5f\n\t? bdev_open+0x79b/0xc30\n\t? srso_return_thunk+0x5/0x5f\n\t? srso_return_thunk+0x5/0x5f\n\t? vsnprintf+0x6da/0x1270\n\t? srso_return_thunk+0x5/0x5f\n\t? __mutex_unlock_slowpath+0x157/0x740\n\t? __pfx_vsnprintf+0x10/0x10\n\t? srso_return_thunk+0x5/0x5f\n\t? srso_return_thunk+0x5/0x5f\n\t? mark_held_locks+0x49/0x80\n\t? srso_return_thunk+0x5/0x5f\n\t? srso_return_thunk+0x5/0x5f\n\t? irqentry_exit+0x17b/0x5e0\n\t? trace_irq_disable.constprop.0+0x116/0x150\n\t? __pfx_hfsplus_fill_super+0x10/0x10\n\t? __pfx_hfsplus_fill_super+0x10/0x10\n\tget_tree_bdev_flags+0x302/0x580\n\t? __pfx_get_tree_bdev_flags+0x10/0x10\n\t? vfs_parse_fs_qstr+0x129/0x1a0\n\t? __pfx_vfs_parse_fs_qstr+0x3/0x10\n\tvfs_get_tree+0x89/0x320\n\tfc_mount+0x10/0x1d0\n\tpath_mount+0x5c5/0x21c0\n\t? __pfx_path_mount+0x10/0x10\n\t? trace_irq_enable.constprop.0+0x116/0x150\n\t? trace_irq_enable.constprop.0+0x116/0x150\n\t? srso_return_thunk+0x5/0x5f\n\t? srso_return_thunk+0x5/0x5f\n\t? kmem_cache_free+0x307/0x540\n\t? user_path_at+0x51/0x60\n\t? __x64_sys_mount+0x212/0x280\n\t? srso_return_thunk+0x5/0x5f\n\t__x64_sys_mount+0x212/0x280\n\t? __pfx___x64_sys_mount+0x10/0x10\n\t? srso_return_thunk+0x5/0x5f\n\t? trace_irq_enable.constprop.0+0x116/0x150\n\t? srso_return_thunk+0x5/0x5f\n\tdo_syscall_64+0x111/0x680\n\tentry_SYSCALL_64_after_hwframe+0x77/0x7f\n\tRIP: 0033:0x7ffacad55eae\n\tCode: 48 8b 0d 85 1f 0f 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 8\n\tRSP: 002b\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/hfsplus/super.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"e890656accee4c26d932ea388eb8936a6e22184d","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"6499c9c8ec437a369e7e221dad91f6122b50759d","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"c554ddc87af4d4e4be42f8aed1baec9e1c7588e0","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"3ca80e3012c8be85b4f8d0d20eac8d3b17ff257e","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"041acda6d9f96006703466449c10c9a69590c8b9","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"d309d3308de658d87c42d97e044c89a226327526","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"bfbcce6a7b0552a390620d9b2c4d2bcb1825cbdc","versionType":"git","status":"affected"},{"version":"89ac9b4d3d1a049ae1054f99b1aed81092cd0a82","lessThan":"90c500e4fd83fa33c09bc7ee23b6d9cc487ac733","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/hfsplus/super.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.19","status":"affected"},{"version":"0","lessThan":"3.19","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19","versionEndExcluding":"5.10.259","matchCriteriaId":"B7671B6F-58A3-4C86-AD1F-9A93A153C5C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/041acda6d9f96006703466449c10c9a69590c8b9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3ca80e3012c8be85b4f8d0d20eac8d3b17ff257e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6499c9c8ec437a369e7e221dad91f6122b50759d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90c500e4fd83fa33c09bc7ee23b6d9cc487ac733","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfbcce6a7b0552a390620d9b2c4d2bcb1825cbdc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c554ddc87af4d4e4be42f8aed1baec9e1c7588e0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d309d3308de658d87c42d97e044c89a226327526","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e890656accee4c26d932ea388eb8936a6e22184d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46301","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.560","lastModified":"2026-07-08T14:48:44.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: topcliff-pch: fix use-after-free on unbind\n\nGive the driver a chance to flush its queue before releasing the DMA\nbuffers on driver unbind"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/spi/spi-topcliff-pch.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"43334836b907adc21eab3079d2e6b26754468786","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"36e58c436d2c2a797800427dc04d74ffd8b6ce1c","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"4ca90deeca1c7dd72c1c380ba8143565516def2d","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"d79e92161b65832e0b8cad5f3d84d17e5cd7a970","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"8822980668c96b5aa251c1e2daec1873262b8f3f","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"d50ef3553acbacce6f2843304d41d06dca358bb6","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"0e8e57f9737ea257634db1d152fc430a0788a3e1","versionType":"git","status":"affected"},{"version":"c37f3c2749b53225d36faa5c583203c5f12ae15b","lessThan":"9d72732fe70c11424bc90ed466c7ccfa58b42a9a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/spi/spi-topcliff-pch.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.1","status":"affected"},{"version":"0","lessThan":"3.1","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.258","matchCriteriaId":"B5F925AF-0571-45EB-B3C7-3046B450381F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e8e57f9737ea257634db1d152fc430a0788a3e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/36e58c436d2c2a797800427dc04d74ffd8b6ce1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/43334836b907adc21eab3079d2e6b26754468786","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ca90deeca1c7dd72c1c380ba8143565516def2d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8822980668c96b5aa251c1e2daec1873262b8f3f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9d72732fe70c11424bc90ed466c7ccfa58b42a9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d50ef3553acbacce6f2843304d41d06dca358bb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d79e92161b65832e0b8cad5f3d84d17e5cd7a970","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46302","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.707","lastModified":"2026-07-08T14:48:36.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: allow multiple opens of /sys/fs/selinux/policy\n\nCurrently there can only be a single open of /sys/fs/selinux/policy at\nany time. This allows any process to block any other process from\nreading the kernel policy. The original motivation seems to have been\na mix of preventing an inconsistent view of the policy size and\npreventing userspace from allocating kernel memory without bound, but\nthis is arguably equally bad. Eliminate the policy_opened flag and\nshrink the critical section that the policy mutex is held. While we\nare making changes here, drop a couple of extraneous BUG_ONs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/selinux/selinuxfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cee74f47a6baba0ac457e87687fdcf0abd599f0a","lessThan":"714362f3779dfa453a78ced32396a72726962a41","versionType":"git","status":"affected"},{"version":"cee74f47a6baba0ac457e87687fdcf0abd599f0a","lessThan":"a02cd6805562305f936e807da83e253b719dd965","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/selinux/selinuxfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.37","status":"affected"},{"version":"0","lessThan":"2.6.37","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.37","versionEndExcluding":"7.0.7","matchCriteriaId":"DA80713D-F193-4E13-A301-ABB21A01CE03"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/714362f3779dfa453a78ced32396a72726962a41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a02cd6805562305f936e807da83e253b719dd965","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46303","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:48.853","lastModified":"2026-07-08T14:48:22.477","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: validate Rock Ridge CE continuation extent against volume size\n\nrock_continue() reads rs->cont_extent verbatim from the Rock Ridge CE\nrecord and passes it to sb_bread() without checking that the block\nnumber is within the mounted ISO 9660 volume.  commit e595447e177b\n(\"[PATCH] rock.c: handle corrupted directories\") added cont_offset\nand cont_size rejection for the CE continuation but did not validate\nthe extent block number itself.  commit f54e18f1b831 (\"isofs: Fix\ninfinite looping over CE entries\") later capped the CE chain length\nat RR_MAX_CE_ENTRIES = 32 but again left the block number unchecked.\n\nWith a crafted ISO mounted via udisks2 (desktop optical auto-mount)\nor via CAP_SYS_ADMIN mount, rs->cont_extent can therefore point at\nan out-of-range block or at blocks belonging to an adjacent\nfilesystem on the same block device.  sb_bread() on an out-of-range\nblock returns NULL cleanly via the block layer EIO path, so there\nis no memory-safety violation.  For in-range reads of adjacent-\nfilesystem data, the CE buffer is parsed as Rock Ridge records and\nonly the text of SL sub-records reaches userspace through\nreadlink(), which makes the info-leak channel narrow and difficult\nto exploit; still, rejecting the malformed CE outright matches the\nrejection shape already present in the same function for\ncont_offset and cont_size.\n\nAdd an ISOFS_SB(sb)->s_nzones bounds check to rock_continue() next\nto the existing offset/size rejection, printing the same\ncorrupted-directory-entry notice."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/isofs/rock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"8356fb821016797f5677cbeee5ddc0d32a95b4be","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"d582e12378bc1637f337622feef762f53c43fd57","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"bf1bc673c587f5ef7e9c09b94aea7c5a7847d4d9","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"c9b37c8b73f6368e4750e5ccb0632c380b43c6e5","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"22b36fa081f38ab397c7697f9d539211b51a0cfc","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"e69da8eeab74b4f4505024c38a17bce060fe7df8","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"ef048470c90bc8c1b8318bb2ce329da9ef64b9fe","versionType":"git","status":"affected"},{"version":"f54e18f1b831c92f6512d2eedb224cd63d607d3d","lessThan":"a36d990f591320e9dd379ab30063ebfe91d47e1f","versionType":"git","status":"affected"},{"version":"08313e26e06d4aa9ce1cbba1a8e359e9cab9ad56","versionType":"git","status":"affected"},{"version":"212c4d33ca83e2144064fe9c2911607fbed5386f","versionType":"git","status":"affected"},{"version":"96e44adce250199ec9b2b928be66365779ff1b59","versionType":"git","status":"affected"},{"version":"1fe5620fcd6c2f0a4a927ee10c8e53196da392f3","versionType":"git","status":"affected"},{"version":"fbce0d7dc8965c9fb8d411862040239d4a768c71","versionType":"git","status":"affected"},{"version":"8190393a88f2b0321263a54f2a9eb5a2aa43be7e","versionType":"git","status":"affected"},{"version":"486aa789eadcf44ed87f972b209299c516454693","versionType":"git","status":"affected"},{"version":"b6d20edb6e7cedb4eedb9e0193d20dd488ebae84","versionType":"git","status":"affected"},{"version":"2.6.32.66","lessThan":"2.6.33","versionType":"semver","status":"affected"},{"version":"3.2.67","lessThan":"3.3","versionType":"semver","status":"affected"},{"version":"3.4.107","lessThan":"3.5","versionType":"semver","status":"affected"},{"version":"3.10.64","lessThan":"3.11","versionType":"semver","status":"affected"},{"version":"3.12.36","lessThan":"3.13","versionType":"semver","status":"affected"},{"version":"3.14.28","lessThan":"3.15","versionType":"semver","status":"affected"},{"version":"3.17.8","lessThan":"3.18","versionType":"semver","status":"affected"},{"version":"3.18.2","lessThan":"3.19","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/isofs/rock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.19","status":"affected"},{"version":"0","lessThan":"3.19","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32.66","versionEndExcluding":"2.6.33","matchCriteriaId":"AE79466A-8004-4545-9F2B-9AE61FF25E49"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.67","versionEndExcluding":"3.3","matchCriteriaId":"E339763B-0FFB-4F77-925F-B75B0574196F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.107","versionEndExcluding":"3.5","matchCriteriaId":"5D756A04-79C7-4DB6-9A50-9E8E5B2757F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.10.64","versionEndExcluding":"3.11","matchCriteriaId":"2B3FB946-FA61-41D1-8295-A7D889D63B3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12.36","versionEndExcluding":"3.13","matchCriteriaId":"881E140A-B761-4577-B10F-CF48988916FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.14.28","versionEndExcluding":"3.15","matchCriteriaId":"BA5F1F71-BA36-4EC2-A59D-E285C9983115"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17.8","versionEndExcluding":"3.18","matchCriteriaId":"1743B4F8-1859-415F-9EB5-A33C53ABCD2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.2","versionEndExcluding":"5.10.258","matchCriteriaId":"5C5C08E2-8006-4964-BA58-B339247E1301"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/22b36fa081f38ab397c7697f9d539211b51a0cfc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8356fb821016797f5677cbeee5ddc0d32a95b4be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a36d990f591320e9dd379ab30063ebfe91d47e1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf1bc673c587f5ef7e9c09b94aea7c5a7847d4d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9b37c8b73f6368e4750e5ccb0632c380b43c6e5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d582e12378bc1637f337622feef762f53c43fd57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e69da8eeab74b4f4505024c38a17bce060fe7df8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ef048470c90bc8c1b8318bb2ce329da9ef64b9fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46304","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.053","lastModified":"2026-07-08T14:48:12.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free\n\nnvmet_tcp_release_queue_work() runs on nvmet-wq and can drop the\nfinal controller reference through nvmet_cq_put(). If that triggers\nnvmet_ctrl_free(), the teardown path flushes ctrl->async_event_work on\nthe same nvmet-wq.\n\nCall chain:\n\n nvmet_tcp_schedule_release_queue()\n   kref_put(&queue->kref, nvmet_tcp_release_queue)\n     nvmet_tcp_release_queue()\n       queue_work(nvmet_wq, &queue->release_work) <--- nvmet_wq\n         process_one_work()\n           nvmet_tcp_release_queue_work()\n             nvmet_cq_put(&queue->nvme_cq)\n               nvmet_cq_destroy()\n                 nvmet_ctrl_put(cq->ctrl)\n                   nvmet_ctrl_free()\n                     flush_work(&ctrl->async_event_work) <--- nvmet_wq\n\n                      Previously Scheduled by :-\n\t\t        nvmet_add_async_event\n\t\t          queue_work(nvmet_wq, &ctrl->async_event_work);\n\nThis trips lockdep with a possible recursive locking warning.\n\n[ 5223.015876] run blktests nvme/003 at 2026-04-07 20:53:55\n[ 5223.061801] loop0: detected capacity change from 0 to 2097152\n[ 5223.072206] nvmet: adding nsid 1 to subsystem blktests-subsystem-1\n[ 5223.088368] nvmet_tcp: enabling port 0 (127.0.0.1:4420)\n[ 5223.126086] nvmet: Created discovery controller 1 for subsystem nqn.2014-08.org.nvmexpress.discovery for NQN nqn.2014-08.org.nvmexpress:uuid:0f01fb42-9f7f-4856-b0b3-51e60b8de349.\n[ 5223.128453] nvme nvme1: new ctrl: NQN \"nqn.2014-08.org.nvmexpress.discovery\", addr 127.0.0.1:4420, hostnqn: nqn.2014-08.org.nvmexpress:uuid:0f01fb42-9f7f-4856-b0b3-51e60b8de349\n[ 5233.199447] nvme nvme1: Removing ctrl: NQN \"nqn.2014-08.org.nvmexpress.discovery\"\n\n[ 5233.227718] ============================================\n[ 5233.231283] WARNING: possible recursive locking detected\n[ 5233.234696] 7.0.0-rc3nvme+ #20 Tainted: G           O     N\n[ 5233.238434] --------------------------------------------\n[ 5233.241852] kworker/u192:6/2413 is trying to acquire lock:\n[ 5233.245429] ffff888111632548 ((wq_completion)nvmet-wq){+.+.}-{0:0}, at: touch_wq_lockdep_map+0x26/0x90\n[ 5233.251438]\n               but task is already holding lock:\n[ 5233.255254] ffff888111632548 ((wq_completion)nvmet-wq){+.+.}-{0:0}, at: process_one_work+0x5cc/0x6e0\n[ 5233.261125]\n               other info that might help us debug this:\n[ 5233.265333]  Possible unsafe locking scenario:\n\n[ 5233.269217]        CPU0\n[ 5233.270795]        ----\n[ 5233.272436]   lock((wq_completion)nvmet-wq);\n[ 5233.275241]   lock((wq_completion)nvmet-wq);\n[ 5233.278020]\n                *** DEADLOCK ***\n\n[ 5233.281793]  May be due to missing lock nesting notation\n\n[ 5233.286195] 3 locks held by kworker/u192:6/2413:\n[ 5233.289192]  #0: ffff888111632548 ((wq_completion)nvmet-wq){+.+.}-{0:0}, at: process_one_work+0x5cc/0x6e0\n[ 5233.294569]  #1: ffffc9000e2a7e40 ((work_completion)(&queue->release_work)){+.+.}-{0:0}, at: process_one_work+0x1c5/0x6e0\n[ 5233.300128]  #2: ffffffff82d7dc40 (rcu_read_lock){....}-{1:3}, at: __flush_work+0x62/0x530\n[ 5233.304290]\n               stack backtrace:\n[ 5233.306520] CPU: 4 UID: 0 PID: 2413 Comm: kworker/u192:6 Tainted: G           O     N  7.0.0-rc3nvme+ #20 PREEMPT(full)\n[ 5233.306524] Tainted: [O]=OOT_MODULE, [N]=TEST\n[ 5233.306525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.17.0-0-gb52ca86e094d-prebuilt.qemu.org 04/01/2014\n[ 5233.306527] Workqueue: nvmet-wq nvmet_tcp_release_queue_work [nvmet_tcp]\n[ 5233.306532] Call Trace:\n[ 5233.306534]  <TASK>\n[ 5233.306536]  dump_stack_lvl+0x73/0xb0\n[ 5233.306552]  print_deadlock_bug+0x225/0x2f0\n[ 5233.306556]  __lock_acquire+0x13f0/0x2290\n[ 5233.306563]  lock_acquire+0xd0/0x300\n[ 5233.306565]  ? touch_wq_lockdep_map+0x26/0x90\n[ 5233.306571]  ? __flush_work+0x20b/0x530\n[ 5233.306573]  ? touch_wq_lockdep_map+0x26/0x90\n[ 5233.306577]  touch_wq_lockdep_map+0x3b/0x90\n[ 5233.306580]  ? touch_wq_lockdep_map+0x26/0x90\n[ 52\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/nvme/target/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"ae5b0cad163833e10b271e9becc05d81dae56e5f","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"8d66ba89480ff098a58d79003a505f383aa4e920","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"a696fbbd5240b4ac9b166f7bd4c550882ff543f1","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"9a4d7222c0955b221e38bb66d10e6bccb672c8a1","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"ee6e20c4bc9eae542a0954a368449532383169d4","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"781f47d641432c26c19625b2cdd7f40825097592","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"551f445a56a11a6457550cddcf39c9ebb8bcacc6","versionType":"git","status":"affected"},{"version":"06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5","lessThan":"aade8abd8b868b6ffa9697aadaea28ec7f65bee6","versionType":"git","status":"affected"},{"version":"3976dd677e891c0b2c63d08028d445663539472c","versionType":"git","status":"affected"},{"version":"4.9.68","lessThan":"4.10","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/nvme/target/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.68","versionEndExcluding":"4.10","matchCriteriaId":"F852DBF1-7260-4E35-8D25-C8F8EEF895D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10.1","versionEndExcluding":"5.10.258","matchCriteriaId":"13B8D12A-AFCB-4D1D-8998-0A1CF5BCAC14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10:-:*:*:*:*:*:*","matchCriteriaId":"C201E405-86F2-4F96-984A-00A865219C86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10:rc6:*:*:*:*:*:*","matchCriteriaId":"09B6110F-7933-484D-AEAF-5D15FF38647E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10:rc7:*:*:*:*:*:*","matchCriteriaId":"75694C52-0ADF-45EC-80AC-D973535B5CB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.10:rc8:*:*:*:*:*:*","matchCriteriaId":"29F29665-6B16-4D9F-A417-D0743395DF01"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/551f445a56a11a6457550cddcf39c9ebb8bcacc6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/781f47d641432c26c19625b2cdd7f40825097592","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d66ba89480ff098a58d79003a505f383aa4e920","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a4d7222c0955b221e38bb66d10e6bccb672c8a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a696fbbd5240b4ac9b166f7bd4c550882ff543f1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aade8abd8b868b6ffa9697aadaea28ec7f65bee6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae5b0cad163833e10b271e9becc05d81dae56e5f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee6e20c4bc9eae542a0954a368449532383169d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46305","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.253","lastModified":"2026-07-08T14:47:58.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc\n\nThe return value of kzalloc_flex() is used without\nensuring that the allocation succeeded, and the\npointer is dereferenced unconditionally.\n\nGuard the access to the allocated structure to\navoid a potential NULL pointer dereference if the\nallocation fails."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/staging/rtl8723bs/os_dep/osdep_service.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"980cd426a25747daf8ed25e2a1904b2d26ffbb3d","lessThan":"0a5f411becfb7c57aa89827213d31ef23a03d75a","versionType":"git","status":"affected"},{"version":"980cd426a25747daf8ed25e2a1904b2d26ffbb3d","lessThan":"bc851db06045a40c18233dd76ef0562d7f8bb6db","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/staging/rtl8723bs/os_dep/osdep_service.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"7.0.7","matchCriteriaId":"FD366C5A-E83E-40D3-BB82-BD3DEB7815B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a5f411becfb7c57aa89827213d31ef23a03d75a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc851db06045a40c18233dd76ef0562d7f8bb6db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46306","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.383","lastModified":"2026-07-08T14:47:47.940","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nflow_dissector: do not dissect PPPoE PFC frames\n\nRFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT\nRECOMMENDED for PPPoE. In practice, pppd does not support negotiating\nPFC for PPPoE sessions, and the flow dissector driver has assumed an\nuncompressed frame until the blamed commit.\n\nDuring the review process of that commit [1], support for PFC is\nsuggested. However, having a compressed (1-byte) protocol field means\nthe subsequent PPP payload is shifted by one byte, causing 4-byte\nmisalignment for the network header and an unaligned access exception\non some architectures.\n\nThe exception can be reproduced by sending a PPPoE PFC frame to an\nethernet interface of a MIPS board, with RPS enabled, even if no PPPoE\nsession is active on that interface:\n\n$ 0   : 00000000 80c40000 00000000 85144817\n$ 4   : 00000008 00000100 80a75758 81dc9bb8\n$ 8   : 00000010 8087ae2c 0000003d 00000000\n$12   : 000000e0 00000039 00000000 00000000\n$16   : 85043240 80a75758 81dc9bb8 00006488\n$20   : 0000002f 00000007 85144810 80a70000\n$24   : 81d1bda0 00000000\n$28   : 81dc8000 81dc9aa8 00000000 805ead08\nHi    : 00009d51\nLo    : 2163358a\nepc   : 805e91f0 __skb_flow_dissect+0x1b0/0x1b50\nra    : 805ead08 __skb_get_hash_net+0x74/0x12c\nStatus: 11000403        KERNEL EXL IE\nCause : 40800010 (ExcCode 04)\nBadVA : 85144817\nPrId  : 0001992f (MIPS 1004Kc)\nCall Trace:\n[<805e91f0>] __skb_flow_dissect+0x1b0/0x1b50\n[<805ead08>] __skb_get_hash_net+0x74/0x12c\n[<805ef330>] get_rps_cpu+0x1b8/0x3fc\n[<805fca70>] netif_receive_skb_list_internal+0x324/0x364\n[<805fd120>] napi_complete_done+0x68/0x2a4\n[<8058de5c>] mtk_napi_rx+0x228/0xfec\n[<805fd398>] __napi_poll+0x3c/0x1c4\n[<805fd754>] napi_threaded_poll_loop+0x234/0x29c\n[<805fd848>] napi_threaded_poll+0x8c/0xb0\n[<80053544>] kthread+0x104/0x12c\n[<80002bd8>] ret_from_kernel_thread+0x14/0x1c\n\nCode: 02d51821  1060045b  00000000 <8c640000> 3084000f  2c820005  144001a2  00042080  8e220000\n\nTo reduce the attack surface and maintain performance, do not process\nPPPoE PFC frames.\n\n[1] https://lore.kernel.org/r/20220630231016.GA392@debian.home"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/flow_dissector.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"10f665b52a75df6eb26ddebbbc072ee264183731","lessThan":"e7c811ca372d53c2be7d01a1614e71fae1054836","versionType":"git","status":"affected"},{"version":"d7e541e86122d21f71eb71c5dfa7fb1eb6623fe8","lessThan":"abc5bc84e0f2edc7ea2d437afa6ef3fe1fc43200","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"18ae9eacfc95cc715c0606b2c86e8aa8a86cf3e3","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"db104b0d8a7856397c0469d83a4289adf7c54863","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"6044392d9cace3a3672b02c8bc7d38b502e51734","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"0d00b9015069712944934bab09eaa6c542143049","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"7c93f353eab4ea911e394630f07d72e040a729d8","versionType":"git","status":"affected"},{"version":"46126db9c86110e5fc1e369b9bb89735ddefdae4","lessThan":"d6c19b31a3c1d519fabdcf0aa239e6b6109b9473","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/flow_dissector.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.175","matchCriteriaId":"58CA276A-38F2-4887-9AE9-787C2AF59753"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0d00b9015069712944934bab09eaa6c542143049","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/18ae9eacfc95cc715c0606b2c86e8aa8a86cf3e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6044392d9cace3a3672b02c8bc7d38b502e51734","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c93f353eab4ea911e394630f07d72e040a729d8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/abc5bc84e0f2edc7ea2d437afa6ef3fe1fc43200","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6c19b31a3c1d519fabdcf0aa239e6b6109b9473","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db104b0d8a7856397c0469d83a4289adf7c54863","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7c811ca372d53c2be7d01a1614e71fae1054836","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46307","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.547","lastModified":"2026-07-08T14:47:35.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath5k: do not access array OOB\n\nVincent reports:\n> The ath5k driver seems to do an array-index-out-of-bounds access as\n> shown by the UBSAN kernel message:\n> UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath5k/base.c:1741:20\n> index 4 is out of range for type 'ieee80211_tx_rate [4]'\n> ...\n> Call Trace:\n>  <TASK>\n>  dump_stack_lvl+0x5d/0x80\n>  ubsan_epilogue+0x5/0x2b\n>  __ubsan_handle_out_of_bounds.cold+0x46/0x4b\n>  ath5k_tasklet_tx+0x4e0/0x560 [ath5k]\n>  tasklet_action_common+0xb5/0x1c0\n\nIt is real. 'ts->ts_final_idx' can be 3 on 5212, so:\n   info->status.rates[ts->ts_final_idx + 1].idx = -1;\nwith the array defined as:\n   struct ieee80211_tx_rate rates[IEEE80211_TX_MAX_RATES];\nwhile the size is:\n   #define IEEE80211_TX_MAX_RATES  4\nis indeed bogus.\n\nSet this 'idx = -1' sentinel only if the array index is less than the\narray size. As mac80211 will not look at rates beyond the size\n(IEEE80211_TX_MAX_RATES).\n\nNote: The effect of the OOB write is negligible. It just overwrites the\nnext member of info->status, i.e. ack_signal."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/wireless/ath/ath5k/base.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"ecb1c163166759dec004c1fdb9709b8a5992fc8e","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"9dd6aae4bc7bfa11088d928670a3315eae542769","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"744c19e266b0d2628c5951439195dcef27eadacf","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"83226c71af53fb9b3cad40cb9a9a79f36d68c020","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"d6869537013b1f21b292342752d97868b79b5934","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"e9f1081bc775146156def0dbc821b92f35d56afb","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"568173ad9bd0b46cc6cd937dea8791e9b5eefa57","versionType":"git","status":"affected"},{"version":"6d7b97b23e114c8fbb825e6721164d228c1af3fc","lessThan":"d748603f12baff112caa3ab7d39f50100f010dbd","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/wireless/ath/ath5k/base.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.0","status":"affected"},{"version":"0","lessThan":"3.0","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"5.10.258","matchCriteriaId":"ADE9309F-1058-4BD7-8F94-3FE94CF5B8A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/568173ad9bd0b46cc6cd937dea8791e9b5eefa57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/744c19e266b0d2628c5951439195dcef27eadacf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83226c71af53fb9b3cad40cb9a9a79f36d68c020","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9dd6aae4bc7bfa11088d928670a3315eae542769","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d6869537013b1f21b292342752d97868b79b5934","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d748603f12baff112caa3ab7d39f50100f010dbd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e9f1081bc775146156def0dbc821b92f35d56afb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecb1c163166759dec004c1fdb9709b8a5992fc8e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46308","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.707","lastModified":"2026-07-08T14:47:18.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy()\n\nIn scpsys_get_bus_protection_legacy(), of_find_node_with_property()\nreturns a device node with its reference count incremented. The function\nthen calls of_node_put(node) before checking whether\nsyscon_regmap_lookup_by_phandle() returns an error. If an error occurs,\ndev_err_probe() dereferences the node pointer to print diagnostic\ninformation, but the node memory may have already been freed due to the\nearlier of_node_put(), leading to a use-after-free vulnerability.\n\nFix this by moving the of_node_put() call after the error check, ensuring\nthe node is still valid when accessed in the error path."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/pmdomain/mediatek/mtk-pm-domains.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c29345fa5f66bea0790cf2219f57b974d4fc177b","lessThan":"cb27e43c0511e9e1ca8818d231656070b11c18cf","versionType":"git","status":"affected"},{"version":"c29345fa5f66bea0790cf2219f57b974d4fc177b","lessThan":"38d8410021b55d226847b2ac8d189d89fe5a8866","versionType":"git","status":"affected"},{"version":"c29345fa5f66bea0790cf2219f57b974d4fc177b","lessThan":"ec1fcddb3117d9452210e838fd37389ee61e10e8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/pmdomain/mediatek/mtk-pm-domains.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.30","matchCriteriaId":"9EB9FADE-E22F-41C2-9790-4F5564D59E62"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/38d8410021b55d226847b2ac8d189d89fe5a8866","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cb27e43c0511e9e1ca8818d231656070b11c18cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec1fcddb3117d9452210e838fd37389ee61e10e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46309","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.820","lastModified":"2026-07-08T14:52:28.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise\n\nAdd validation in xe_vm_madvise_ioctl() to reject PAT indices with\nXE_COH_NONE coherency mode when applied to CPU cached memory.\n\nUsing coh_none with CPU cached buffers is a security issue. When the\nkernel clears pages before reallocation, the clear operation stays in\nCPU cache (dirty). GPU with coh_none can bypass CPU caches and read\nstale sensitive data directly from DRAM, potentially leaking data from\npreviously freed pages of other processes.\n\nThis aligns with the existing validation in vm_bind path\n(xe_vm_bind_ioctl_validate_bo).\n\nv2(Matthew brost)\n- Add fixes\n- Move one debug print to better place\n\nv3(Matthew Auld)\n- Should be drm/xe/uapi\n- More Cc\n\nv4(Shuicheng Lin)\n- Fix kmem leak issues by the way\n\nv5\n- Remove kmem leak because it has been merged by another patch\n\nv6\n- Remove the fix which is not related to current fix\n\nv7\n- No change\n\nv8\n- Rebase\n\nv9\n- Limit the restrictions to iGPU\n\nv10\n- No change\n\n(cherry picked from commit 016ccdb674b8c899940b3944952c96a6a490d10a)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/xe/xe_vm_madvise.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ada7486c5668db542a7d361268df931aca5b726a","lessThan":"87f9b1528e1ffc1da3615d552c9a06aba5e20b00","versionType":"git","status":"affected"},{"version":"ada7486c5668db542a7d361268df931aca5b726a","lessThan":"fea04cf6f2345bc50f15b6638906c35962b89424","versionType":"git","status":"affected"},{"version":"ada7486c5668db542a7d361268df931aca5b726a","lessThan":"4e5591c2fc1b30f4ea5e2eab4c3a695acc404e39","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/xe/xe_vm_madvise.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18","status":"affected"},{"version":"0","lessThan":"6.18","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-524"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18","versionEndExcluding":"6.18.32","matchCriteriaId":"C29FBB84-11C5-4598-8812-17C64D98F7F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4e5591c2fc1b30f4ea5e2eab4c3a695acc404e39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87f9b1528e1ffc1da3615d552c9a06aba5e20b00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fea04cf6f2345bc50f15b6638906c35962b89424","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-46309","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486468","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46309.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46310","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:49.943","lastModified":"2026-07-08T14:51:33.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: renesas: vsp1: Fix NULL pointer deref on module unload\n\nWhen unloading the module on gen 4, we hit a NULL pointer dereference.\nThis is caused by the cleanup code calling vsp1_drm_cleanup() where it\nshould be calling vsp1_vspx_cleanup().\n\nFix this by checking the IP version and calling the drm or vspx function\naccordingly, the same way as the init code does."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/platform/renesas/vsp1/vsp1_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d06c1a9f348d22478c6bc5684f9c990e15ada1e9","lessThan":"bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98","versionType":"git","status":"affected"},{"version":"d06c1a9f348d22478c6bc5684f9c990e15ada1e9","lessThan":"c4bb1515b26663e5230603892e67f2cc7df9f0ca","versionType":"git","status":"affected"},{"version":"d06c1a9f348d22478c6bc5684f9c990e15ada1e9","lessThan":"58b1e9664d8f74d55d8411cc7a7b275a76a6f24f","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/platform/renesas/vsp1/vsp1_drv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.32","matchCriteriaId":"AB70B664-FBEC-44D2-8EE3-2EC62F0006A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/58b1e9664d8f74d55d8411cc7a7b275a76a6f24f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfb2081ba00afbbd15a5ed1ed1acdc3edeea5a98","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c4bb1515b26663e5230603892e67f2cc7df9f0ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46311","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:50.053","lastModified":"2026-07-08T14:51:25.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu/userq: fix access to stale wptr mapping\n\nUse drm_exec to take both locks i.e vm root bo and\nwptr_obj bo to access the mapping data properly.\n\nThis fixes the security issue of unmap the wptr_obj while\na queue creation is in progress and passing other\nbo at same address.\n\n(cherry picked from commit 1fc6c8ab45dbee096469c08c13f6099d57a52d6c)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdgpu/mes_userqueue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5fb2f7fc21a3668e5794cc0d153641b9719713e1","lessThan":"336a9186f3a4b65bbd865d93936605ac8a1a3991","versionType":"git","status":"affected"},{"version":"5fb2f7fc21a3668e5794cc0d153641b9719713e1","lessThan":"6da7b1242da4455b11c24ce667d1cab1a348c8ea","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdgpu/mes_userqueue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"7.0.9","matchCriteriaId":"55FA23CC-1F5B-49A6-AE4B-FA3DF99F72EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/336a9186f3a4b65bbd865d93936605ac8a1a3991","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6da7b1242da4455b11c24ce667d1cab1a348c8ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46312","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:50.160","lastModified":"2026-07-08T14:51:14.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: videobuf2: Set vma_flags in vb2_dma_sg_mmap\n\nvb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not\nsee a reason why vb2_dma_sg should behave differently. This avoids\nhitting `WARN_ON(!(vma->vm_flags & VM_DONTEXPAND));` in\ndrm_gem_mmap_obj() during mmap() of an imported dma-buf from the out of\ntree Apple ISP camera capture driver which uses vb2_dma_sg_memops.\n\ngst-launch-1.0 v4l2src ! gtk4paintablesink\n\n[   38.201528] ------------[ cut here ]------------\n[   38.202135] WARNING: CPU: 7 PID: 2362 at drivers/gpu/drm/drm_gem.c:1144 drm_gem_mmap_obj+0x1f8/0x210\n[   38.203278] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer\nsnd_seq snd_seq_device uinput nf_conntrack_netbios_ns\nnf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat\nnf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables qrtr bnep\nnls_ascii i2c_dev loop fuse dm_multipath nfnetlink brcmfmac_wcc\nhid_magicmouse hci_bcm4377 brcmfmac brcmutil bluetooth ecdh_generic\ncfg80211 ecc btrfs xor xor_neon rfkill hid_apple raid6_pq joydev\naop_als apple_nvmem_spmi industrialio snd_soc_aop apple_z2\nsnd_soc_cs42l84 tps6598x snd_soc_tas2764 macsmc_reboot spi_nor\nmacsmc_hwmon rtc_macsmc gpio_macsmc macsmc_power regmap_spmi\nmacsmc_input dockchannel_hid panel_summit appledrm nvme_apple dwc3\nsnd_soc_macaudio drm_client_lib nvme_core phy_apple_atc hwmon\napple_sart apple_dockchannel macsmc apple_rtkit_helper\nspmi_apple_controller aop apple_wdt mfd_core nvmem_apple_efuses\npinctrl_apple_gpio apple_isp apple_dcp videobuf2_dma_sg mux_core\nspi_apple\n[   38.203300]  videobuf2_memops i2c_pasemi_platform snd_soc_apple_mca videobuf2_v4l2 videodev clk_apple_nco videobuf2_common snd_pcm_dmaengine adpdrm asahi apple_admac adpdrm_mipi drm_dma_helper pwm_apple i2c_pasemi_core drm_display_helper mc cec apple_dart ofpart apple_soc_cpufreq leds_pwm phram\n[   38.217677] CPU: 7 UID: 1000 PID: 2362 Comm: gst-launch-1.0 Tainted: G        W           6.17.6+ #asahi-dev PREEMPT(full)\n[   38.219040] Tainted: [W]=WARN\n[   38.219398] Hardware name: Apple MacBook Pro (13-inch, M2, 2022) (DT)\n[   38.220213] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[   38.221088] pc : drm_gem_mmap_obj+0x1f8/0x210\n[   38.221643] lr : drm_gem_mmap_obj+0x78/0x210\n[   38.222178] sp : ffffc0008dc678e0\n[   38.222579] x29: ffffc0008dc678e0 x28: 0000000000042a97 x27: ffff8000b701b480\n[   38.223465] x26: 00000000000000fb x25: ffffc0008dc67d20 x24: ffffc0008dc67968\n[   38.224402] x23: ffff8000e3ca5600 x22: ffff8000265b7800 x21: ffff80003000c0c0\n[   38.225279] x20: 0000000000000000 x19: ffff8000b68c5200 x18: ffffc0008dc67968\n[   38.226151] x17: 0000000000000000 x16: 0000000000000000 x15: ffffc000810a30a8\n[   38.227042] x14: 00007fff637effff x13: 00005555de91ffff x12: 00007fff63293fff\n[   38.227942] x11: 0000000000000000 x10: ffff8000184ecf08 x9 : ffffc0007a1900c8\n[   38.228824] x8 : ffffc0008dc67968 x7 : 0000000000000012 x6 : ffffc0015cf1c000\n[   38.229703] x5 : ffffc0008dc676a0 x4 : ffffc00081a27dc0 x3 : 0000000000000038\n[   38.230607] x2 : 0000000000000003 x1 : 0000000000000003 x0 : 00000000100000fb\n[   38.231488] Call trace:\n[   38.231806]  drm_gem_mmap_obj+0x1f8/0x210 (P)\n[   38.232342]  drm_gem_mmap+0x140/0x260\n[   38.232813]  __mmap_region+0x488/0x9a0\n[   38.233277]  mmap_region+0xd0/0x148\n[   38.233703]  do_mmap+0x350/0x5c0\n[   38.234148]  vm_mmap_pgoff+0x14c/0x200\n[   38.234612]  ksys_mmap_pgoff+0x150/0x208\n[   38.235107]  __arm64_sys_mmap+0x34/0x50\n[   38.235611]  invoke_syscall+0x50/0x120\n[   38.236075]  el0_svc_common.constprop.0+0x48/0xf0\n[   38.236680]  do_el0_svc+0x24/0x38\n[   38.237113]  el0_svc+0x38/0x168\n[   38.237507]  el0t_64_sync_handler+0xa0/0xe8\n[   38.238034]  el0t_64_sync+0x198/0x1a0\n[   38.238491] ---[ end trace 0000000000000000 ]---\n\nThere were discussions in [1] at the end of 2023 that mmap() on imported\n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/common/videobuf2/videobuf2-dma-sg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"feb17524aa4ec337749344be0db52b88663e25ab","versionType":"git","status":"affected"},{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"1a1360264f699521e001e7739009ee3ee3c6a4f5","versionType":"git","status":"affected"},{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"21fade52ab9fb13368a5709e60b0d9909197aeae","versionType":"git","status":"affected"},{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"b4cf91658a636618f1437beec971dec25dec28eb","versionType":"git","status":"affected"},{"version":"5ba3f757f0592ca001266b4a6214d0332349909c","lessThan":"7254b31a13aaa0c2c0f9ffbc335b718656117ff4","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/common/videobuf2/videobuf2-dma-sg.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.39","status":"affected"},{"version":"0","lessThan":"2.6.39","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.90","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.39","versionEndExcluding":"6.6.140","matchCriteriaId":"CAC2E7BE-0901-4354-9F17-4B2D83360D14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.90","matchCriteriaId":"3BAAA2BE-6EEC-45D5-AD66-50F63CA20483"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.32","matchCriteriaId":"CB9F1FA8-6D5E-42B1-9877-57BACFE5C886"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a1360264f699521e001e7739009ee3ee3c6a4f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/21fade52ab9fb13368a5709e60b0d9909197aeae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7254b31a13aaa0c2c0f9ffbc335b718656117ff4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b4cf91658a636618f1437beec971dec25dec28eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/feb17524aa4ec337749344be0db52b88663e25ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46313","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:50.317","lastModified":"2026-07-08T14:51:05.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: intel/ipu6: fix error pointer dereference\n\nIn a error path isp->psys is confirmed to be an error pointer not NULL so\nthis condition is true and the error pointer is dereferenced. So isp-psys\nshould be set to NULL before going to out_ipu6_bus_del_devices.\n\nDetected by Smatch:\ndrivers/media/pci/intel/ipu6/ipu6.c:690 ipu6_pci_probe() error:\n'isp->psys' dereferencing possible ERR_PTR()\n\n[Sakari Ailus: Fix commit message.]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/media/pci/intel/ipu6/ipu6.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"25fedc021985a66a357a599ab771d6b495b6f78c","lessThan":"fad134c446189e9bb48cea1a5ca426d2889a9c71","versionType":"git","status":"affected"},{"version":"25fedc021985a66a357a599ab771d6b495b6f78c","lessThan":"f43e30646fc93799f3f48530d0ccbd52902c0541","versionType":"git","status":"affected"},{"version":"25fedc021985a66a357a599ab771d6b495b6f78c","lessThan":"c352f90e093ae49902e47f41579e1aa41899ff64","versionType":"git","status":"affected"},{"version":"25fedc021985a66a357a599ab771d6b495b6f78c","lessThan":"8dd088b8b106f7b119664f965b691785998edcfb","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/media/pci/intel/ipu6/ipu6.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.12.90","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.32","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.90","matchCriteriaId":"45E7C926-2B7A-4779-8663-0E6229DF2929"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.32","matchCriteriaId":"CB9F1FA8-6D5E-42B1-9877-57BACFE5C886"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8dd088b8b106f7b119664f965b691785998edcfb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c352f90e093ae49902e47f41579e1aa41899ff64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f43e30646fc93799f3f48530d0ccbd52902c0541","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fad134c446189e9bb48cea1a5ca426d2889a9c71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46314","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-08T17:16:50.430","lastModified":"2026-07-08T14:50:58.003","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/v3d: Reject empty multisync extension to prevent infinite loop\n\nv3d_get_extensions() walks a userspace-provided singly-linked list of\nioctl extensions without any bound on the chain length. A local user\ncan craft a self-referential extension (ext->next == &ext) with zero\nin_sync_count and out_sync_count, which bypasses the existing duplicate-\nextension guard:\n\n    if (se->in_sync_count || se->out_sync_count)\n            return -EINVAL;\n\nThe guard never fires because v3d_get_multisync_post_deps() returns\nimmediately when count is zero, leaving both fields at zero on every\niteration. The result is an infinite loop in kernel context, blocking\nthe calling thread and pegging a CPU core indefinitely.\n\nFix this by rejecting a multisync extension where both in_sync_count\nand out_sync_count are zero in v3d_get_multisync_submit_deps(). An\nempty multisync carries no synchronization information and serves no\nuseful purpose, so returning -EINVAL for such an extension is the\ncorrect defense against this attack vector."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/v3d/v3d_submit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e4165ae8304e5ea822fbe5909dd3be5445c058b7","lessThan":"309abbddeca0c12714721928a819ef45e5710998","versionType":"git","status":"affected"},{"version":"e4165ae8304e5ea822fbe5909dd3be5445c058b7","lessThan":"4fa42a249e8cd6ed17aea04e5695b6e9001f2433","versionType":"git","status":"affected"},{"version":"e4165ae8304e5ea822fbe5909dd3be5445c058b7","lessThan":"9c5164781cb388d219d8f49fa0f0b04cf86ad544","versionType":"git","status":"affected"},{"version":"e4165ae8304e5ea822fbe5909dd3be5445c058b7","lessThan":"fb44d589bf3148e13452185a6e772a7efbf2d684","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/v3d/v3d_submit.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.9","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.18.33","matchCriteriaId":"EDD8915F-95A2-4775-95AB-A1723BAAF160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.9","matchCriteriaId":"33ACA10B-B260-46EA-BD50-70EBE5097672"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/309abbddeca0c12714721928a819ef45e5710998","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4fa42a249e8cd6ed17aea04e5695b6e9001f2433","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9c5164781cb388d219d8f49fa0f0b04cf86ad544","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb44d589bf3148e13452185a6e772a7efbf2d684","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-5067","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-09T06:16:53.920","lastModified":"2026-07-08T13:27:22.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when the input length reaches the buffer size. During upgrade handling the buffer is copied to a local stack buffer and passed to strlen(); if no NUL exists in-bounds, strlen() reads beyond the stack buffer and subsequent concatenation with the WebSocket magic string can write out of bounds. This leads to out-of-bounds read and write on stack memory, resulting in crash (denial of service) and potentially code execution. The path is reachable when CONFIG_HTTP_SERVER_WEBSOCKET is enabled."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"3.7.0","lessThanOrEqual":"4.3.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:11:48.752906Z","id":"CVE-2026-5067","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-170"},{"lang":"en","value":"CWE-787"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndIncluding":"4.3.0","matchCriteriaId":"D6DCCDB1-3B65-4C26-8AE2-05613439A5BF"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgr4-9pwq-94vj","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-wgr4-9pwq-94vj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-5068","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-06-09T08:16:29.073","lastModified":"2026-07-08T13:25:38.863","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf) and the chosen RX pool has a user_data_size smaller than 2 bytes, the segmentation counter stored in the net_buf user_data area is written out of bounds in l2cap_chan_le_recv_seg (subsys/bluetooth/host/l2cap.c). The observed effects are an AddressSanitizer abort and, without ASan, heap corruption / fatal error."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject-rtos","product":"Zephyr","defaultStatus":"unaffected","packageName":"Zephyr","repo":"https://github.com/zephyrproject-rtos/zephyr","versions":[{"version":"1.14.0","lessThanOrEqual":"4.3.0","versionType":"git","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T13:10:35.371642Z","id":"CVE-2026-5068","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.0","matchCriteriaId":"564F6A70-E4D2-48E8-8A18-1B0A22ECFD24"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qrcq-hxwj-mqxm","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46315","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T09:16:30.330","lastModified":"2026-07-08T14:50:49.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/waitid: clear waitid info before copying it to userspace\n\nIORING_OP_WAITID stores its result fields in struct io_waitid::info and\nlater copies them to userspace siginfo. The prep path initializes the\nrequest arguments, but it does not initialize info itself.\n\nIf the wait operation completes without reporting a child event, the common\nwait code can return without writing wo_info. In that case io_waitid_finish()\nstill copies iw->info to userspace, exposing stale bytes from the reused\nio_kiocb command storage.\n\nClear the result storage during prep so the io_uring path matches the\nregular waitid syscall, which uses a zero-initialized struct waitid_info."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["io_uring/waitid.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f31ecf671ddc498f20219453395794ff2383e06b","lessThan":"954518e5a4a5efc5033253f6e36fc7b9f98363a3","versionType":"git","status":"affected"},{"version":"f31ecf671ddc498f20219453395794ff2383e06b","lessThan":"b737c6612c60c23b40a9f31749b99e6f61943847","versionType":"git","status":"affected"},{"version":"f31ecf671ddc498f20219453395794ff2383e06b","lessThan":"4d2a0de611ab60d02fc768ae0cd5918b16bd5474","versionType":"git","status":"affected"},{"version":"f31ecf671ddc498f20219453395794ff2383e06b","lessThan":"93d93f5f8da791e98159795c6ef683f45bd95d13","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["io_uring/waitid.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4d2a0de611ab60d02fc768ae0cd5918b16bd5474","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/93d93f5f8da791e98159795c6ef683f45bd95d13","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/954518e5a4a5efc5033253f6e36fc7b9f98363a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b737c6612c60c23b40a9f31749b99e6f61943847","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-10263","sourceIdentifier":"arm-security@arm.com","published":"2026-06-09T10:16:33.003","lastModified":"2026-07-08T13:16:24.490","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level."}],"affected":[{"source":"arm-security@arm.com","affectedData":[{"vendor":"Arm","product":"C1-Ultra","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"C1-Premium","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse V3","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse V3AE","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse V1","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse N2","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Neoverse N1","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X925","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X4","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X3","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X2","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X1","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-X1C","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A710","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A78","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A78AE","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A78C","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A77","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A76","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]},{"vendor":"Arm","product":"Cortex-A76AE","defaultStatus":"unaffected","versions":[{"version":"0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CRB (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux NFV (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux RT (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux for NVIDIA 26","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T14:11:21.775441Z","id":"CVE-2025-10263","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"arm-security@arm.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"references":[{"url":"https://developer.arm.com/documentation/112137","source":"arm-security@arm.com"},{"url":"http://www.openwall.com/lists/oss-security/2026/06/09/13","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-493.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2026:34911","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36018","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36348","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36349","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2025-10263","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2486958","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10263.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46317","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.000","lastModified":"2026-07-08T14:50:10.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Reassign nested_mmus array behind mmu_lock\n\nkvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the\nMMU notifier path (kvm_unmap_gfn_range() -> kvm_nested_s2_unmap()), which\ncan run at any time. kvm_vcpu_init_nested() reallocates the array and frees\nthe old buffer while holding only kvm->arch.config_lock, so such a walker\ncan reference the freed array.\n\nAllocate the new array outside of mmu_lock, as the allocation can sleep.\nUnder the lock, copy the existing entries, fix up the back pointers and\nreassign the array. Free the old buffer after dropping the lock, as\nkvfree() can sleep as well."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["arch/arm64/kvm/nested.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4f128f8e1aaac189f83d0f828bcdb2986d8d2e51","lessThan":"918450ad6010df6ecd2efde12a1409e011da22d6","versionType":"git","status":"affected"},{"version":"4f128f8e1aaac189f83d0f828bcdb2986d8d2e51","lessThan":"4424dbcb06d68e34e51c019a5781a7dc00731971","versionType":"git","status":"affected"},{"version":"4f128f8e1aaac189f83d0f828bcdb2986d8d2e51","lessThan":"70543358fa08e0f7cebc3447c3b70fe97ad7aaa8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["arch/arm64/kvm/nested.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11","versionEndExcluding":"6.18.35","matchCriteriaId":"CB828803-5FA4-4A1C-A77D-0A10A2BAFDC6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4424dbcb06d68e34e51c019a5781a7dc00731971","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70543358fa08e0f7cebc3447c3b70fe97ad7aaa8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/918450ad6010df6ecd2efde12a1409e011da22d6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46318","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.107","lastModified":"2026-07-08T14:49:56.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/hugetlbfs: update hugetlbfs to use mmap_prepare\"\n\nThis reverts commit ea52cb24cd3f (\"mm/hugetlbfs: update hugetlbfs to use\nmmap_prepare\") with conflict resolution to account for changes in commit\nea52cb24cd3f (\"mm/hugetlbfs: update hugetlbfs to use mmap_prepare\").\n\nThe patch incorrectly handled hugetlb VMA lock allocation at the\nmmap_prepare stage, where a failed allocation occurring after mmap_prepare\nis called might result in the lock leaking.\n\nThere is no risk of a merge causing a similar issues, as\nVMA_DONTEXPAND_BIT is set for hugetlb mappings.\n\nAs a first step in addressing this issue, simply revert the change so we\ncan rework how we do this having corrected the underlying issues.\n\nWe maintain the VMA flags changes as best we can, accounting for the fact\nthat we were working with a VMA descriptor previously and propagating\nlike-for-like changes for this.\n\nNote that we invoke vma_set_flags() and do not call vma_start_write() as\nvm_flags_set() does.  This is OK as it's being done in an .mmap hook where\nthe VMA is not yet linked into the tree so nobody else can be accessing\nit."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/hugetlbfs/inode.c","include/linux/hugetlb.h","include/linux/hugetlb_inline.h","mm/hugetlb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ea52cb24cd3fb121283754ab82b2cb3044609359","lessThan":"3af5fc3f0ac98c624c109c8c0796fa46e814344c","versionType":"git","status":"affected"},{"version":"ea52cb24cd3fb121283754ab82b2cb3044609359","lessThan":"83f9efcce93f8574be2279090ee2aec58b86cda7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/hugetlbfs/inode.c","include/linux/hugetlb.h","include/linux/hugetlb_inline.h","mm/hugetlb.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.19","status":"affected"},{"version":"0","lessThan":"6.19","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3af5fc3f0ac98c624c109c8c0796fa46e814344c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83f9efcce93f8574be2279090ee2aec58b86cda7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46320","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.373","lastModified":"2026-07-08T16:27:27.703","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntap: free page on error paths in tap_get_user_xdp()\n\ntap_get_user_xdp() rejects a frame shorter than ETH_HLEN with -EINVAL,\nand returns -ENOMEM when build_skb() fails. Both paths jump to the err\nlabel without freeing the page that vhost_net_build_xdp() allocated for\nthe frame. tap_sendmsg() discards the per-buffer return value and always\nreturns 0, so vhost_tx_batch() takes the success path and never frees\nthe page; each rejected frame in a batch leaks one page-frag chunk.\n\nFree the page on both error paths, before the skb is built. This is the\ntap counterpart of the same leak in tun_xdp_one()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/tap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0efac27791ee068075d80f07c55a229b1335ce12","lessThan":"8d03e65eb6cfbffec471a6b65416f93679bf3286","versionType":"git","status":"affected"},{"version":"0efac27791ee068075d80f07c55a229b1335ce12","lessThan":"f979971835dddbca86cf99e3b2e2b94a408a1ab2","versionType":"git","status":"affected"},{"version":"0efac27791ee068075d80f07c55a229b1335ce12","lessThan":"3f52a86a482a69294c50a5a2a097bd6f4104990a","versionType":"git","status":"affected"},{"version":"0efac27791ee068075d80f07c55a229b1335ce12","lessThan":"d30aac0fa00ca0afc3e08174cf7f974a66bdcf05","versionType":"git","status":"affected"},{"version":"0efac27791ee068075d80f07c55a229b1335ce12","lessThan":"d68eab61944a9b0826fa2e954e42db1aa3201b7a","versionType":"git","status":"affected"},{"version":"0efac27791ee068075d80f07c55a229b1335ce12","lessThan":"e27c17346628cb56843a83f93ac63c314c00f388","versionType":"git","status":"affected"},{"version":"0efac27791ee068075d80f07c55a229b1335ce12","lessThan":"18a84c35842e19cd3c5534d8cee73d31863f696d","versionType":"git","status":"affected"},{"version":"0efac27791ee068075d80f07c55a229b1335ce12","lessThan":"3bcf7aec6a9d16438f2cec29f5d7c8d5b8edf9b2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/tap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.259","matchCriteriaId":"E9DE7899-6954-4BE5-89B6-A96342AF8401"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/18a84c35842e19cd3c5534d8cee73d31863f696d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3bcf7aec6a9d16438f2cec29f5d7c8d5b8edf9b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3f52a86a482a69294c50a5a2a097bd6f4104990a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d03e65eb6cfbffec471a6b65416f93679bf3286","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d30aac0fa00ca0afc3e08174cf7f974a66bdcf05","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d68eab61944a9b0826fa2e954e42db1aa3201b7a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e27c17346628cb56843a83f93ac63c314c00f388","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f979971835dddbca86cf99e3b2e2b94a408a1ab2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46321","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.473","lastModified":"2026-07-08T16:23:55.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntun: free page on short-frame rejection in tun_xdp_one()\n\ntun_xdp_one() returns -EINVAL on a frame shorter than ETH_HLEN without\nfreeing the page that vhost_net_build_xdp() allocated for it.\ntun_sendmsg() discards that -EINVAL and still returns total_len, so\nvhost_tx_batch() takes the success path and never frees the page; each\nshort frame in a batch leaks one page-frag chunk.\n\nA local process that can open /dev/net/tun and /dev/vhost-net can hit\nthis path: it attaches a tun/tap device as the vhost-net backend and\nfeeds TX descriptors whose length minus the virtio-net header is below\nETH_HLEN. Each kick leaks the page-frag chunks for that batch, and a\ntight submission loop exhausts host memory and triggers an OOM panic.\nFree the page before returning -EINVAL, matching the XDP-program error\npath in the same function."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/tun.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6100e0237204890269e3f934acfc50d35fd6f319","lessThan":"0a6f46a9332ad6958992d64d3b3a81a80b2ca940","versionType":"git","status":"affected"},{"version":"589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2","lessThan":"0e8211fcf9426f5adddf32516ba0f400ceb9544d","versionType":"git","status":"affected"},{"version":"ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146","lessThan":"e915445942af6dcea628bf66d6241641201a0c41","versionType":"git","status":"affected"},{"version":"d5ad89b7d01ed4e66fd04734fc63d6e78536692a","lessThan":"5b34f9e4fe2f203724a6e893d6df0316b9670057","versionType":"git","status":"affected"},{"version":"049584807f1d797fc3078b68035450a9769eb5c3","lessThan":"69863ff2720a0e9871f1a5710f2a33a94217fee0","versionType":"git","status":"affected"},{"version":"049584807f1d797fc3078b68035450a9769eb5c3","lessThan":"37a1c268c2c8090bf4dc552d732bd23ba36f8eb0","versionType":"git","status":"affected"},{"version":"049584807f1d797fc3078b68035450a9769eb5c3","lessThan":"98c67be9eb9de72465a071949e84a3cdb8fab5a3","versionType":"git","status":"affected"},{"version":"049584807f1d797fc3078b68035450a9769eb5c3","lessThan":"f4feb1e20058e407cb00f45aff47f5b7e19a6bbf","versionType":"git","status":"affected"},{"version":"32b0aaba5dbc85816898167d9b5d45a22eae82e9","versionType":"git","status":"affected"},{"version":"a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb","versionType":"git","status":"affected"},{"version":"8418f55302fa1d2eeb73e16e345167e545c598a5","versionType":"git","status":"affected"},{"version":"5.10.223","lessThan":"5.10.259","versionType":"semver","status":"affected"},{"version":"5.15.164","lessThan":"5.15.210","versionType":"semver","status":"affected"},{"version":"6.1.102","lessThan":"6.1.176","versionType":"semver","status":"affected"},{"version":"6.6.43","lessThan":"6.6.143","versionType":"semver","status":"affected"},{"version":"5.4.281","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"6.9.12","lessThan":"6.10","versionType":"semver","status":"affected"},{"version":"6.10.2","lessThan":"6.11","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/tun.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.11","status":"affected"},{"version":"0","lessThan":"6.11","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":4.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.281","versionEndExcluding":"5.5","matchCriteriaId":"9247B8C6-D97A-4CCC-B960-AFD2F536EFC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.223","versionEndExcluding":"5.10.259","matchCriteriaId":"F8D8E517-E90E-4A05-B563-DF7F717264E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.164","versionEndExcluding":"5.15.210","matchCriteriaId":"4C7A70B4-6094-4392-99CE-5713E2A31596"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.102","versionEndExcluding":"6.1.176","matchCriteriaId":"650D4114-2C4E-4BF7-8AB9-4CC4104FEC16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.43","versionEndExcluding":"6.6.143","matchCriteriaId":"5AF81631-4260-4438-AE5B-61C04CA0BAA0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9.12","versionEndExcluding":"6.10","matchCriteriaId":"1FA62583-78C1-42CE-900B-6D2B268EAED2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10.2","versionEndExcluding":"6.12.93","matchCriteriaId":"DAD5D9AB-C0E6-44DF-8475-306495552E60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.35","matchCriteriaId":"0FCCB23A-7629-4386-93B6-B119237C4382"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0a6f46a9332ad6958992d64d3b3a81a80b2ca940","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0e8211fcf9426f5adddf32516ba0f400ceb9544d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/37a1c268c2c8090bf4dc552d732bd23ba36f8eb0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5b34f9e4fe2f203724a6e893d6df0316b9670057","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/69863ff2720a0e9871f1a5710f2a33a94217fee0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/98c67be9eb9de72465a071949e84a3cdb8fab5a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e915445942af6dcea628bf66d6241641201a0c41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f4feb1e20058e407cb00f45aff47f5b7e19a6bbf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46322","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.603","lastModified":"2026-07-08T16:07:40.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntun: free page on build_skb failure in tun_xdp_one()\n\nWhen build_skb() fails in tun_xdp_one(), the function sets ret to\n-ENOMEM and jumps to the out label, which returns without freeing the\npage that vhost_net_build_xdp() allocated for the frame. As with the\nshort-frame rejection path, tun_sendmsg() discards the per-buffer error\nand still returns total_len, so vhost_tx_batch() takes the success path\nand never frees the page. Each build_skb() failure in a batch leaks one\npage-frag chunk.\n\nFree the page before taking the error path, matching the put_page() the\nother error exits of tun_xdp_one() already perform."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/tun.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"043d222f93ab8c76b56a3b315cd8692e35affb6c","lessThan":"26fe549b5192536b6c1c68a2dfdc8c0dcf9fa4a9","versionType":"git","status":"affected"},{"version":"043d222f93ab8c76b56a3b315cd8692e35affb6c","lessThan":"793385c154771603b8671dd8338927221e9d8d78","versionType":"git","status":"affected"},{"version":"043d222f93ab8c76b56a3b315cd8692e35affb6c","lessThan":"2638a9c1521905bb5c5d1e95c8fbc09f79148ed7","versionType":"git","status":"affected"},{"version":"043d222f93ab8c76b56a3b315cd8692e35affb6c","lessThan":"60d9c0d6cdde5420d6483c921b16fe5465eb5238","versionType":"git","status":"affected"},{"version":"043d222f93ab8c76b56a3b315cd8692e35affb6c","lessThan":"d16e38fac09a47bfcf98c1ad65a1bb53f94540f5","versionType":"git","status":"affected"},{"version":"043d222f93ab8c76b56a3b315cd8692e35affb6c","lessThan":"aa308e9dbb9acb17cacdbbce9e4504f69bac8385","versionType":"git","status":"affected"},{"version":"043d222f93ab8c76b56a3b315cd8692e35affb6c","lessThan":"4fefc6156a162a9f50035c12091a5e5130c82c6e","versionType":"git","status":"affected"},{"version":"043d222f93ab8c76b56a3b315cd8692e35affb6c","lessThan":"aa8963fdce667a42fb7f0bdd2909fadcab02f9a8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/tun.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.20","status":"affected"},{"version":"0","lessThan":"4.20","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":4.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.10.259","matchCriteriaId":"E9DE7899-6954-4BE5-89B6-A96342AF8401"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.93","matchCriteriaId":"1E73413E-0629-41AA-A4D3-5A3D10A0BD63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.35","matchCriteriaId":"0FCCB23A-7629-4386-93B6-B119237C4382"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2638a9c1521905bb5c5d1e95c8fbc09f79148ed7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/26fe549b5192536b6c1c68a2dfdc8c0dcf9fa4a9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4fefc6156a162a9f50035c12091a5e5130c82c6e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/60d9c0d6cdde5420d6483c921b16fe5465eb5238","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/793385c154771603b8671dd8338927221e9d8d78","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aa308e9dbb9acb17cacdbbce9e4504f69bac8385","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aa8963fdce667a42fb7f0bdd2909fadcab02f9a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d16e38fac09a47bfcf98c1ad65a1bb53f94540f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46323","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.753","lastModified":"2026-07-08T16:01:33.167","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don't merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn't hold a reference\non the pages in shinfo->frags. Appending those frags to another skb's\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don't merge the skbs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/gro.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"753f1ca4e1e50248a1b760c9774d6d6b354562cc","lessThan":"3c6cc9f2ca65b6dd61b1af75452dc0e1cd0aad8d","versionType":"git","status":"affected"},{"version":"753f1ca4e1e50248a1b760c9774d6d6b354562cc","lessThan":"1f9c828556416fbe3f49386708ce999fc4d4da06","versionType":"git","status":"affected"},{"version":"753f1ca4e1e50248a1b760c9774d6d6b354562cc","lessThan":"479084ae0e1d9cb7929cb4298d35623de189f80a","versionType":"git","status":"affected"},{"version":"753f1ca4e1e50248a1b760c9774d6d6b354562cc","lessThan":"e334cbf3388fd9334503a778a82d9e9f14dd2f71","versionType":"git","status":"affected"},{"version":"753f1ca4e1e50248a1b760c9774d6d6b354562cc","lessThan":"44bea2032af0425e4ce6d26a8af0ede79db49ec1","versionType":"git","status":"affected"},{"version":"753f1ca4e1e50248a1b760c9774d6d6b354562cc","lessThan":"4db79a322db8c97f7b73b8a347395ef4d685eb40","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/gro.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:9.4::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus:9.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::crb"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time for NFV (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::nfv"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time E4S (v.9.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.4::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Real Time (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::realtime"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux for NVIDIA 26","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-123"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.1.176","matchCriteriaId":"8D193E9E-2E9B-468E-B920-AD1EA1BA82C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1f9c828556416fbe3f49386708ce999fc4d4da06","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3c6cc9f2ca65b6dd61b1af75452dc0e1cd0aad8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/44bea2032af0425e4ce6d26a8af0ede79db49ec1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/479084ae0e1d9cb7929cb4298d35623de189f80a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4db79a322db8c97f7b73b8a347395ef4d685eb40","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e334cbf3388fd9334503a778a82d9e9f14dd2f71","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/errata/RHSA-2026:27708","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:27731","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:27735","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:36018","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-46323","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479832","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46323.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46324","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T13:16:37.893","lastModified":"2026-07-08T16:01:14.897","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: use list_del_rcu for netlink hooks\n\nnft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need\nto use list_del_rcu(), this list can be walked by concurrent dumpers.\n\nAdd a new helper and use it consistently."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nf_tables_api.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f9a43007d3f7ba76d5e7f9421094f00f2ef202f8","lessThan":"0bd93ce4f3c35e845532184331d7917d7e562c80","versionType":"git","status":"affected"},{"version":"f9a43007d3f7ba76d5e7f9421094f00f2ef202f8","lessThan":"0f33e8ad6ac563ae2233dd7f75884e0ee010521d","versionType":"git","status":"affected"},{"version":"f9a43007d3f7ba76d5e7f9421094f00f2ef202f8","lessThan":"f3224ee463f8f6f6ced7dcdf6081add4f8128527","versionType":"git","status":"affected"},{"version":"c73955a09408e7374d9abfd0e78ce3de9cda0635","versionType":"git","status":"affected"},{"version":"b09e6ccf0d12f9356e8e3508d3e3dce126298538","versionType":"git","status":"affected"},{"version":"3fac8ce48fa9fd61ee9056d3ed48b2edefca8b82","versionType":"git","status":"affected"},{"version":"9c413a8c8bb49cc16796371805ecb260e885bb2b","versionType":"git","status":"affected"},{"version":"a3940dcf552f2393d1e8f263b386593f98abe829","versionType":"git","status":"affected"},{"version":"86c0154f4c3a56c5db8b9dd09e3ce885382c2c19","versionType":"git","status":"affected"},{"version":"4.19.316","lessThan":"4.20","versionType":"semver","status":"affected"},{"version":"5.4.262","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.10.198","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"5.15.45","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"5.17.13","lessThan":"5.18","versionType":"semver","status":"affected"},{"version":"5.18.2","lessThan":"5.19","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nf_tables_api.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.316","versionEndExcluding":"4.20","matchCriteriaId":"76EC9BF9-9775-4D90-B594-4C2AB71E1F86"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.262","versionEndExcluding":"5.5","matchCriteriaId":"5CE7F771-8144-4AEC-B6E3-5F4830BD8EB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.198","versionEndExcluding":"5.11","matchCriteriaId":"A20D6F0B-10EA-4D52-B766-E4BFA489BA15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.45","versionEndExcluding":"5.16","matchCriteriaId":"32E6E5DC-4DF1-444A-A2F8-9AB9B8BBA04C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.17.13","versionEndExcluding":"5.18","matchCriteriaId":"91C8C459-1749-4BA8-B57B-E19335243827"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18.2","versionEndExcluding":"6.18.33","matchCriteriaId":"A5B87DBD-FE39-4120-A231-D0EB92914643"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0bd93ce4f3c35e845532184331d7917d7e562c80","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0f33e8ad6ac563ae2233dd7f75884e0ee010521d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f3224ee463f8f6f6ced7dcdf6081add4f8128527","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46325","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T14:16:42.177","lastModified":"2026-07-08T15:54:35.213","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE\n\nThe current implementation incorrectly handles memory regions (MRs) with\npage sizes different from the system PAGE_SIZE. The core issue is that\nrxe_set_page() is called with mr->page_size step increments, but the\npage_list stores individual struct page pointers, each representing\nPAGE_SIZE of memory.\n\nib_sg_to_page() has ensured that when i>=1 either\na) SG[i-1].dma_end and SG[i].dma_addr are contiguous\nor\nb) SG[i-1].dma_end and SG[i].dma_addr are mr->page_size aligned.\n\nThis leads to incorrect iova-to-va conversion in scenarios:\n\n1) page_size < PAGE_SIZE (e.g., MR: 4K, system: 64K):\n   ibmr->iova = 0x181800\n   sg[0]: dma_addr=0x181800, len=0x800\n   sg[1]: dma_addr=0x173000, len=0x1000\n\n   Access iova = 0x181800 + 0x810 = 0x182010\n   Expected VA: 0x173010 (second SG, offset 0x10)\n   Before fix:\n     - index = (0x182010 >> 12) - (0x181800 >> 12) = 1\n     - page_offset = 0x182010 & 0xFFF = 0x10\n     - xarray[1] stores system page base 0x170000\n     - Resulting VA: 0x170000 + 0x10 = 0x170010 (wrong)\n\n2) page_size > PAGE_SIZE (e.g., MR: 64K, system: 4K):\n   ibmr->iova = 0x18f800\n   sg[0]: dma_addr=0x18f800, len=0x800\n   sg[1]: dma_addr=0x170000, len=0x1000\n\n   Access iova = 0x18f800 + 0x810 = 0x190010\n   Expected VA: 0x170010 (second SG, offset 0x10)\n   Before fix:\n     - index = (0x190010 >> 16) - (0x18f800 >> 16) = 1\n     - page_offset = 0x190010 & 0xFFFF = 0x10\n     - xarray[1] stores system page for dma_addr 0x170000\n     - Resulting VA: system page of 0x170000 + 0x10 = 0x170010 (wrong)\n\nYi Zhang reported a kernel panic[1] years ago related to this defect.\n\nSolution:\n1. Replace xarray with pre-allocated rxe_mr_page array for sequential\n   indexing (all MR page indices are contiguous)\n2. Each rxe_mr_page stores both struct page* and offset within the\n   system page\n3. Handle MR page_size != PAGE_SIZE relationships:\n   - page_size > PAGE_SIZE: Split MR pages into multiple system pages\n   - page_size <= PAGE_SIZE: Store offset within system page\n4. Add boundary checks and compatibility validation\n\nThis ensures correct iova-to-va conversion regardless of MR page size\nand system PAGE_SIZE relationship, while improving performance through\narray-based sequential access.\n\nTests on 4K and 64K PAGE_SIZE hosts:\n- rdma-core/pytests\n  $ ./build/bin/run_tests.py  --dev eth0_rxe\n- blktest:\n  $ TIMEOUT=30 QUICK_RUN=1 USE_RXE=1 NVMET_TRTYPES=rdma ./check nvme srp rnbd\n\n[1] https://lore.kernel.org/all/CAHj4cs9XRqE25jyVw9rj9YugffLn5+f=1znaBEnu1usLOciD+g@mail.gmail.com/T/"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/sw/rxe/rxe_mr.c","drivers/infiniband/sw/rxe/rxe_verbs.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"592627ccbdff0ec6fff00fc761142a76db750dd4","lessThan":"409c2c5508f3d30627bea576f8676de523cb906e","versionType":"git","status":"affected"},{"version":"592627ccbdff0ec6fff00fc761142a76db750dd4","lessThan":"836f6c13c9674027793f720be3f15ecd2b90b6ca","versionType":"git","status":"affected"},{"version":"592627ccbdff0ec6fff00fc761142a76db750dd4","lessThan":"12985e5915a0b8354796efadaaeb201eed115377","versionType":"git","status":"affected"},{"version":"0e443760b8b7b1e6723f4408afa056b2bc4fea12","versionType":"git","status":"affected"},{"version":"6.2.3","lessThan":"6.3","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/sw/rxe/rxe_mr.c","drivers/infiniband/sw/rxe/rxe_verbs.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.3","versionEndExcluding":"6.18.14","matchCriteriaId":"372F28D4-9F28-4024-B964-DE55031C23BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12985e5915a0b8354796efadaaeb201eed115377","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/409c2c5508f3d30627bea576f8676de523cb906e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/836f6c13c9674027793f720be3f15ecd2b90b6ca","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46326","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T14:16:42.300","lastModified":"2026-07-08T15:53:41.217","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niio: pressure: mprls0025pa: fix spi_transfer struct initialisation\n\nMake sure that the spi_transfer struct is zeroed out before use."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iio/pressure/mprls0025pa_spi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a0858f0cd28e822b91376ae288d5548bc1847531","lessThan":"72158f9ae29a9e56d0f9704ce461a866feaf9925","versionType":"git","status":"affected"},{"version":"a0858f0cd28e822b91376ae288d5548bc1847531","lessThan":"664ffdf34c01810085e4d85508b361c3fdd2ab40","versionType":"git","status":"affected"},{"version":"a0858f0cd28e822b91376ae288d5548bc1847531","lessThan":"9080c7ac30f5f8f8fcb7b27b56df60fea7909c21","versionType":"git","status":"affected"},{"version":"a0858f0cd28e822b91376ae288d5548bc1847531","lessThan":"1e0ac56c92e26115cbc8cfc639843725cb3a7d6a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iio/pressure/mprls0025pa_spi.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.75","matchCriteriaId":"F8A1C6F6-2847-4C53-ABFC-8F07D96900D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1e0ac56c92e26115cbc8cfc639843725cb3a7d6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/664ffdf34c01810085e4d85508b361c3fdd2ab40","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/72158f9ae29a9e56d0f9704ce461a866feaf9925","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9080c7ac30f5f8f8fcb7b27b56df60fea7909c21","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46327","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T14:16:42.400","lastModified":"2026-07-08T20:02:54.877","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix unlocked test for dm_suspended_md\n\nThe function dm_blk_report_zones tests if the device is suspended with\nthe \"dm_suspended_md\" call. However, this function is called without\nholding any locks, so the device may be suspended just after it.\n\nMove the call to dm_suspended_md after dm_get_live_table, so that the\ndevice can't be suspended after the suspended state was tested."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/md/dm-zone.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f9c1bdf24615303d48a2d0fd629c88f3189563aa","lessThan":"175ac0a6115400278d3900f5a04a58b17b3f6cd0","versionType":"git","status":"affected"},{"version":"37f53a2c60d03743e0eacf7a0c01c279776fef4e","lessThan":"7a3385e97af2b6f485fef11e82d8c29adee4be93","versionType":"git","status":"affected"},{"version":"37f53a2c60d03743e0eacf7a0c01c279776fef4e","lessThan":"d809a36692ee1394cac85ce6ba7cf8ea58da5812","versionType":"git","status":"affected"},{"version":"37f53a2c60d03743e0eacf7a0c01c279776fef4e","lessThan":"24c405fdbe215c45e57bba672cc42859038491ee","versionType":"git","status":"affected"},{"version":"d19bc1b4dd5f322980b1f05f79b2ea4f0db10920","versionType":"git","status":"affected"},{"version":"6.12.34","lessThan":"6.12.75","versionType":"semver","status":"affected"},{"version":"6.15.3","lessThan":"6.16","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/md/dm-zone.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.34","versionEndExcluding":"6.12.75","matchCriteriaId":"A8DAA245-0057-42FC-8AC1-567AF3D93866"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.3","versionEndExcluding":"6.18.14","matchCriteriaId":"BBB52BEE-CB23-4AC5-9EB1-563B3501A7DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/175ac0a6115400278d3900f5a04a58b17b3f6cd0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24c405fdbe215c45e57bba672cc42859038491ee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7a3385e97af2b6f485fef11e82d8c29adee4be93","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d809a36692ee1394cac85ce6ba7cf8ea58da5812","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46328","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T14:16:42.500","lastModified":"2026-07-08T16:16:52.980","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: fix rlimit for posix cpu timers\n\nPosix cpu timers requires an additional step beyond setting the rlimit.\nRefactor the code so its clear when what code is setting the\nlimit and conditionally update the posix cpu timers when appropriate."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["security/apparmor/resource.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"baa73d9e478ff32d62f3f9422822b59dd9a95a21","lessThan":"e1cc11550b2f66687a374536c9dfdddcefca0efe","versionType":"git","status":"affected"},{"version":"baa73d9e478ff32d62f3f9422822b59dd9a95a21","lessThan":"2232d7cd243833ad750cae656d1817fe43744a09","versionType":"git","status":"affected"},{"version":"baa73d9e478ff32d62f3f9422822b59dd9a95a21","lessThan":"28aa93fcfb33b6d580c5df4ae8b6d13fb0e6fcd3","versionType":"git","status":"affected"},{"version":"baa73d9e478ff32d62f3f9422822b59dd9a95a21","lessThan":"1f736dfe27c857b78f8461cd7c3dd9640be74b37","versionType":"git","status":"affected"},{"version":"baa73d9e478ff32d62f3f9422822b59dd9a95a21","lessThan":"e43818b16815c0c2bf933ef28316f8e704e5e0ef","versionType":"git","status":"affected"},{"version":"baa73d9e478ff32d62f3f9422822b59dd9a95a21","lessThan":"9bf1fa150775b0c6b794e4b6a2c0395e13777999","versionType":"git","status":"affected"},{"version":"baa73d9e478ff32d62f3f9422822b59dd9a95a21","lessThan":"57d51d41b90eface809b72e0e009b50546492f1f","versionType":"git","status":"affected"},{"version":"baa73d9e478ff32d62f3f9422822b59dd9a95a21","lessThan":"6ca56813f4a589f536adceb42882855d91fb1125","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["security/apparmor/resource.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.10","status":"affected"},{"version":"0","lessThan":"4.10","versionType":"semver","status":"unaffected"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"5.10.252","matchCriteriaId":"6237C80F-2950-41ED-A424-2872192E5F12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.202","matchCriteriaId":"4002FC2B-1456-4666-B240-0EBF590C4671"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.165","matchCriteriaId":"797C7F46-D0BE-4FB8-A502-C5EF8E6B6654"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.128","matchCriteriaId":"851E9353-6C09-4CC9-877E-E09DB164A3C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.75","matchCriteriaId":"BCE16369-98ED-41CF-8995-DFDC10B288D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1f736dfe27c857b78f8461cd7c3dd9640be74b37","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2232d7cd243833ad750cae656d1817fe43744a09","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/28aa93fcfb33b6d580c5df4ae8b6d13fb0e6fcd3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/57d51d41b90eface809b72e0e009b50546492f1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6ca56813f4a589f536adceb42882855d91fb1125","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bf1fa150775b0c6b794e4b6a2c0395e13777999","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e1cc11550b2f66687a374536c9dfdddcefca0efe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e43818b16815c0c2bf933ef28316f8e704e5e0ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46329","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-09T14:16:42.620","lastModified":"2026-07-08T16:15:40.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: handle end of filesystem properly for file-backed mounts\n\nI/O requests beyond the end of the filesystem should be zeroed out,\nsimilar to loopback devices and that is what we expect."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/erofs/fileio.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ce63cb62d794c98c7631c2296fa845f2a8d0a4a1","lessThan":"8d582d65d20bb4796db01b19e86909ad68cb337b","versionType":"git","status":"affected"},{"version":"ce63cb62d794c98c7631c2296fa845f2a8d0a4a1","lessThan":"e49abde0ffc382a967b24f326d1614ac3bb06a94","versionType":"git","status":"affected"},{"version":"ce63cb62d794c98c7631c2296fa845f2a8d0a4a1","lessThan":"fe4039034dcdf584afbf763787909e28e92a4927","versionType":"git","status":"affected"},{"version":"ce63cb62d794c98c7631c2296fa845f2a8d0a4a1","lessThan":"bc804a8d7e865ef47fb7edcaf5e77d18bf444ebc","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/erofs/fileio.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.75","matchCriteriaId":"91F4DDF8-DCB5-433F-9A96-EB7DD49CF8DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.14","matchCriteriaId":"BF463CB7-1F58-4607-B847-77ED23E4B9B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.4","matchCriteriaId":"672A3E79-EC03-479D-8503-361DFBDC8092"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8d582d65d20bb4796db01b19e86909ad68cb337b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc804a8d7e865ef47fb7edcaf5e77d18bf444ebc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e49abde0ffc382a967b24f326d1614ac3bb06a94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fe4039034dcdf584afbf763787909e28e92a4927","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45447","sourceIdentifier":"openssl-security@openssl.org","published":"2026-06-09T17:17:19.277","lastModified":"2026-07-08T13:16:47.377","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Issue summary: A specially crafted PKCS#7 or S/MIME signed message could\ntrigger a use-after-free during PKCS#7 signature verification.\n\nImpact summary: A use-after-free may result in process crashes, heap\ncorruption, or potentially remote code execution.\n\nWhen processing a PKCS#7 or S/MIME signed message, if the SignedData\ndigestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may\nincorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent\nuse of the BIO by the calling application results in a use-after-free\ncondition.\n\nIn the common case this occurs when the application later calls\nBIO_free() on the BIO originally passed to PKCS7_verify(). Depending\non allocator behavior and application-specific BIO usage patterns, this\nmay result in a crash or other memory corruption. In some application\ncontexts this may potentially be exploitable for remote code execution.\n\nApplications that process PKCS#7 or S/MIME signed messages using OpenSSL\nPKCS#7 APIs may be affected. Applications using the CMS APIs for this\nprocessing are not affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."}],"affected":[{"source":"openssl-security@openssl.org","affectedData":[{"vendor":"OpenSSL","product":"OpenSSL","defaultStatus":"unaffected","versions":[{"version":"4.0.0","lessThan":"4.0.1","versionType":"semver","status":"affected"},{"version":"3.6.0","lessThan":"3.6.3","versionType":"semver","status":"affected"},{"version":"3.5.0","lessThan":"3.5.7","versionType":"semver","status":"affected"},{"version":"3.4.0","lessThan":"3.4.6","versionType":"semver","status":"affected"},{"version":"3.0.0","lessThan":"3.0.21","versionType":"semver","status":"affected"},{"version":"1.1.1","lessThan":"1.1.1zh","versionType":"custom","status":"affected"},{"version":"1.0.2","lessThan":"1.0.2zq","versionType":"custom","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 9)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.2"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.6)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_eus_long_life:8.6::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_e4s:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_tus:8.8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux BaseOS (v. 9)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9::baseos"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Insights proxy 1.5","defaultStatus":"affected","cpes":["cpe:/a:redhat:insights_proxy:1.5::el9"]},{"vendor":"Red Hat","product":"Red Hat Update Infrastructure 5","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhui:5::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-10T03:59:38.212378Z","id":"CVE-2026-45447","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"openssl-security@openssl.org","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-825"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.2","versionEndExcluding":"1.0.2zq","matchCriteriaId":"F534B804-67B6-49DA-8A86-0FF21E512908"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.1","versionEndExcluding":"1.1.1zh","matchCriteriaId":"43EFE1E3-4049-4EE6-A2AE-BDBA38E6870F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.0.21","matchCriteriaId":"EDB88756-EDFE-4886-A267-3F19342A6042"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.4.0","versionEndExcluding":"3.4.6","matchCriteriaId":"BF7E21E7-AEC0-4882-B1F1-2D056B506F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0","versionEndExcluding":"3.5.7","matchCriteriaId":"6B6B9930-C549-4D88-9784-AF32CCDDB87A"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.3","matchCriteriaId":"D41B3C45-EC73-4DC8-989D-B2E2792E102F"},{"vulnerable":true,"criteria":"cpe:2.3:a:openssl:openssl:4.0.0:-:*:*:*:*:*:*","matchCriteriaId":"6E881B9A-1A0A-4BC0-8160-20C00561167D"}]}]}],"references":[{"url":"https://github.com/openssl/openssl/commit/3aad5eb7af4de4ee0633c30a8541a54d9bbde63c","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/7d4a980c62258c5910cc883936e0c8dbab4d75a8","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/9dfd688ad2290fc5075cacbc9bf0c9a93eefed54","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/a541ae8bfe849a30cc885e8780715c0f488e496c","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://github.com/openssl/openssl/commit/c505d7559da5d5f9f2c3913c6883a5562ce7273e","source":"openssl-security@openssl.org","tags":["Patch"]},{"url":"https://openssl-library.org/news/secadv/20260609.txt","source":"openssl-security@openssl.org","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:25237","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:25239","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26275","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:26319","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:29197","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:34102","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:35869","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36215","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36217","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-45447","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481898","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45447.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-46625","sourceIdentifier":"security-advisories@github.com","published":"2026-06-10T22:16:59.613","lastModified":"2026-07-08T13:16:49.640","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign() helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's \"__proto__\" member is an own enumerable property, so the for…in enumerates it and the target[key] = source[key] write triggers the Object.prototype.__proto__ setter on the fresh target ({}). The result is a per-instance prototype hijack: Object.prototype itself is untouched, but the merged attributes object now inherits attacker-controlled keys. Because the consuming set() function then enumerates the merged object with another for...in, every key the attacker placed on the polluted prototype lands in the resulting Set-Cookie string as an attribute pair. The attacker can set domain=, secure=, samesite=, expires=, and path= on cookies whose attributes the developer thought were locked down. This issue has been patched in version 3.0.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"js-cookie","product":"js-cookie","versions":[{"version":"< 3.0.7","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security for Kubernetes 4.10","defaultStatus":"affected","cpes":["cpe:/a:redhat:advanced_cluster_security:4.10::el8"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Service Mesh 3.3","defaultStatus":"affected","cpes":["cpe:/a:redhat:service_mesh:3.3::el9"]},{"vendor":"Red Hat","product":"Cryostat 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:cryostat:4"]},{"vendor":"Red Hat","product":"OpenShift Lightspeed","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_lightspeed"]},{"vendor":"Red Hat","product":"Red Hat 3scale API Management Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:red_hat_3scale_amp:2"]},{"vendor":"Red Hat","product":"Red Hat Developer Hub","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhdh:1"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 7","defaultStatus":"affected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform 8","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"]},{"vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:jbosseapxp"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"unknown","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat Discovery 2","defaultStatus":"unknown","cpes":["cpe:/a:redhat:discovery:2::el9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Self-service automation portal 2","defaultStatus":"unknown","cpes":["cpe:/a:redhat:ansible_portal:2"]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-11T14:46:15.083511Z","id":"CVE-2026-46625","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1321"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020","source":"security-advisories@github.com"},{"url":"https://github.com/js-cookie/js-cookie/releases/tag/v3.0.7","source":"security-advisories@github.com"},{"url":"https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j","source":"security-advisories@github.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:33183","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/errata/RHSA-2026:36625","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://access.redhat.com/security/cve/CVE-2026-46625","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487740","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46625.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-53703","sourceIdentifier":"secalert@redhat.com","published":"2026-06-15T20:16:33.563","lastModified":"2026-07-08T14:17:04.497","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For audio stream header versions 4 and 5, the parser reads fields such as codec type, packet size, sample rate, channel count, and extra codec data length from fixed offsets within the chunk without first checking that the chunk contains enough data. If a malicious file provides an MDPR chunk that is too small to contain a complete audio stream header, the parser reads beyond the end of the buffer. This can cause the application to crash. In some cases, bytes read past the buffer boundary may be incorporated into stream metadata, which could result in limited information disclosure."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:10.2"],"versions":[{"version":"0:1.26.7-2.el10_2.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.22.12-6.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T15:05:30.391525Z","id":"CVE-2026-53703","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36673","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:36674","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-53703","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487613","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-53704","sourceIdentifier":"secalert@redhat.com","published":"2026-06-15T20:16:33.697","lastModified":"2026-07-08T14:17:04.900","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using re_skip_pascal_string() without validating that offsets remain within the mapped buffer. Additionally, the element count controlling the parsing loop is read from attacker-controlled data without validation, which can cause an infinite loop. A crafted RealMedia file can cause the application to crash, hang, or potentially read limited adjacent memory contents."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"versions":[{"version":"0:1.22.12-6.el9_8.1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-ugly-free","cpes":["cpe:/o:redhat:enterprise_linux:8"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T12:46:47.069346Z","id":"CVE-2026-53704","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36674","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-53704","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487614","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-49763","sourceIdentifier":"audit@patchstack.com","published":"2026-06-15T21:17:21.357","lastModified":"2026-07-08T20:16:51.003","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated PHP Object Injection in Integration for Contact Form 7 HubSpot <= 1.3.7 versions."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"CRM Perks","product":"Integration for Contact Form 7 HubSpot","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"cf7-hubspot","versions":[{"version":"n/a","lessThanOrEqual":"1.3.7","versionType":"custom","status":"affected","changes":[{"at":"1.3.8","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-16T12:50:20.306643Z","id":"CVE-2026-49763","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/cf7-hubspot/vulnerability/wordpress-integration-for-contact-form-7-hubspot-plugin-1-3-7-php-object-injection-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-2467","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:41.890","lastModified":"2026-07-08T18:18:49.637","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.3","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.2.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:03:21.528088Z","id":"CVE-2026-2467","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"7.7.0","matchCriteriaId":"3F95CC20-9460-4C5E-B56A-CE8F16028B38"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-2467","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-2674","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:42.387","lastModified":"2026-07-08T18:16:24.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers, Overflow Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Queueing Service","Core Libraries","Persistence Service"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.3","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:57:40.284382Z","id":"CVE-2026-2674","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndExcluding":"7.7.0","matchCriteriaId":"B6B5FCCD-2C72-4980-B453-DF8E7356ACF2"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-2674","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-2675","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:42.707","lastModified":"2026-07-08T14:31:55.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Security Plugins"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.3","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:02:42.712673Z","id":"CVE-2026-2675","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"7.7.0","matchCriteriaId":"3F95CC20-9460-4C5E-B56A-CE8F16028B38"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-2675","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-30799","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:43.007","lastModified":"2026-07-08T14:27:11.723","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.*, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Security Plugins"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.*","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:59:33.217064Z","id":"CVE-2026-30799","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"7.7.0","matchCriteriaId":"3F95CC20-9460-4C5E-B56A-CE8F16028B38"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-30799","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30802","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:43.263","lastModified":"2026-07-08T14:07:01.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0, from 2.4.5 before 2.4.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Micro","defaultStatus":"unaffected","packageName":"connext_micro","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_micro","versions":[{"version":"4.0.0","lessThan":"4.3.0","versionType":"custom","status":"affected"},{"version":"2.4.5","lessThan":"2.4.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:58:36.128067Z","id":"CVE-2026-30802","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_micro:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.5","versionEndExcluding":"4.3.0","matchCriteriaId":"35657566-7EF7-4D1E-99AC-24A381A39A2A"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-30802","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-30803","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:43.410","lastModified":"2026-07-08T14:05:36.510","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Micro","defaultStatus":"unaffected","packageName":"connext_micro","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_micro","versions":[{"version":"4.0.0","lessThan":"4.3.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T17:58:11.377761Z","id":"CVE-2026-30803","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_micro:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.3.0","matchCriteriaId":"6BCAC260-B3A0-429E-A71D-1F6E27BD056A"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-30803","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-3894","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:17:44.287","lastModified":"2026-07-08T14:04:31.830","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 5.0.0 before 5.2.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Core Libraries"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.7.0","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.3","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.*","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.*","versionType":"custom","status":"affected"},{"version":"5.3.0","lessThan":"5.3.*","versionType":"custom","status":"affected"},{"version":"5.0.0","lessThan":"5.2.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:01:05.016536Z","id":"CVE-2026-3894","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"7.7.0","matchCriteriaId":"95DB3192-6006-4B24-94C6-98C6A09F0706"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-3894","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-7300","sourceIdentifier":"3f572a00-62e2-4423-959a-7ea25eff1638","published":"2026-06-17T18:18:05.753","lastModified":"2026-07-08T13:55:10.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*."}],"affected":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","affectedData":[{"vendor":"RTI","product":"Connext Professional","defaultStatus":"unaffected","packageName":"connext_professional","modules":["Web Integration Service"],"packageURL":"pkg:generic/connext_professional","versions":[{"version":"7.4.0","lessThan":"7.*","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.3.1.3","versionType":"custom","status":"affected"},{"version":"6.1.2","lessThan":"6.1.*","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T18:00:26.868901Z","id":"CVE-2026-7300","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3f572a00-62e2-4423-959a-7ea25eff1638","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rti:connext_professional:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.2","versionEndExcluding":"7.4.0","matchCriteriaId":"21210B58-4B30-4C47-B448-F4CAE754CDBD"}]}]}],"references":[{"url":"https://www.rti.com/vulnerabilities/#cve-2026-7300","source":"3f572a00-62e2-4423-959a-7ea25eff1638","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52908","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-19T15:16:35.277","lastModified":"2026-07-08T15:24:27.260","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA: During rereg_mr ensure that REREG_ACCESS is compatible\n\nIf IB_MR_REREG_ACCESS changes from RO to RW then the umem has to be\nre-evaluated to ensure it is properly pinned as RW. Since the umem is\nhidden inside each driver's mr struct add a ib_umem_check_rereg() function\nthat each driver has to call before processing IB_MR_REREG_ACCESS.\n\nmlx4 has to retain its duplicate ib_access_writable check because it\nimplements IB_MR_REREG_ACCESS | IB_MR_REREG_TRANS by changing both items\nin place sequentially while the MR is live, so it will continue to not\nsupport this combination."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/infiniband/core/umem.c","drivers/infiniband/hw/hns/hns_roce_mr.c","drivers/infiniband/hw/irdma/verbs.c","drivers/infiniband/hw/mlx4/mr.c","drivers/infiniband/hw/mlx5/mr.c","drivers/infiniband/sw/rxe/rxe_verbs.c","include/rdma/ib_umem.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"09dc18894148381d3bfc550083b1236043870dce","versionType":"git","status":"affected"},{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"eba5df21eda0fe7418efbea2f799f8ea1b8ca94c","versionType":"git","status":"affected"},{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"2904e985a2917b5dac65df82733065e78a65fc9d","versionType":"git","status":"affected"},{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"50334a05a950840b39a1ce3d2a173b4183db9b3e","versionType":"git","status":"affected"},{"version":"b40656aa7d559adc1fe689396dc58b92a9a27286","lessThan":"badad6fad60def1b9805559dd81dbab3d97b82aa","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/infiniband/core/umem.c","drivers/infiniband/hw/hns/hns_roce_mr.c","drivers/infiniband/hw/irdma/verbs.c","drivers/infiniband/hw/mlx4/mr.c","drivers/infiniband/hw/mlx5/mr.c","drivers/infiniband/sw/rxe/rxe_verbs.c","include/rdma/ib_umem.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/09dc18894148381d3bfc550083b1236043870dce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2904e985a2917b5dac65df82733065e78a65fc9d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/50334a05a950840b39a1ce3d2a173b4183db9b3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/badad6fad60def1b9805559dd81dbab3d97b82aa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eba5df21eda0fe7418efbea2f799f8ea1b8ca94c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52909","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-19T15:16:35.383","lastModified":"2026-07-08T15:24:17.873","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: set netns_immutable on the fallback device.\n\njohn1988 and Noam Rathaus reported that vti6_init_net() does not set the\nnetns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).\n\nOther similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)\ncorrectly set this flag during their fallback device initialization to\nprevent them from being moved to another network namespace."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv6/ip6_vti.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"12acc977838c943636fb01e2f3087d2e4cc3b7cc","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"7f28e3948c59481f8db9c9638e204258d26b4e41","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"12c65e2c7fef507551bd7b52123598a761662c01","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"f4b6b4af7ef0661ac153c6f7eb1030aa8482c1a3","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"c5dbd669db5a426b3025512322e1bf2cdbe14305","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"ecf8904067dcba0dad86ece80874841e60317885","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"dcdce3bc9f08026ff3739ee7339e1bef526fc5f3","versionType":"git","status":"affected"},{"version":"61220ab349485d911083d0b7990ccd3db6c63297","lessThan":"d289d5307762d1838aaece22c6b6fcad9e8865f9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv6/ip6_vti.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.15","status":"affected"},{"version":"0","lessThan":"3.15","versionType":"semver","status":"unaffected"},{"version":"5.10.260","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.211","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.177","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.144","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.95","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"5.10.260","matchCriteriaId":"A607EC6A-B5CC-42BB-B74C-7191E7210452"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.211","matchCriteriaId":"D71C101E-388C-4A46-BD99-49049F7C5CFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.177","matchCriteriaId":"333C9E30-7FD4-46A2-94EF-C1AA1F3EE28B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.144","matchCriteriaId":"C8AD3BC8-C843-423C-B9DB-CB52F67F578E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.95","matchCriteriaId":"4E206B86-E0E3-4394-A93F-39F2D50A8AA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12acc977838c943636fb01e2f3087d2e4cc3b7cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/12c65e2c7fef507551bd7b52123598a761662c01","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f28e3948c59481f8db9c9638e204258d26b4e41","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c5dbd669db5a426b3025512322e1bf2cdbe14305","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d289d5307762d1838aaece22c6b6fcad9e8865f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dcdce3bc9f08026ff3739ee7339e1bef526fc5f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecf8904067dcba0dad86ece80874841e60317885","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f4b6b4af7ef0661ac153c6f7eb1030aa8482c1a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52910","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-19T15:16:35.487","lastModified":"2026-07-08T15:20:05.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Free reuseport cBPF prog after RCU grace period.\n\nEulgyu Kim reported the splat below with a repro. [0]\n\nThe repro sets up a UDP reuseport group with a cBPF prog and\nreplaces it with a new one while another thread is sending\na UDP packet to the group.\n\nThe reuseport prog is freed by sk_reuseport_prog_free().\nbpf_prog_put() is called for \"e\"BPF prog to destruct through\nmultiple stages while cBPF prog is freed immediately by\nbpf_release_orig_filter() and bpf_prog_free().\n\nIf a reuseport prog is detached from the setsockopt() path\n(reuseport_attach_prog() or reuseport_detach_prog()),\nsk_reuseport_prog_free() is called without waiting for RCU\nreaders to complete, resulting in various bugs.\n\nLet's defer freeing the reuseport cBPF prog after one RCU\ngrace period.\n\nNote \"e\"BPF prog is safe as is unless the fast path starts\nto touch fields destroyed in bpf_prog_put_deferred() and\n__bpf_prog_put_noref().\n\n[0]:\nBUG: KASAN: vmalloc-out-of-bounds in reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596\nRead of size 4 at addr ffffc9000051e004 by task slowme/10208\nCPU: 6 UID: 1000 PID: 10208 Comm: slowme Not tainted 7.0.0-geb7ac95ff75e #32 PREEMPT(full)\nHardware name: QEMU Ubuntu 24.04 PC v2 (i440FX + PIIX, arch_caps fix, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nCall Trace:\n <IRQ>\n dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n reuseport_select_sock+0xedc/0x1220 net/core/sock_reuseport.c:596\n udp4_lib_lookup2+0x3bc/0x950 net/ipv4/udp.c:495\n __udp4_lib_lookup+0x768/0xe20 net/ipv4/udp.c:723\n __udp4_lib_lookup_skb+0x297/0x390 net/ipv4/udp.c:752\n __udp4_lib_rcv+0x1312/0x2620 net/ipv4/udp.c:2752\n ip_protocol_deliver_rcu+0x282/0x440 net/ipv4/ip_input.c:207\n ip_local_deliver_finish+0x3bb/0x6f0 net/ipv4/ip_input.c:241\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n NF_HOOK+0x30c/0x3a0 include/linux/netfilter.h:318\n __netif_receive_skb_one_core net/core/dev.c:6181 [inline]\n __netif_receive_skb net/core/dev.c:6294 [inline]\n process_backlog+0xaa4/0x1960 net/core/dev.c:6645\n __napi_poll+0xae/0x340 net/core/dev.c:7709\n napi_poll net/core/dev.c:7772 [inline]\n net_rx_action+0x5d7/0xf50 net/core/dev.c:7929\n handle_softirqs+0x22b/0x870 kernel/softirq.c:622\n do_softirq+0x76/0xd0 kernel/softirq.c:523\n </IRQ>\n <TASK>\n __local_bh_enable_ip+0xf8/0x130 kernel/softirq.c:450\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:924 [inline]\n __dev_queue_xmit+0x1dd7/0x3710 net/core/dev.c:4890\n neigh_output include/net/neighbour.h:556 [inline]\n ip_finish_output2+0xca9/0x1070 net/ipv4/ip_output.c:237\n NF_HOOK_COND include/linux/netfilter.h:307 [inline]\n ip_output+0x29f/0x450 net/ipv4/ip_output.c:438\n ip_send_skb+0x45/0xc0 net/ipv4/ip_output.c:1508\n udp_send_skb+0xb04/0x1510 net/ipv4/udp.c:1195\n udp_sendmsg+0x1a71/0x2350 net/ipv4/udp.c:1485\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg net/socket.c:742 [inline]\n __sys_sendto+0x554/0x680 net/socket.c:2206\n __do_sys_sendto net/socket.c:2213 [inline]\n __se_sys_sendto net/socket.c:2209 [inline]\n __x64_sys_sendto+0xde/0x100 net/socket.c:2209\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x160/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x415a2d\nCode: b3 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f6bc31e41e8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c\nRAX: ffffffffffffffda RBX: 00007f6bc31e4cdc RCX: 0000000000415a2d\nRDX: 0000000000000001 RSI: 00007f6bc31e421f RDI: 0000000000000003\nRBP: 00007f6bc31e4240 R08: 00007f6bc31e4220 R09: 0000000000000010\nR10: 0000000000000000 R11: \n---truncated---"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"08264d5bba0bdd3a79bc2984fee09286aba0c4eb","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"fec41484e7c2aa7ded44c541bba98872be937754","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"c3e3fddda6b5d9ba505d218b4055e7d8a282ac57","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"f8b8f1d4bb76098e87b8269a0631019648330e6d","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"298db6167f81e9c470a57cf652e4e47757b4293e","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"87dfb977bdb6eaa47e9993a34e18f44970f88b1f","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"90e47dc5c572d1c73971ac51c7428803f42b78eb","versionType":"git","status":"affected"},{"version":"538950a1b7527a0a52ccd9337e3fcd304f027f13","lessThan":"18fc650ccd7fe3376eca89203668cfb8268f60df","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/filter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.5","status":"affected"},{"version":"0","lessThan":"4.5","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-364"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"5.10.259","matchCriteriaId":"49A9457D-DA96-491F-96F5-C78397CA6014"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/08264d5bba0bdd3a79bc2984fee09286aba0c4eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/18fc650ccd7fe3376eca89203668cfb8268f60df","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/298db6167f81e9c470a57cf652e4e47757b4293e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/87dfb977bdb6eaa47e9993a34e18f44970f88b1f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90e47dc5c572d1c73971ac51c7428803f42b78eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3e3fddda6b5d9ba505d218b4055e7d8a282ac57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8b8f1d4bb76098e87b8269a0631019648330e6d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fec41484e7c2aa7ded44c541bba98872be937754","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-52910","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490779","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52910.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-48908","sourceIdentifier":"security@joomla.org","published":"2026-06-20T13:16:42.080","lastModified":"2026-07-08T13:57:42.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomshaper.net","product":"SP Page Builder extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0.0-6.6.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T00:00:00+00:00","id":"CVE-2026-48908","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-07","cisaActionDue":"2026-07-10","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability","weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ollyo:sp_page_builder:*:*:*:*:-:joomla\\!:*:*","versionEndExcluding":"6.6.2","matchCriteriaId":"357A3AA5-76BB-4E60-AA71-CB8FB76E2221"}]}]}],"references":[{"url":"https://www.joomshaper.com/page-builder","source":"security@joomla.org","tags":["Product"]},{"url":"https://extensions.joomla.org/extension/sp-page-builder/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Product"]},{"url":"https://mysites.guru/blog/sp-page-builder-zero-day-uploadcustomicon-rce/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48908","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]},{"url":"https://www.joomshaper.com/forum/question/45152","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-56346","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-20T19:16:24.127","lastModified":"2026-07-08T20:16:53.437","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credentials, exposing key material to logs and enabling resource exhaustion attacks."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"AVideo","product":"AVideo","defaultStatus":"unaffected","packageURL":"pkg:composer/wwbn/avideo","versions":[{"version":"0","lessThanOrEqual":"25.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T12:41:41.179894Z","id":"CVE-2026-56346","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-5x2w-37xf-7962","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/avideo-unauthenticated-pgp-message-decryption-via-decryptmessage-json-php-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-5x2w-37xf-7962","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-52911","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-21T08:16:23.607","lastModified":"2026-07-08T15:13:12.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: scope conn->binding slowpath to bound sessions only\n\nWhen the binding SESSION_SETUP sets conn->binding = true, the flag stays\nset after the call so that the global session lookup in\nksmbd_session_lookup_all() can find the session, which was not added to\nconn->sessions. Because the flag is connection-wide, the global lookup\npath will also resolve any other session by id if asked.\n\nTighten the global lookup so that the returned session must have this\nconnection registered in its channel xarray (sess->ksmbd_chann_list).\nThe channel entry is installed by the existing binding_session path in\nntlm_authenticate()/krb5_authenticate() when a SESSION_SETUP completes\nsuccessfully, so this condition is a strict equivalent of \"this\nconnection has been accepted as a channel of this session\". Connections\nthat have not bound to a given session cannot reach it via the global\ntable.\n\nThe existing conn->binding gate for entering the slowpath is preserved\nso that non-binding connections keep the fast-path-only behavior, and\nthe session->state check is unchanged."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/server/mgmt/user_session.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"e74c00c6af428a39e564cdc5bd3a3648c6d8de87","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"e3a93ce6e25757b8f375e38b8f91e1d9da4edc1a","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"1ff46c9915c1cbf454db58a8cb87f7cac818e6a6","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"974c1c224e85549dc3459f3bb2255bbbdd2b9372","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"2cc8a4db633b10715450b291c1343859a4b2c509","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"1e2bec062c5c9ec282636715166056d0998d746d","versionType":"git","status":"affected"},{"version":"f5a544e3bab78142207e0242d22442db85ba1eff","lessThan":"b0da97c034b6107d14e537e212d4ce8b22109a58","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/server/mgmt/user_session.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.209","matchCriteriaId":"6EDF0B07-5AB8-46F1-84C6-AAB5EF2C52B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1e2bec062c5c9ec282636715166056d0998d746d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1ff46c9915c1cbf454db58a8cb87f7cac818e6a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2cc8a4db633b10715450b291c1343859a4b2c509","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/974c1c224e85549dc3459f3bb2255bbbdd2b9372","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0da97c034b6107d14e537e212d4ce8b22109a58","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e3a93ce6e25757b8f375e38b8f91e1d9da4edc1a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e74c00c6af428a39e564cdc5bd3a3648c6d8de87","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-54099","sourceIdentifier":"secalert@redhat.com","published":"2026-06-22T14:17:40.820","lastModified":"2026-07-08T15:10:59.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A compromised Windows worker node that holds WICD credentials can submit a CSR that is auto-approved and signed by the cluster, yielding a client certificate that grants cluster-administrator privileges and enabling full cluster takeover."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel8-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:windows_machine_config"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"affected","cpes":["cpe:/a:redhat:windows_machine_config"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-54099","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.22.1","matchCriteriaId":"4A5FB226-0EC9-4963-9062-26C254D92F40"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:windows_machine_config_operator:-:*:*:*:*:*:*:*","matchCriteriaId":"2219154D-E4AD-4A8E-942A-C4804C00591C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-54099","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487950","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-54099","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487950","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54099.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54100","sourceIdentifier":"secalert@redhat.com","published":"2026-06-22T14:17:40.950","lastModified":"2026-07-08T15:10:50.797","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture WICD and kubelet bootstrap credentials transferred during node configuration, enabling compromise of Windows node identities in the cluster."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel8-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4-wincw/windows-machine-config-rhel9-operator","cpes":["cpe:/a:redhat:windows_machine_config"]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift for Windows Containers","defaultStatus":"affected","cpes":["cpe:/a:redhat:windows_machine_config"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T00:00:00+00:00","id":"CVE-2026-54100","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndIncluding":"4.22.1","matchCriteriaId":"3F70390E-5DD6-42E4-AEA8-1C03337DDABC"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:windows_machine_config_operator:-:*:*:*:*:*:*:*","matchCriteriaId":"2219154D-E4AD-4A8E-942A-C4804C00591C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-54100","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487953","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-54100","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487953","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-54100.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12549","sourceIdentifier":"secalert@redhat.com","published":"2026-06-22T16:16:34.090","lastModified":"2026-07-08T15:10:43.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup3","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libsoup","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:05:45.451175Z","id":"CVE-2026-12549","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-805"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*","matchCriteriaId":"C5BAC4F4-3ACD-4F4D-920C-F920FD2C5472"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12549","source":"secalert@redhat.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://access.redhat.com/security/cve/cve-2026-0716","source":"secalert@redhat.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2489999","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://gitlab.gnome.org/GNOME/libsoup/-/work_items/516","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12725","sourceIdentifier":"secalert@redhat.com","published":"2026-06-22T16:16:34.490","lastModified":"2026-07-08T15:10:32.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and\nquery logging are both enabled, logging of DS or DNSKEY replies containing\nunsupported algorithm or digest types can cause dnsmasq to write past the end\nof an internal logging buffer. A remote attacker able to supply such a DNS\nresponse may crash the dnsmasq process, resulting in denial of service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T18:20:23.362371Z","id":"CVE-2026-12725","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndIncluding":"4.22.1","matchCriteriaId":"3F70390E-5DD6-42E4-AEA8-1C03337DDABC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*","versionEndExcluding":"2.93","matchCriteriaId":"8D8EBB73-1EA7-47A6-A71A-172ED404E0B6"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12725","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2490763","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41049","sourceIdentifier":"meissner@suse.de","published":"2026-06-22T16:16:35.413","lastModified":"2026-07-08T15:42:08.647","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them."}],"affected":[{"source":"meissner@suse.de","affectedData":[{"vendor":"presire","product":"qSnapper","defaultStatus":"unaffected","packageName":"qsnapper","repo":"https://github.com/presire/qSnapper","versions":[{"version":"1.2.1","lessThan":"1.3.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T16:25:21.586546Z","id":"CVE-2026-41049","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"meissner@suse.de","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:presire:qsnapper:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.3","matchCriteriaId":"EDD5718C-0459-48A0-A6A8-B6C1F557DF2C"}]}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1262218","source":"meissner@suse.de","tags":["Third Party Advisory"]},{"url":"https://github.com/presire/qSnapper/releases/tag/v1.3.3","source":"meissner@suse.de","tags":["Third Party Advisory"]},{"url":"https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching","source":"meissner@suse.de","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49468","sourceIdentifier":"security-advisories@github.com","published":"2026-06-22T21:16:25.190","lastModified":"2026-07-08T20:16:50.797","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. This vulnerability is fixed in 1.84.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"BerriAI","product":"litellm","versions":[{"version":"< 1.84.0","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Exploit Intelligence","defaultStatus":"affected","cpes":["cpe:/a:redhat:exploit_intelligence:0"]},{"vendor":"Red Hat","product":"Red Hat Ansible Automation Platform 2","defaultStatus":"affected","cpes":["cpe:/a:redhat:ansible_automation_platform:2"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.5,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-49468","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.84.0","matchCriteriaId":"0432AF82-95FD-4358-9414-7B41889CEFD2"}]}]}],"references":[{"url":"https://github.com/BerriAI/litellm/releases/tag/v1.84.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3w","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-49468","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2491520","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49468.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-55653","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T04:17:36.600","lastModified":"2026-07-08T14:17:14.560","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client path. This occurs during FIPS (Federal Information Processing Standards) mode known-group validation when the client processes attacker-controlled DH-GEX group parameters. Successful exploitation leads to client-side process termination, resulting in a Denial of Service (DoS)."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openssh-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"10.3p1-6.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T14:30:51.025049Z","id":"CVE-2026-55653","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*","matchCriteriaId":"7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*","matchCriteriaId":"932D137F-528B-4526-9A89-CD59FA1AB0FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36759","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-55653","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2462351","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55654","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T04:17:40.587","lastModified":"2026-07-08T14:17:14.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openssh-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"10.3p1-6.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:11:38.299870Z","id":"CVE-2026-55654","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*","matchCriteriaId":"7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:hardened_images:-:*:*:*:*:*:*:*","matchCriteriaId":"87DEB507-5B64-47D7-9A50-3B87FD1E571F"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36759","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-55654","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2462493","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55655","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T04:17:40.787","lastModified":"2026-07-08T14:17:14.837","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack can compromise the confidentiality of forwarded X11 traffic, including sensitive window contents and input, and may allow some manipulation of the forwarded session."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Hardened Images","defaultStatus":"affected","collectionURL":"https://catalog.redhat.com/software/containers/","packageName":"openssh-main","cpes":["cpe:/a:redhat:hummingbird:1"],"versions":[{"version":"10.3p1-6.hum1","lessThan":"*","versionType":"rpm","status":"unaffected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openssh","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T12:21:42.502865Z","id":"CVE-2026-55655","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-923"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:-:*:*:*:*:*:*:*","matchCriteriaId":"7BB9B2AD-A04E-4C93-9FAF-5DC02F69690B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:36759","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-55655","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2462250","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2023-54365","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-06-23T13:16:30.420","lastModified":"2026-07-08T18:12:47.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Traefik","product":"Traefik","defaultStatus":"unaffected","packageURL":"pkg:golang/github.com/traefik/traefik","versions":[{"version":"0","lessThan":"2.10.5","versionType":"semver","status":"affected"},{"version":"2.10.5","versionType":"semver","status":"unaffected"}]},{"vendor":"Traefik","product":"Traefik","defaultStatus":"unaffected","packageURL":"pkg:golang/github.com/traefik/traefik","versions":[{"version":"3.0.0-beta1","lessThan":"3.0.0-beta4","versionType":"semver","status":"affected"},{"version":"3.0.0-beta4","versionType":"semver","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_devspaces:3"]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T18:13:32.219989Z","id":"CVE-2023-54365","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*","versionEndExcluding":"2.10.5","matchCriteriaId":"B36BFFB0-C0EC-4926-A1DB-0B711C846A68"},{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:3.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"376EAF9B-E994-4268-9704-0A45EA30270F"},{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:3.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"F3D08335-C291-4623-B80C-3B14C4D1FA32"},{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:3.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"21033CEE-CEF5-4B0D-A565-4A6FC764AA6D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.20.10","matchCriteriaId":"328120E4-C031-44B4-9BE5-03B0CDAA066F"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.21.0","versionEndExcluding":"1.21.3","matchCriteriaId":"5FD9AB15-E5F6-4DBC-9EC7-D0ABA705802A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openshift_ai:-:*:*:*:*:*:*:*","matchCriteriaId":"EBF0A70A-E606-48C8-82C2-4D8760146265"}]}]}],"references":[{"url":"https://github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5g","source":"disclosure@vulncheck.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/traefik-denial-of-service-via-http-2-request-handling","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2023-54365","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2491710","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-54365.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-10609","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T14:17:21.853","lastModified":"2026-07-08T15:10:22.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Logging Subsystem for Red Hat OpenShift","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-logging/cluster-logging-rhel9-operator","cpes":["cpe:/a:redhat:logging:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T13:58:23.388681Z","id":"CVE-2026-10609","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:cluster_logging_operator:-:*:*:*:*:*:*:*","matchCriteriaId":"2A0B241E-0214-4C9D-B296-A84ED38C628A"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:logging_subsystem_for_red_hat_openshift:-:*:*:*:*:*:*:*","matchCriteriaId":"EF93A27E-AA2B-4C2E-9B8D-FE7267847326"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-10609","source":"secalert@redhat.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483943","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12969","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T14:17:22.790","lastModified":"2026-07-08T15:10:14.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"dnsmasq","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"unaffected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T15:02:23.863843Z","id":"CVE-2026-12969","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*","versionEndExcluding":"2.93","matchCriteriaId":"8D8EBB73-1EA7-47A6-A71A-172ED404E0B6"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-12969","source":"secalert@redhat.com","tags":["Vendor Advisory","Mitigation"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2491663","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55255","sourceIdentifier":"security-advisories@github.com","published":"2026-06-23T17:17:08.050","lastModified":"2026-07-08T13:39:12.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request. This vulnerability is fixed in 1.9.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"langflow-ai","product":"langflow","versions":[{"version":"< 1.9.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-23T00:00:00+00:00","id":"CVE-2026-55255","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-07","cisaActionDue":"2026-07-10","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Langflow Authorization Bypass Through User-Controlled Key Vulnerability","weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*","versionEndExcluding":"1.9.1","matchCriteriaId":"E5C0C925-9B95-4B10-BACE-5BBE5A9D24C5"}]}]}],"references":[{"url":"https://github.com/langflow-ai/langflow/commit/2c9f498d664a3c32698b57d7c5e752625291060e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/langflow-ai/langflow/pull/12832","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/langflow-ai/langflow/security/advisories/GHSA-qrpv-q767-xqq2","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://webflow.sysdig.com/blog/understanding-langflow-cve-2026-55255-and-why-higher-cvss-vulnerabilities-arent-always-the-most-exploited","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-55255","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-11819","sourceIdentifier":"secalert@redhat.com","published":"2026-06-23T21:16:54.473","lastModified":"2026-07-08T15:11:07.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Module: plugins/modules/keyring_info.py \n\nCVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N \n\nIssue: The module retrieves a passphrase from the OS native keyring (GNOME Keyring, macOS Keychain, Windows Credential Manager) and places it directly into result[\"passphrase\"] with no output suppression, no no_log protection, and no documentation warning. \n\nRoot Cause:\n\nLine 105 (protected): keyring_password=dict(type=\"str\", required=True, no_log=True)\nLine 127 (NOT protected): result[\"passphrase\"] = passphrase\n\nObserved Output:\n\n{\n\"changed\": false,\n\"passphrase\": \"MyMasterP@ssw0rd!SSH_Key_Secret\"\n}\nVisible via register + debug:\n{\n\"keyring_result\": {\n\"changed\": false,\n\"passphrase\": \"MyMasterP@ssw0rd!SSH_Key_Secret\"\n}\n}\n\nImpact: \n\nMaster passwords, SSH key passphrases and service credentials appear in all Ansible output \n\nregister: keyring_result followed by debug: var=keyring_result prints passphrase in full \n\nAnsible fact caching backends (Redis, JSON file, memcached) may persist the passphrase \n\nAWX/Tower job logs silently store the live credential\n\nFix:\n\nmodule.exit_json(changed=False, passphrase=passphrase, _ansible_no_log=True)\n\nAlso add a documentation warning requiring callers to use no_log: true at the task level.\n\nPoCs\n\n\nFig 1: PoC execution showing passphrase in plaintext output\n\n\nFig 2: Source code showing no_log=True on input (line 105) vs unprotected output (line 127)"}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel-system-roles","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhc-worker-playbook","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel-system-roles","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhel-system-roles","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-24T14:35:23.411115Z","id":"CVE-2026-11819","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-11819","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487251","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2026-11819","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-52912","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:20.640","lastModified":"2026-07-08T15:13:08.090","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_queue: hold bridge skb->dev while queued\n\nbr_pass_frame_up() rewrites skb->dev from the ingress port to the bridge\nmaster before queueing bridge LOCAL_IN packets. NFQUEUE only holds\nreferences on state.in/out and bridge physdevs, so a queued bridge\npacket can retain a freed bridge master in skb->dev until reinjection.\n\nWhen the verdict is reinjected later, br_netif_receive_skb() re-enters\nthe receive path with skb->dev still pointing at the freed bridge master,\ntriggering a use-after-free.\n\nStore skb->dev in the queue entry, hold a reference on it for the queue\nlifetime, and use the saved device when dropping queued packets during\nNETDEV_DOWN handling."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/netfilter/nf_queue.h","net/netfilter/nf_queue.c","net/netfilter/nfnetlink_queue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"950d809f154dca04e5fbe5d3c8b9c5e44769cd57","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"a698ac8ab2561cf575d2d9f34095032651dd952e","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"19924bdd8a45ebc72a7b84c57fd63057d1dc75ac","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"1e5e20031c5eee8d2e490a90ff4d6a2feecfc3be","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"3823c27099cfe2482299065814adbaa771be9644","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"15d464265120ab9818bd673af301deee09bedab2","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"3fb0f5c0f64162a8c3f25616a4f1e340b921737f","versionType":"git","status":"affected"},{"version":"ac28634456867b23b95faccba7997a62ec430603","lessThan":"e196115ec330a18de415bdb9f5071aa9f08e53ce","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/netfilter/nf_queue.h","net/netfilter/nf_queue.c","net/netfilter/nfnetlink_queue.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.7","status":"affected"},{"version":"0","lessThan":"4.7","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.10.259","matchCriteriaId":"3FA30F1C-F514-4A35-83AD-10A879443A42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/15d464265120ab9818bd673af301deee09bedab2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/19924bdd8a45ebc72a7b84c57fd63057d1dc75ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1e5e20031c5eee8d2e490a90ff4d6a2feecfc3be","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3823c27099cfe2482299065814adbaa771be9644","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3fb0f5c0f64162a8c3f25616a4f1e340b921737f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/950d809f154dca04e5fbe5d3c8b9c5e44769cd57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a698ac8ab2561cf575d2d9f34095032651dd952e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e196115ec330a18de415bdb9f5071aa9f08e53ce","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52913","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.080","lastModified":"2026-07-08T15:13:03.247","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: v: stop OGMv2 on disabled interface\n\nWhen a batadv_hard_iface is disabled, its mesh_iface pointer is set to\nNULL. However, batadv_v_ogm_send_meshif() may still dispatch OGMs via\nbatadv_v_ogm_queue_on_if() for interfaces that have since lost their\nmesh_iface association. This results in a NULL pointer dereference when\nbatadv_v_ogm_queue_on_if() unconditionally calls netdev_priv() on the\nnow NULL hard_iface->mesh_iface to retrieve the batadv_priv.\n\nIt is necessary to ensure that the batadv_v_ogm_queue_on_if() checks that\nit is using the same mesh_iface for which batadv_v_ogm_send_meshif() was\ncalled."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/bat_v_ogm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"d7391a2b854a62235539c68e9cbf6fc7910a8e9a","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"70c9f6ab0d8f785087fb74fb85464a9a5288bfdb","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"040fe8eb34624002071dd21de9824dfe668ce65d","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"31dcb9711abd1dcd2080d9fac05c79dd9997d6bf","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"aad70db50ea3d7dfe30e402b889ff075a293b287","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"1be1e99cbd5b74a69d3f92200ca87cf1bce852db","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"4ff461af943efb5e74d09942d5ffee7644d1e1fe","versionType":"git","status":"affected"},{"version":"0da0035942d47766c32843143fb5dba7a29cb48c","lessThan":"f8ce8b8331a1bc44ad4905886a482214d428b253","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/bat_v_ogm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.6","status":"affected"},{"version":"0","lessThan":"4.6","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.10.259","matchCriteriaId":"5600752B-5EBB-43C5-ACFC-8AD628C79467"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.93","matchCriteriaId":"1E73413E-0629-41AA-A4D3-5A3D10A0BD63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/040fe8eb34624002071dd21de9824dfe668ce65d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1be1e99cbd5b74a69d3f92200ca87cf1bce852db","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/31dcb9711abd1dcd2080d9fac05c79dd9997d6bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ff461af943efb5e74d09942d5ffee7644d1e1fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/70c9f6ab0d8f785087fb74fb85464a9a5288bfdb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aad70db50ea3d7dfe30e402b889ff075a293b287","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7391a2b854a62235539c68e9cbf6fc7910a8e9a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f8ce8b8331a1bc44ad4905886a482214d428b253","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52914","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.213","lastModified":"2026-07-08T15:12:54.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix fragment reassembly length accounting\n\nbatman-adv keeps a running payload length for queued fragments and uses it\nto validate a fragment chain before reassembly.\n\nThat accounting currently allows the accumulated fragment length to be\ntruncated during updates. As a result, malformed fragment chains can\nbypass the intended validation and drive reassembly with inconsistent\nlength state, leading to a local denial of service.\n\nFix the accounting by storing the accumulated length in a length-typed\nfield and rejecting update overflows before the existing validation logic\nruns.\n\nThe fix was verified against the original reproducer and against valid\nfragment reassembly paths."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/fragmentation.c","net/batman-adv/types.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"37be61825b15534a16ff9cfc9546de155b6df982","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"975563c5de1123dde1ec7946bf5556d20c89d74e","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"f653b040dad1af70fa5cd4fe085e4758925480c9","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"e910dbf509125fe51ad68e4fa74dc8ab0a8e787a","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"3eb8bcb823391bd58997831b3c9c152a4ba8e255","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"fdb2c96efb2baeb3725e9ce3ede8f1e36f5490f0","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"9cd3f16c320bfdadd4509358122368deb56a5741","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/fragmentation.c","net/batman-adv/types.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.258","matchCriteriaId":"5719375F-EF0E-4109-B597-92834B5F4367"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/37be61825b15534a16ff9cfc9546de155b6df982","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3eb8bcb823391bd58997831b3c9c152a4ba8e255","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/975563c5de1123dde1ec7946bf5556d20c89d74e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9cd3f16c320bfdadd4509358122368deb56a5741","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e4f3f6b818aa6a678bc54a2d4e0bece2303c6a64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e910dbf509125fe51ad68e4fa74dc8ab0a8e787a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f653b040dad1af70fa5cd4fe085e4758925480c9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fdb2c96efb2baeb3725e9ce3ede8f1e36f5490f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52915","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.340","lastModified":"2026-07-08T15:12:50.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ip6t_hbh: reject oversized option lists\n\nstruct ip6t_opts stores at most IP6T_OPTS_OPTSNR option descriptors,\nbut hbh_mt6_check() does not reject larger optsnr values supplied from\nuserspace.\n\nValidate optsnr in the rule setup path so only match data that fits the\nfixed-size opts array can be installed. This follows the existing xtables\npattern of rejecting invalid user-provided counts in checkentry() and\nkeeps the packet matching path unchanged.\n\n`struct ip6t_opts` has a fixed `opts[IP6T_OPTS_OPTSNR]` array,\nwhere `IP6T_OPTS_OPTSNR` is 16, then off-by-one array access is possible:\n\n[  137.924693][ T8692] UBSAN: array-index-out-of-bounds in ../net/ipv6/netfilter/ip6t_hbh.c:110:29\n[  137.926167][ T8692] index 16 is out of range for type '__u16 [16]'"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv6/netfilter/ip6t_hbh.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2d523ba48d4ecc46acfb6aba548292cfcce1ac02","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"588933f1a2ca5ff99274f8c9f25dc3a25d0191c3","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"784aadea7a108c9f90985683caa87fb0198c6a39","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"41ec2e242f1702e8370ddfe14d22b7a766021c3e","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"db0250470f023f159094052c0bd5ab026a88ae93","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"57b0ac5e1b46f1f0338dff392ef2092e2871b412","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"6feb43c0995ab3a9c826707eb46541a1696fe4f7","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4322dcde6b4173c2d8e8e6118ed290794263bcc8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv6/netfilter/ip6t_hbh.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.258","matchCriteriaId":"E03287AA-1109-4662-85B8-5E824B2EA646"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2d523ba48d4ecc46acfb6aba548292cfcce1ac02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/41ec2e242f1702e8370ddfe14d22b7a766021c3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4322dcde6b4173c2d8e8e6118ed290794263bcc8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/57b0ac5e1b46f1f0338dff392ef2092e2871b412","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/588933f1a2ca5ff99274f8c9f25dc3a25d0191c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6feb43c0995ab3a9c826707eb46541a1696fe4f7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/784aadea7a108c9f90985683caa87fb0198c6a39","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db0250470f023f159094052c0bd5ab026a88ae93","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52916","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.463","lastModified":"2026-07-08T15:12:46.487","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: frag: disallow unicast fragment in fragment\n\nbatadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a\nBATADV_UNICAST_FRAG packet is received. Once all fragments are collected\nand the packet is reassembled, batadv_recv_frag_packet() calls\nbatadv_batman_skb_recv() again to process the defragmented payload.\n\nA malicious sender can craft a BATADV_UNICAST_FRAG packet whose reassembled\npayload is itself a BATADV_UNICAST_FRAG packet (matryoshka-style nesting).\nEach nesting level recurses through batadv_batman_skb_recv() without bound,\ngrowing the kernel stack until it is exhausted.\n\nSince refragmentation or fragments in fragments are not actually allowed,\ndiscard all packets which are still BATADV_UNICAST_FRAG packets after the\ndefragmentation process."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/fragmentation.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"0c208fa3859e3a33a1c38bebc41d021166e94ac8","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"bcda4814dc6524283c0b958882cb963d75fe411d","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"aea54d0bbe156d5ab7d00d68f66149ff41f4612a","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"b54e459cf86943583c1aa2ee3081874e7ab1f5f3","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"5418be6c2e117bf8a316582795a8e3ff90f45e5d","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"5895ad21c7059a652da83fb817510f7a1e962abf","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"7138c35c9ad39a2fca6264af6b87466471f04ffc","versionType":"git","status":"affected"},{"version":"610bfc6bc99bc83680d190ebc69359a05fc7f605","lessThan":"bc62216dc8e221e3781afa14430f45208bfa9af9","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/fragmentation.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.258","matchCriteriaId":"5719375F-EF0E-4109-B597-92834B5F4367"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0c208fa3859e3a33a1c38bebc41d021166e94ac8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5418be6c2e117bf8a316582795a8e3ff90f45e5d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5895ad21c7059a652da83fb817510f7a1e962abf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7138c35c9ad39a2fca6264af6b87466471f04ffc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aea54d0bbe156d5ab7d00d68f66149ff41f4612a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b54e459cf86943583c1aa2ee3081874e7ab1f5f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc62216dc8e221e3781afa14430f45208bfa9af9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bcda4814dc6524283c0b958882cb963d75fe411d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52917","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.587","lastModified":"2026-07-08T15:12:41.437","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: diag: reject stale associations in dump_one path\n\nThe SCTP exact sock_diag lookup can hold a transport reference, block on\nlock_sock(sk), and then resume after sctp_association_free() has marked\nthe association dead and freed its bind address list.\n\nWhen that happens, inet_assoc_attr_size() and\ninet_diag_msg_sctpasoc_fill() can still dereference association state\nthat is no longer valid for reporting. In particular,\ninet_diag_msg_sctpasoc_fill() may read an empty bind-address list as a\nreal sctp_sockaddr_entry and trigger an out-of-bounds read from\nunrelated association memory.\n\nReject the association after taking the socket lock if it has been\nreaped or detached from the endpoint, and report the lookup as stale.\nThis keeps the exact dump-one path from formatting torn association\nstate."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sctp/diag.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"6657af827e21883ae90693e42e7f59a6aab690b5","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"b2be72d401833194917e44fbd8d8144bb4f2db16","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"5425de8bd6e9fe5bd67d158e3348171ae7510117","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"e97c2a535e23ed0fdd2660993fb3f10d9535c9bc","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"480f754580b5686b928977d16a59f20cef83ff01","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"78c4f964b2f94e405721c093773f6250e1e676b2","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"f5af203dec6e0e7a6090fcc2130e9f3901bfc84d","versionType":"git","status":"affected"},{"version":"8f840e47f190cbe61a96945c13e9551048d42cef","lessThan":"5eba3e48d78edd7551b992cb7ba687019b3a78da","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sctp/diag.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.7","status":"affected"},{"version":"0","lessThan":"4.7","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"5.10.259","matchCriteriaId":"3FA30F1C-F514-4A35-83AD-10A879443A42"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/480f754580b5686b928977d16a59f20cef83ff01","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5425de8bd6e9fe5bd67d158e3348171ae7510117","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5eba3e48d78edd7551b992cb7ba687019b3a78da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6657af827e21883ae90693e42e7f59a6aab690b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78c4f964b2f94e405721c093773f6250e1e676b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b2be72d401833194917e44fbd8d8144bb4f2db16","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e97c2a535e23ed0fdd2660993fb3f10d9535c9bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5af203dec6e0e7a6090fcc2130e9f3901bfc84d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52918","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.713","lastModified":"2026-07-08T15:12:36.543","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: serialize accept_q access\n\nbt_sock_poll() walks the accept queue without synchronization, while\nchild teardown can unlink the same socket and drop its last reference.\nThe unsynchronized accept queue walk has existed since the initial\nBluetooth import.\n\nProtect accept_q with a dedicated lock for queue updates and polling.\nAlso rework bt_accept_dequeue() to take temporary child references under\nthe queue lock before dropping it and locking the child socket."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["include/net/bluetooth/bluetooth.h","net/bluetooth/af_bluetooth.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d9ce4de05df2385c19e2c7d12f529144e1a44af1","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"41c8c1c7923e86e0eb59cfb4279349112756a336","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"4ec17782fd186f901a7329605d11048b085b945a","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"be43e6b4043113c3b3cf887c3c8350f67140274c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"85f8674cae82053f1e6bab295f6a8422cca14db5","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8b4c412e001b0c670eb937beab491af974da55b3","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"a218bf69eb51fefe59a3976fa8925261141f681c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"e83f5e24da741fa9405aeeff00b08c5ee7c37b88","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["include/net/bluetooth/bluetooth.h","net/bluetooth/af_bluetooth.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.259","matchCriteriaId":"1D09A811-8082-4A08-AF10-F1F8501C5596"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/41c8c1c7923e86e0eb59cfb4279349112756a336","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ec17782fd186f901a7329605d11048b085b945a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85f8674cae82053f1e6bab295f6a8422cca14db5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8b4c412e001b0c670eb937beab491af974da55b3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a218bf69eb51fefe59a3976fa8925261141f681c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be43e6b4043113c3b3cf887c3c8350f67140274c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d9ce4de05df2385c19e2c7d12f529144e1a44af1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e83f5e24da741fa9405aeeff00b08c5ee7c37b88","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52919","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.833","lastModified":"2026-07-08T18:02:43.953","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: fix tp_meter counter underflow during shutdown\n\nbatadv_tp_sender_shutdown() unconditionally decrements the \"sending\"\natomic counter. If multiple paths (e.g. timeout, user cancel, and\nnormal finish) call this function, the counter can underflow to -1.\n\nSince the sender logic treats any non-zero value as \"still sending\",\na negative value causes the sender kthread to loop indefinitely.\nThis leads to a use-after-free when the interface is removed while\nthe zombie thread is still active.\n\nFix this by using atomic_xchg() to ensure the counter only transitions\nfrom 1 to 0 once.\n\n[sven: added missing change in batadv_tp_send]"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/tp_meter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"e75e2ab463b5b34df6b98f94d740aff327ce9f6b","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"abae88fa254f2981d39ac003a7b302528a22af64","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"c66d20a3ff095e3f000551d208ec2606616db15c","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"c1bac194733aabd731aafa6a01350c229e187dba","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"01cefc5923889e29dbb5f281c3d457714ceb9c00","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"90ae3eae06b7b8ab9f6250b9497c860915b4c17b","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"aeae11c5dad9cd0d50723890bdd866f8e6db2e7d","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"94f3b133168d1c49895e7cc6afbcf1cc0b354602","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/tp_meter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.258","matchCriteriaId":"1CA35684-7A23-48C2-8A06-2BD61F906C76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/01cefc5923889e29dbb5f281c3d457714ceb9c00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90ae3eae06b7b8ab9f6250b9497c860915b4c17b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94f3b133168d1c49895e7cc6afbcf1cc0b354602","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/abae88fa254f2981d39ac003a7b302528a22af64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aeae11c5dad9cd0d50723890bdd866f8e6db2e7d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c1bac194733aabd731aafa6a01350c229e187dba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c66d20a3ff095e3f000551d208ec2606616db15c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e75e2ab463b5b34df6b98f94d740aff327ce9f6b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52920","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:21.950","lastModified":"2026-07-08T17:58:21.763","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_policy: fix strict mode inbound policy matching\n\nmatch_policy_in() walks sec_path entries from the last transform to the\nfirst one, but strict policy matching needs to consume info->pol[] in\nthe same forward order as the rule layout.\n\nDerive the strict-match policy position from the number of transforms\nalready consumed so that multi-element inbound rules are matched\nconsistently."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/xt_policy.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c4b885139203d37f76662c37ae645fe8e0f4e4e5","lessThan":"eb323f7b82d2e2f638de0cc2a177803eb20e0707","versionType":"git","status":"affected"},{"version":"c4b885139203d37f76662c37ae645fe8e0f4e4e5","lessThan":"fc1c518bb1f054831ecabb32da9b8e1dff9699c6","versionType":"git","status":"affected"},{"version":"c4b885139203d37f76662c37ae645fe8e0f4e4e5","lessThan":"f98b7f85e04b40e28b08c461ded0cc79f14f5509","versionType":"git","status":"affected"},{"version":"c4b885139203d37f76662c37ae645fe8e0f4e4e5","lessThan":"82664d0f1ba25e4f9a71994954abae24c60f4067","versionType":"git","status":"affected"},{"version":"c4b885139203d37f76662c37ae645fe8e0f4e4e5","lessThan":"b130a6eefa02bd4d475f2f059da8bcfb3e7d18d9","versionType":"git","status":"affected"},{"version":"c4b885139203d37f76662c37ae645fe8e0f4e4e5","lessThan":"938867e870fb5471bb16f442aeac81326e05bf65","versionType":"git","status":"affected"},{"version":"c4b885139203d37f76662c37ae645fe8e0f4e4e5","lessThan":"392cc1d8408b5665215c1e9290bbf0f92339b043","versionType":"git","status":"affected"},{"version":"c4b885139203d37f76662c37ae645fe8e0f4e4e5","lessThan":"4b2b4d7d4e203c92db8966b163edfacb1f0e1e29","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/xt_policy.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.17","status":"affected"},{"version":"0","lessThan":"2.6.17","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.5}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.17","versionEndExcluding":"5.10.258","matchCriteriaId":"412F45FE-23AA-4172-854C-E4F795059C6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/392cc1d8408b5665215c1e9290bbf0f92339b043","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4b2b4d7d4e203c92db8966b163edfacb1f0e1e29","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82664d0f1ba25e4f9a71994954abae24c60f4067","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/938867e870fb5471bb16f442aeac81326e05bf65","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b130a6eefa02bd4d475f2f059da8bcfb3e7d18d9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb323f7b82d2e2f638de0cc2a177803eb20e0707","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f98b7f85e04b40e28b08c461ded0cc79f14f5509","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc1c518bb1f054831ecabb32da9b8e1dff9699c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52921","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.067","lastModified":"2026-07-08T17:52:39.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: stop hash:* range iteration at end\n\nThe following hash set variants:\n\nhash:ip,mark\nhash:ip,port\nhash:ip,port,ip\nhash:ip,port,net\n\niterate IPv4 ranges with a 32-bit iterator.\n\nThe iterator must stop once the last address in the requested range has\nbeen processed. Advancing it once more can move the traversal state past\nthe end of the request, so a later retry may continue from an unintended\nposition.\n\nHandle the iterator increment explicitly at the end of the loop and stop\nonce the upper bound has been processed. This keeps the existing retry\nbehaviour intact for valid ranges while preventing traversal from\ncontinuing past the original boundary."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/ipset/ip_set_hash_ipmark.c","net/netfilter/ipset/ip_set_hash_ipport.c","net/netfilter/ipset/ip_set_hash_ipportip.c","net/netfilter/ipset/ip_set_hash_ipportnet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"be75218fadea22e59c8673db212f29c681bf45bb","versionType":"git","status":"affected"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"383418c20e69f5761b6ec5238f599423f4fb77fb","versionType":"git","status":"affected"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"0d7b33ace701fe397e6e4de145f32e098178d901","versionType":"git","status":"affected"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"c281e018af98df91827d65bec00f4956c00a1b02","versionType":"git","status":"affected"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"02f75f041a93ea045834da89cd3234f4c1d749b4","versionType":"git","status":"affected"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"952e988163c2ab9939c3db9f0f8e77af6a1bb436","versionType":"git","status":"affected"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc","versionType":"git","status":"affected"},{"version":"48596a8ddc46f96afb6a2cd72787cb15d6bb01fc","lessThan":"0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/ipset/ip_set_hash_ipmark.c","net/netfilter/ipset/ip_set_hash_ipport.c","net/netfilter/ipset/ip_set_hash_ipportip.c","net/netfilter/ipset/ip_set_hash_ipportnet.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.14","status":"affected"},{"version":"0","lessThan":"4.14","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.1","versionEndExcluding":"5.10.258","matchCriteriaId":"AB2F738D-6862-490A-9F9A-13DB2A58034C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.14:-:*:*:*:*:*:*","matchCriteriaId":"7875AA30-1F6F-470C-A52D-ECBD6663CEC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.14:rc5:*:*:*:*:*:*","matchCriteriaId":"4C9B8FA6-754F-42F5-98BC-410AF7DB9F4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.14:rc6:*:*:*:*:*:*","matchCriteriaId":"EC8F8565-B401-4F3C-B423-51F371DCB908"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.14:rc7:*:*:*:*:*:*","matchCriteriaId":"C834B5F2-810F-4291-8E1F-1B32635E08F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.14:rc8:*:*:*:*:*:*","matchCriteriaId":"BB4A96BC-72CC-4EF1-916C-9ED7177C196E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/02f75f041a93ea045834da89cd3234f4c1d749b4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0b530efb2cc9dbdddfd49d392e3a857f0d4ce8dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0d3a282ab5f165fc207ff49ea5b6ad8f54616bd6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0d7b33ace701fe397e6e4de145f32e098178d901","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/383418c20e69f5761b6ec5238f599423f4fb77fb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/952e988163c2ab9939c3db9f0f8e77af6a1bb436","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be75218fadea22e59c8673db212f29c681bf45bb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c281e018af98df91827d65bec00f4956c00a1b02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52922","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.187","lastModified":"2026-07-08T17:50:16.050","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: dat: handle forward allocation error\n\nbatadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb\nfor each DHT candidate, but does not check the return value before passing\nit to batadv_send_skb_prepare_unicast_4addr(). That function dereferences\nthe skb unconditionally, so a failed allocation triggers a NULL pointer\ndereference.\n\nSkip forwarding to the current DHT candidate on allocation failure."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/distributed-arp-table.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"785ea1144182c341b8b85b0f8180291839d176a8","lessThan":"9bcebaedfb8479cb4affb23c7a0d000ca9a20e73","versionType":"git","status":"affected"},{"version":"785ea1144182c341b8b85b0f8180291839d176a8","lessThan":"2edb8aeb3cdda9d00ec4997252dc5bcd6f54d8ef","versionType":"git","status":"affected"},{"version":"785ea1144182c341b8b85b0f8180291839d176a8","lessThan":"ce0c381199402a2c58f4599f4f6ed100d872d0da","versionType":"git","status":"affected"},{"version":"785ea1144182c341b8b85b0f8180291839d176a8","lessThan":"866ac1d57040ed0b44ca732e3c66b3aa6b93011c","versionType":"git","status":"affected"},{"version":"785ea1144182c341b8b85b0f8180291839d176a8","lessThan":"4d420d9ee70a220a2cd95aa0dd2e15acad66a505","versionType":"git","status":"affected"},{"version":"785ea1144182c341b8b85b0f8180291839d176a8","lessThan":"9cceea8eeba710def2a5707ee00f00c74a9a1cac","versionType":"git","status":"affected"},{"version":"785ea1144182c341b8b85b0f8180291839d176a8","lessThan":"cf48e75fc4fe0d5cc7721c82d454221d01367b93","versionType":"git","status":"affected"},{"version":"785ea1144182c341b8b85b0f8180291839d176a8","lessThan":"2d8826a2d3657cea66fb0370f9e521575a673871","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/distributed-arp-table.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.258","matchCriteriaId":"1215BB7C-68EA-4A1C-94B1-1D8FABDF881E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2d8826a2d3657cea66fb0370f9e521575a673871","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2edb8aeb3cdda9d00ec4997252dc5bcd6f54d8ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4d420d9ee70a220a2cd95aa0dd2e15acad66a505","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/866ac1d57040ed0b44ca732e3c66b3aa6b93011c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bcebaedfb8479cb4affb23c7a0d000ca9a20e73","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9cceea8eeba710def2a5707ee00f00c74a9a1cac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce0c381199402a2c58f4599f4f6ed100d872d0da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf48e75fc4fe0d5cc7721c82d454221d01367b93","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52925","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.563","lastModified":"2026-07-08T15:29:07.590","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nvrf: Fix a potential NPD when removing a port from a VRF\n\nRCU readers that identified a net device as a VRF port using\nnetif_is_l3_slave() assume that a subsequent call to\nnetdev_master_upper_dev_get_rcu() will return a VRF device. They then\ncontinue to dereference its l3mdev operations.\n\nThis assumption is not always correct and can result in a NPD [1]. There\nis no RCU synchronization when removing a port from a VRF, so it is\npossible for an RCU reader to see a new master device (e.g., a bridge)\nthat does not have l3mdev operations.\n\nFix by adding RCU synchronization after clearing the IFF_L3MDEV_SLAVE\nflag. Skip this synchronization when a net device is removed from a VRF\nas part of its deletion and when the VRF device itself is deleted. In\nthe latter case an RCU grace period will pass by the time RTNL is\nreleased.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:l3mdev_fib_table_rcu (net/l3mdev/l3mdev.c:181)\n[...]\nCall Trace:\n<TASK>\nl3mdev_fib_table_by_index (net/l3mdev/l3mdev.c:201 net/l3mdev/l3mdev.c:189)\n__inet_bind (net/ipv4/af_inet.c:499 (discriminator 3))\ninet_bind_sk (net/ipv4/af_inet.c:469)\n__sys_bind (./include/linux/file.h:62 (discriminator 1) ./include/linux/file.h:83 (discriminator 1) net/socket.c:1951 (discriminator 1))\n__x64_sys_bind (net/socket.c:1969 (discriminator 1) net/socket.c:1967 (discriminator 1) net/socket.c:1967 (discriminator 1))\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1))\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/vrf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"2c022f582fd16a470df6ed9e7fb7e9fc48946d49","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"4ab6fc60ed5a0344b60711b09bff1dc238d8d6a4","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"468defa0b70902a22f4478c1207624bc1b31c124","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"3db8d078f7f652379ee394132b169d304f6eb4c1","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"8c2b792f04a3db97c9d8d2a45817e93f8884baf5","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"a7a97f2303e63ede105c1d55ef53dc497364e11d","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"d47204c127992da0c976ac9747070a575912e0fe","versionType":"git","status":"affected"},{"version":"fdeea7be88b12742bfd50d9e19a06c0d2e702400","lessThan":"2674d603a9e6970463b2b9ebcf8e31e90beae169","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/vrf.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"5.10.258","matchCriteriaId":"7FED9066-C252-4AA0-A5D6-7FDDC40E11A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.141","matchCriteriaId":"97A9FFFA-22BB-4D5C-9790-5A2286E392F7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.91","matchCriteriaId":"C918746B-DE6F-448F-A93E-A04C5481688D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.33","matchCriteriaId":"96D99E49-380D-43AB-BDBA-25C3AD018A9C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.10","matchCriteriaId":"A13475D2-59BF-4716-94B5-7C1D239A2CF4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2674d603a9e6970463b2b9ebcf8e31e90beae169","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2c022f582fd16a470df6ed9e7fb7e9fc48946d49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3db8d078f7f652379ee394132b169d304f6eb4c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/468defa0b70902a22f4478c1207624bc1b31c124","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4ab6fc60ed5a0344b60711b09bff1dc238d8d6a4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8c2b792f04a3db97c9d8d2a45817e93f8884baf5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a7a97f2303e63ede105c1d55ef53dc497364e11d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d47204c127992da0c976ac9747070a575912e0fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52926","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.697","lastModified":"2026-07-08T15:28:58.480","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: clear current gateway during teardown\n\nbatadv_gw_node_free() removes the gateway list entries during mesh teardown,\nbut it does not clear the currently selected gateway. This leaves stale\ngateway state behind across cleanup and can break a later mesh recreation.\n\nClear bat_priv->gw.curr_gw before walking the gateway list so the selected\ngateway reference is dropped as part of teardown."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/gateway_client.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"a3f3f1ec8aad84c5dd386c430b9c61cddd85b18f","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"e2ec4c712d19141ca7bf7fbbb1d842f73abaa186","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"9a1a8ed4facfe843bde6fdfcf7af0e9923eb2e17","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"6de089b545db013433cf934bb4e4433dec2dd65f","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"30bda3ef4b0cac777f1a7c314cd08b8ff6437365","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"ae7aeb0ce3c0ebbe357ed525779acac197a18086","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"17e3a441111cd1a530cd6ee69a22f3161d80d810","versionType":"git","status":"affected"},{"version":"2265c141086474bbae55a5bb3afa1ebb78ccaa7c","lessThan":"a340a51ed801eab7bb454150c226323b865263cc","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/gateway_client.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.1","status":"affected"},{"version":"0","lessThan":"3.1","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.258","matchCriteriaId":"B5F925AF-0571-45EB-B3C7-3046B450381F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/17e3a441111cd1a530cd6ee69a22f3161d80d810","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/30bda3ef4b0cac777f1a7c314cd08b8ff6437365","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6de089b545db013433cf934bb4e4433dec2dd65f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a1a8ed4facfe843bde6fdfcf7af0e9923eb2e17","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a340a51ed801eab7bb454150c226323b865263cc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a3f3f1ec8aad84c5dd386c430b9c61cddd85b18f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ae7aeb0ce3c0ebbe357ed525779acac197a18086","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e2ec4c712d19141ca7bf7fbbb1d842f73abaa186","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52927","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.810","lastModified":"2026-07-08T15:28:53.080","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ebtables: fix OOB read in compat_mtw_from_user\n\nLuxiao Xu says:\n\n The function compat_mtw_from_user() converts ebtables extensions from\n 32-bit user structures to kernel native structures. However, it lacks\n proper validation of the user-supplied match_size/target_size.\n\n When certain extensions are processed, the kernel-side translation\n logic may perform memory accesses based on the extension's expected\n size. If the user provides a size smaller than what the extension\n requires, it results in an out-of-bounds read as reported by KASAN.\n\n This fix introduces a check to ensure match_size is at least as large\n as the extension's required compatsize. This covers matches, watchers,\n and targets, while maintaining compatibility with standard targets.\n\nAFAIU this is relevant for matches that need to go though\nmatch->compat_from_user() call.  Those that use plain memcpy with the\nuser-provided size are ok because the caller checks that size vs the\nstart of the next rule entry offset (which itself is checked vs. total\nsize copied from userspace).\n\nThe ->compat_from_user() callbacks assume they can read compatsize bytes,\nso they need this extra check.\n\nBased on an earlier patch from Luxiao Xu."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bridge/netfilter/ebtables.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"d7a8fb6f10d55a1c37b0bf8c20cca24dffd76e00","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"21af4c030567d2e6c89bb927bc18b51fba52a400","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"dad9ebf8107955bb54bd3f9cf22591b6ff37bac1","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"a27cb7325a6c69970041c7f8541fafed5a1ea3ec","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"7ad0e463fc7eafae2141cc38054264636f8b3e94","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"bf8e8eac7ede51dc318e06acef5a896dcbba7595","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"fcc4c043d137e7f1de4673dba1f3116e45377c67","versionType":"git","status":"affected"},{"version":"81e675c227ec60a0bdcbb547dc530ebee23ff931","lessThan":"f438d1786d657d57790c5d138d6db3fc9fdac392","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bridge/netfilter/ebtables.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.34","status":"affected"},{"version":"0","lessThan":"2.6.34","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"5.10.259","matchCriteriaId":"8EFA81C6-11F5-426B-A795-3F05B59387EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.93","matchCriteriaId":"1E73413E-0629-41AA-A4D3-5A3D10A0BD63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.35","matchCriteriaId":"0FCCB23A-7629-4386-93B6-B119237C4382"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/21af4c030567d2e6c89bb927bc18b51fba52a400","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7ad0e463fc7eafae2141cc38054264636f8b3e94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a27cb7325a6c69970041c7f8541fafed5a1ea3ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bf8e8eac7ede51dc318e06acef5a896dcbba7595","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d7a8fb6f10d55a1c37b0bf8c20cca24dffd76e00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dad9ebf8107955bb54bd3f9cf22591b6ff37bac1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f438d1786d657d57790c5d138d6db3fc9fdac392","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fcc4c043d137e7f1de4673dba1f3116e45377c67","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52928","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:22.937","lastModified":"2026-07-08T15:28:47.317","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Reject SIOCATMARK on non-stream sockets\n\nSIOCATMARK reports whether the receive queue is at the urgent mark for\nMSG_OOB.\n\nIn AF_UNIX, MSG_OOB is supported only for SOCK_STREAM sockets.\nSOCK_DGRAM and SOCK_SEQPACKET reject MSG_OOB in sendmsg() and recvmsg(),\nso they should not support SIOCATMARK either.\n\nReturn -EOPNOTSUPP for non-stream sockets before checking the receive\nqueue."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"ec123873fdc83e7244c8ed6d17b8f8ea6c416a67","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"f085971de6d6b8ef946a5e0bcd73ff24509a0f85","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"b741c9c6ef59f17c1f104ddf1217ef77f79ed29b","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"645b1ed3259af38b7814242a420bc2081bdd1eb6","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"c34c41446acf6c0d13b5b06c809be11e0f7f2729","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"3147ddf5a41c20c45c2eb69e00b62f10f822056a","versionType":"git","status":"affected"},{"version":"314001f0bf927015e459c9d387d62a231fe93af3","lessThan":"d119775f2bad827edc28071c061fdd4a91f889a5","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/unix/af_unix.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"5.15.211","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.177","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.144","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.88","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.30","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.7","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"5.15.211","matchCriteriaId":"43D10312-92C4-46B5-814B-F619CB272440"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.177","matchCriteriaId":"333C9E30-7FD4-46A2-94EF-C1AA1F3EE28B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.144","matchCriteriaId":"C8AD3BC8-C843-423C-B9DB-CB52F67F578E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.88","matchCriteriaId":"5AFBE0EC-CCDF-4207-AE92-ABF958125CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.30","matchCriteriaId":"BF39AE08-AE6D-4410-8FBE-76F6BF5BF55B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.7","matchCriteriaId":"D0893CA7-9AE6-4DFE-AC75-48967D73AD8E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3147ddf5a41c20c45c2eb69e00b62f10f822056a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/645b1ed3259af38b7814242a420bc2081bdd1eb6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b741c9c6ef59f17c1f104ddf1217ef77f79ed29b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c34c41446acf6c0d13b5b06c809be11e0f7f2729","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d119775f2bad827edc28071c061fdd4a91f889a5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec123873fdc83e7244c8ed6d17b8f8ea6c416a67","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f085971de6d6b8ef946a5e0bcd73ff24509a0f85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52929","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.040","lastModified":"2026-07-08T15:28:40.107","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: stream: fully roll back denied add-stream state\n\nWhen ADD_OUT_STREAMS is denied, SCTP only shrinks the queued chunks and\nthen lowers outcnt. That leaves removed stream metadata behind, so a\nlater re-add can reuse a stale ext and hit a null-pointer dereference in\nthe scheduler get path.\n\nFix the rollback by tearing down the removed stream state the same way\nother stream resizes do. Unschedule the current scheduler state, drop\nthe removed stream ext state with sctp_stream_outq_migrate(), and then\nreschedule the remaining streams.\n\nThis keeps scheduler-private RR/FC/PRIO lists consistent while fully\nrolling back denied outgoing stream additions."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/sctp/stream.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"a6724b7b812ac8793514a1d5938db5d9d29ae725","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"9662eb0401518f0b4681f10e7fbf688f504f24cf","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"7dd9a42b044aad2dbe037db1c1e2943582485b44","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"39dc2b0eb5371a669ebc9ec6072b9184eac95418","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"d5ea0b3e261fcb2cfff142675516165244cab1da","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"1c6773b8c081509dcd5cd2954f2b02c50c00f151","versionType":"git","status":"affected"},{"version":"637784ade221a3c8a7ecd0f583eddd95d6276b9a","lessThan":"a5f8a90ac9f77c678a9781c0a464b635e0d63e49","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/sctp/stream.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.259","matchCriteriaId":"E2E6634B-DED7-40B3-A18B-2140A791419F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0cd2dc6dce8ca47212cd306ccd52eb315ef3cf85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1c6773b8c081509dcd5cd2954f2b02c50c00f151","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/39dc2b0eb5371a669ebc9ec6072b9184eac95418","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7dd9a42b044aad2dbe037db1c1e2943582485b44","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9662eb0401518f0b4681f10e7fbf688f504f24cf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a5f8a90ac9f77c678a9781c0a464b635e0d63e49","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a6724b7b812ac8793514a1d5938db5d9d29ae725","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d5ea0b3e261fcb2cfff142675516165244cab1da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52930","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.157","lastModified":"2026-07-08T15:28:26.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipc/shm: serialize orphan cleanup with shm_nattch updates\n\nshm_destroy_orphaned() walks the shm idr under shm_ids(ns).rwsem, but that\ndoes not serialize all fields tested by shm_may_destroy().  In particular,\nshm_nattch is updated while holding shm_perm.lock, and attach paths can do\nthat without holding the rwsem.\n\nDo not decide that an orphaned segment is unused before taking the object\nlock.  Move the shm_may_destroy() check under shm_perm.lock, matching the\nother destroy paths, and unlock the segment when it no longer qualifies\nfor removal."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["ipc/shm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"b1e9aef48e4d8a0c1b54fb913077b0824ed7d650","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"92cda2593cf2ed25b0e9d78e5e6d8303bba1a064","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"1f0d01e35dbb228084d5187212e32c91a30dcbeb","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"6560be3f6a5bb84f006f184f0c966747bb58e1a3","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"b5107b4ce3ad45fcf369ee2058c8910620f4b5a8","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"db752ebfdaf2c7f27cd9690ef48b616af068319c","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"030bbc857bd51d4b25a90d931d3f8775ef22823a","versionType":"git","status":"affected"},{"version":"4c677e2eefdba9c5bfc4474e2e91b26ae8458a1d","lessThan":"2e5c6f4fd4001562781e99bbfc7f1f0127187542","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["ipc/shm.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.1","status":"affected"},{"version":"0","lessThan":"3.1","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"5.10.259","matchCriteriaId":"F0425231-04DF-4E0A-A7EB-C92DB0EFA805"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/030bbc857bd51d4b25a90d931d3f8775ef22823a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f0d01e35dbb228084d5187212e32c91a30dcbeb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2e5c6f4fd4001562781e99bbfc7f1f0127187542","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6560be3f6a5bb84f006f184f0c966747bb58e1a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/92cda2593cf2ed25b0e9d78e5e6d8303bba1a064","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b1e9aef48e4d8a0c1b54fb913077b0824ed7d650","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5107b4ce3ad45fcf369ee2058c8910620f4b5a8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/db752ebfdaf2c7f27cd9690ef48b616af068319c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52931","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.273","lastModified":"2026-07-08T15:28:16.203","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: tp_meter: avoid use of uninit sender vars\n\nbatadv_tp_recv_ack() and batadv_tp_stop() are only valid for tp_vars in the\nBATADV_TP_SENDER role. When called with a BATADV_TP_RECEIVER role, it\nproceeds to read sender-only members that were never initialized, leading\nto undefined behavior.\n\nThis can be triggered when a node that is currently acting as a receiver in\nan ongoing tp_meter session receives a malicious ACK packet.\n\nGuard against this by checking tp_vars->role immediately after the\nlookup and bailing out if it is not BATADV_TP_SENDER, before any of\nthose members are accessed."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/tp_meter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"0e388af04b3958b178a1b979527f93eb46ea1fee","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"1a21c055f66e78973712a4a1be2a554f1ee2e4f4","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"9884c9c02d3c90e9215db3c5128f59045d20ae91","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"53f931e0146ae5bdab4cba302646827d06b3794b","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"ecdaa3e4d91040206afe21bc8a0d1198a0971ff3","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"dc2ae5fbd2dadc26735092f140b246841d969a11","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"85397e48afe6be83ffca5ad3f4792296bfc81d3d","versionType":"git","status":"affected"},{"version":"33a3bb4a3345bb511f9c69c913da95d4693e2a4e","lessThan":"6c65cf23d4c6170fcf5714c32aa64689718cb142","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/tp_meter.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.258","matchCriteriaId":"1CA35684-7A23-48C2-8A06-2BD61F906C76"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.209","matchCriteriaId":"919C10A9-7951-4A74-BADD-C135A0A8D8B4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0e388af04b3958b178a1b979527f93eb46ea1fee","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1a21c055f66e78973712a4a1be2a554f1ee2e4f4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/53f931e0146ae5bdab4cba302646827d06b3794b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6c65cf23d4c6170fcf5714c32aa64689718cb142","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/85397e48afe6be83ffca5ad3f4792296bfc81d3d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9884c9c02d3c90e9215db3c5128f59045d20ae91","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc2ae5fbd2dadc26735092f140b246841d969a11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecdaa3e4d91040206afe21bc8a0d1198a0971ff3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52932","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.390","lastModified":"2026-07-08T15:28:06.697","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: ipcomp: Free destination pages on acomp errors\n\nMove the out_free_req label up by a couple of lines so that the\nallocated dst SG list gets freed on error as well as success."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xfrm/xfrm_ipcomp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"eb2953d26971f3083bbf95de4bc997b5bedf0b6e","lessThan":"dc6dcba80d72a27ab61831ad3d253316e0c9b9d5","versionType":"git","status":"affected"},{"version":"eb2953d26971f3083bbf95de4bc997b5bedf0b6e","lessThan":"b30aa173c3809f6af4c83a86099be1be19aa48eb","versionType":"git","status":"affected"},{"version":"eb2953d26971f3083bbf95de4bc997b5bedf0b6e","lessThan":"7dbac7680eb629b3b4dc7e98c34f943b8814c0c8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xfrm/xfrm_ipcomp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.35","matchCriteriaId":"264F6745-E680-4AA9-A01E-4F9E3E10F604"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/7dbac7680eb629b3b4dc7e98c34f943b8814c0c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b30aa173c3809f6af4c83a86099be1be19aa48eb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dc6dcba80d72a27ab61831ad3d253316e0c9b9d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52933","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.480","lastModified":"2026-07-08T15:28:00.520","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/poll: fix signed comparison in io_poll_get_ownership()\n\nio_poll_get_ownership() uses a signed comparison to check whether\npoll_refs has reached the threshold for the slowpath:\n\n    if (unlikely(atomic_read(&req->poll_refs) >= IO_POLL_REF_BIAS))\n\natomic_read() returns int (signed). When IO_POLL_CANCEL_FLAG\n(BIT(31)) is set in poll_refs, the value becomes negative in\nsigned arithmetic, so the >= 128 comparison always evaluates to\nfalse and the slowpath is never taken.\n\nFix this by casting the atomic_read() result to unsigned int\nbefore the comparison, so that the cancel flag is treated as a\nlarge positive value and correctly triggers the slowpath."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["io_uring/poll.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"81bf96b0abbfa4cd47ea32e12596aed3855fb2f3","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"cf522703d4f194991615763697ae25a3f9539763","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"fc47043f3d9af3efa407665b47f8378ec691ba18","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"ea0697129807d718037f618221037aa0660ee3c5","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"c6d191164dc81838d8dbf452a6000f68c558d1ae","versionType":"git","status":"affected"},{"version":"a26a35e9019fd70bf3cf647dcfdae87abc7bacea","lessThan":"326941b22806cbf2df1fbfe902b7908b368cce42","versionType":"git","status":"affected"},{"version":"4b702b7d11ce1b9d26fc6d7c5a7ef4ac1d455048","versionType":"git","status":"affected"},{"version":"bc4e6ee16778149811333a969a7a893d4cc110c5","versionType":"git","status":"affected"},{"version":"5.15.82","lessThan":"5.16","versionType":"semver","status":"affected"},{"version":"6.0.11","lessThan":"6.1","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["io_uring/poll.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.1","status":"affected"},{"version":"0","lessThan":"6.1","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.140","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.86","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.82","versionEndExcluding":"5.16","matchCriteriaId":"0CA7F6C7-DF61-4D29-ADBF-C4A79AAA85C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.11","versionEndExcluding":"6.1","matchCriteriaId":"5D80EA67-1B78-4B36-AE0D-92718B28A1C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.1","versionEndExcluding":"6.1.175","matchCriteriaId":"F8A015A3-130B-47F1-899B-AEDD0994D3D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.140","matchCriteriaId":"A1A92866-F406-43B5-B2D1-CFC274753E9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.86","matchCriteriaId":"55DA1C62-9991-451E-B8A8-E0004E00F789"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.27","matchCriteriaId":"A10AC84F-C058-47D5-85B4-E6E51A613B74"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*","matchCriteriaId":"DE093B34-F4CD-4052-8122-730D6537A91A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*","matchCriteriaId":"8535320E-A0DB-4277-800E-D0CE5BBA59E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.1:rc8:*:*:*:*:*:*","matchCriteriaId":"21718AA4-4056-40F2-968E-BDAA465A7872"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/326941b22806cbf2df1fbfe902b7908b368cce42","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/81bf96b0abbfa4cd47ea32e12596aed3855fb2f3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6d191164dc81838d8dbf452a6000f68c558d1ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf522703d4f194991615763697ae25a3f9539763","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ea0697129807d718037f618221037aa0660ee3c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fc47043f3d9af3efa407665b47f8378ec691ba18","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52934","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.620","lastModified":"2026-07-08T17:48:48.370","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: tvlv: reject oversized TVLV packets\n\nbatadv_tvlv_container_ogm_append() builds a TVLV packet section from\nthe tvlv.container_list. The total size of this section is computed by\nbatadv_tvlv_container_list_size(), which sums the sizes of all registered\ncontainers.\n\nThe return type and accumulator in batadv_tvlv_container_list_size() were\nu16. If the accumulated size exceeds U16_MAX, the value wraps around,\ncausing the subsequent allocation in batadv_tvlv_container_ogm_append()\nto be undersized. The memcpy-style copy that follows would then write\nbeyond the end of the allocated buffer, corrupting kernel memory.\n\nFix this by widening the return type of batadv_tvlv_container_list_size()\nto size_t. In batadv_tvlv_container_ogm_append(), check the computed length\nagainst U16_MAX before proceeding, and bail out as if the allocation had\nfailed when the limit is exceeded."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/batman-adv/tvlv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"ef26157747d42254453f6b3ac2bd8bd3c53339c3","lessThan":"c02aa6c0c9d1bea9bb75dea362b75ad225137bae","versionType":"git","status":"affected"},{"version":"ef26157747d42254453f6b3ac2bd8bd3c53339c3","lessThan":"1595628a2f877d052eda18865ccf539392c47c04","versionType":"git","status":"affected"},{"version":"ef26157747d42254453f6b3ac2bd8bd3c53339c3","lessThan":"6448a49344e87487b61bd88cb850cd694a0f576d","versionType":"git","status":"affected"},{"version":"ef26157747d42254453f6b3ac2bd8bd3c53339c3","lessThan":"13493b00dd1e05a705981e052158652ea23eb482","versionType":"git","status":"affected"},{"version":"ef26157747d42254453f6b3ac2bd8bd3c53339c3","lessThan":"94db72e9dac202e017ee3db22c59d17e4f3bf171","versionType":"git","status":"affected"},{"version":"ef26157747d42254453f6b3ac2bd8bd3c53339c3","lessThan":"ede47988ac5687793745b17c1634a496a2299919","versionType":"git","status":"affected"},{"version":"ef26157747d42254453f6b3ac2bd8bd3c53339c3","lessThan":"94a3d72cd9b21116d7c6d5bdc57c11401fc28557","versionType":"git","status":"affected"},{"version":"ef26157747d42254453f6b3ac2bd8bd3c53339c3","lessThan":"f50487e3566358b2b982b7801945e858c78ad9ab","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/batman-adv/tvlv.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3.13","status":"affected"},{"version":"0","lessThan":"3.13","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.93","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"5.10.259","matchCriteriaId":"2C7BC85C-F836-4342-84E7-0F022765B961"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.93","matchCriteriaId":"1E73413E-0629-41AA-A4D3-5A3D10A0BD63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/13493b00dd1e05a705981e052158652ea23eb482","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1595628a2f877d052eda18865ccf539392c47c04","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6448a49344e87487b61bd88cb850cd694a0f576d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94a3d72cd9b21116d7c6d5bdc57c11401fc28557","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/94db72e9dac202e017ee3db22c59d17e4f3bf171","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c02aa6c0c9d1bea9bb75dea362b75ad225137bae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ede47988ac5687793745b17c1634a496a2299919","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f50487e3566358b2b982b7801945e858c78ad9ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52937","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:23.980","lastModified":"2026-07-08T19:22:42.793","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntap: fix stack info leak in tap_ioctl() SIOCGIFHWADDR\n\nIn the SIOCGIFHWADDR path, tap_ioctl() copies 16 bytes of an\nuninitialised on-stack struct sockaddr_storage to userspace via\nifr_hwaddr, but netif_get_mac_address() only writes sa_family and\ndev->addr_len (6 for Ethernet) bytes, leaving sa_data[6..13] uninitialised.\n\nThose 8 trailing bytes leak kernel stack contents; SIOCGIFHWADDR on a\nmacvtap chardev returns kernel .text and direct-map pointers, defeating\nKASLR.\n\nInitialise ss at declaration."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/tap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3b23a32a63219f51a5298bc55a65ecee866e79d0","lessThan":"719007c3492f0f1f9e9cdbed8ac45ba45bb13eeb","versionType":"git","status":"affected"},{"version":"3b23a32a63219f51a5298bc55a65ecee866e79d0","lessThan":"05305e832be7b9d65b2b72caacf7d850b3942b2a","versionType":"git","status":"affected"},{"version":"3b23a32a63219f51a5298bc55a65ecee866e79d0","lessThan":"bddc09212c24934643bd44fc794748d2bbb3b6cd","versionType":"git","status":"affected"},{"version":"176188cff67ec1aa55103647b61d02315cc38e98","versionType":"git","status":"affected"},{"version":"1fc205d9e400f069ebf30d3faa6ec2bab2cbd7b4","versionType":"git","status":"affected"},{"version":"4d0ae760c02c98fc78b78d3a0509896bc648ad1c","versionType":"git","status":"affected"},{"version":"5.4.103","lessThan":"5.5","versionType":"semver","status":"affected"},{"version":"5.10.21","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"5.11.4","lessThan":"5.12","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/tap.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.12","status":"affected"},{"version":"0","lessThan":"5.12","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.103","versionEndExcluding":"5.5","matchCriteriaId":"77F47A48-724C-4A8A-BE16-F2C832EECA05"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.21","versionEndExcluding":"5.11","matchCriteriaId":"FA8451E2-8B08-45A9-AEC4-3F6C9C651E35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11.4","versionEndExcluding":"6.18.34","matchCriteriaId":"0B6E32E7-34D9-4D94-B9F6-8D3A2D90FF06"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05305e832be7b9d65b2b72caacf7d850b3942b2a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/719007c3492f0f1f9e9cdbed8ac45ba45bb13eeb","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bddc09212c24934643bd44fc794748d2bbb3b6cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52938","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:24.073","lastModified":"2026-07-08T19:19:19.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag paths\n\nbpf_selem_unlink_nofail() sets SDATA(selem)->smap to NULL before\nremoving the selem from the storage hlist. A concurrent RCU reader in\nbpf_sk_storage_clone() can observe the selem still on the list with\nsmap already NULL, causing a NULL pointer dereference.\n\n general protection fault, probably for non-canonical address 0xdffffc000000000a:\n KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057]\n RIP: 0010:bpf_sk_storage_clone+0x1cd/0xaa0 net/core/bpf_sk_storage.c:174\n Call Trace:\n  <IRQ>\n  sk_clone+0xfed/0x1980 net/core/sock.c:2591\n  inet_csk_clone_lock+0x30/0x760 net/ipv4/inet_connection_sock.c:1222\n  tcp_create_openreq_child+0x35/0x2680 net/ipv4/tcp_minisocks.c:571\n  tcp_v4_syn_recv_sock+0x123/0xf90 net/ipv4/tcp_ipv4.c:1729\n  tcp_check_req+0x8e1/0x2580 include/net/tcp.h:855\n  tcp_v4_rcv+0x1845/0x3b80 net/ipv4/tcp_ipv4.c:2347\n\nAdd a NULL check for smap in bpf_sk_storage_clone().\n\nbpf_sk_storage_diag_put_all() has the same issue. Add a NULL check\nand pass the validated smap directly to diag_get(), which is refactored\nto take smap as a parameter instead of reading it internally.\n\nbpf_sk_storage_diag_put() uses diag->maps[i] which is always valid\nunder its refcount, so diag->maps[i] is passed directly to diag_get()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/bpf_sk_storage.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5d800f87d0a5ea1b156c47a4b9fd128479335153","lessThan":"16af24fea29c209dea53595c99f6da9398548e1b","versionType":"git","status":"affected"},{"version":"5d800f87d0a5ea1b156c47a4b9fd128479335153","lessThan":"375e4e33c18dfa05c5dfd5f3dfffeb29343dd4c7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/bpf_sk_storage.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7.0","status":"affected"},{"version":"0","lessThan":"7.0","versionType":"semver","status":"unaffected"},{"version":"7.0.14","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndExcluding":"7.0.14","matchCriteriaId":"14E4FCA7-41D5-49FE-BAC9-92AC6CD1E220"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/16af24fea29c209dea53595c99f6da9398548e1b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/375e4e33c18dfa05c5dfd5f3dfffeb29343dd4c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52939","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:24.160","lastModified":"2026-07-08T19:14:19.547","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix NULL deref in rds_ib_send_cqe_handler() on masked atomic completion\n\nrds_ib_xmit_atomic() always programs a masked atomic opcode\n(IB_WR_MASKED_ATOMIC_CMP_AND_SWP or IB_WR_MASKED_ATOMIC_FETCH_AND_ADD)\nfor every RDS atomic cmsg.  But the completion-side switch in\nrds_ib_send_unmap_op() only handles the non-masked opcodes, so a masked\natomic completion falls through to default and returns rm == NULL while\nsend->s_op is left set.  rds_ib_send_cqe_handler() then dereferences the\nNULL rm via rm->m_final_op, oopsing in softirq context.  An unprivileged\nAF_RDS sendmsg() of an atomic cmsg over an active RDS/IB connection\ntriggers it; on hardware that natively accepts masked atomics (mlx4,\nmlx5) no extra setup is needed.\n\n  RDS/IB: rds_ib_send_unmap_op: unexpected opcode 0xd in WR!\n  Oops: general protection fault [#1] SMP KASAN\n  KASAN: null-ptr-deref in range [0x0000000000000190-0x0000000000000197]\n  RIP: rds_ib_send_cqe_handler+0x25c/0xb10 (net/rds/ib_send.c:282)\n  Call Trace:\n   <IRQ>\n   rds_ib_send_cqe_handler (net/rds/ib_send.c:282)\n   poll_scq (net/rds/ib_cm.c:274)\n   rds_ib_tasklet_fn_send (net/rds/ib_cm.c:294)\n   tasklet_action_common (kernel/softirq.c:943)\n   handle_softirqs (kernel/softirq.c:573)\n   run_ksoftirqd (kernel/softirq.c:479)\n   </IRQ>\n  Kernel panic - not syncing: Fatal exception in interrupt\n\nHandle the masked atomic opcodes in the same case as the non-masked\nones: they map to the same struct rds_message.atomic union member, so\nthe existing container_of()/rds_ib_send_unmap_atomic() body is correct\nfor them."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/rds/ib_send.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"20c72bd5f5f902e5a8745d51573699605bf8d21c","lessThan":"a0148342badd8c9b2e46551766a27cb76c82e715","versionType":"git","status":"affected"},{"version":"20c72bd5f5f902e5a8745d51573699605bf8d21c","lessThan":"4dd262f875e87653df50b138de1390ab0628e6b7","versionType":"git","status":"affected"},{"version":"20c72bd5f5f902e5a8745d51573699605bf8d21c","lessThan":"6e4615164d185a26badb2f376a2449f4d174a5f0","versionType":"git","status":"affected"},{"version":"20c72bd5f5f902e5a8745d51573699605bf8d21c","lessThan":"0f22412a2f4fbbe0251c132abee045d15a90e5b6","versionType":"git","status":"affected"},{"version":"20c72bd5f5f902e5a8745d51573699605bf8d21c","lessThan":"0f7baa82a24813cdad0b06a6f8f07e4824af5ed5","versionType":"git","status":"affected"},{"version":"20c72bd5f5f902e5a8745d51573699605bf8d21c","lessThan":"dcf458120add64c96a6ef5cf719340453f6e6abf","versionType":"git","status":"affected"},{"version":"20c72bd5f5f902e5a8745d51573699605bf8d21c","lessThan":"4fd34669558085bcb589aa2078a13b0ca79e360d","versionType":"git","status":"affected"},{"version":"20c72bd5f5f902e5a8745d51573699605bf8d21c","lessThan":"34080db3e70ddf94c38512ad2331e3c3afca6cc1","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/rds/ib_send.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.37","status":"affected"},{"version":"0","lessThan":"2.6.37","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.37","versionEndExcluding":"5.10.259","matchCriteriaId":"FDF693F3-8226-4C51-AFC4-6ABB2C88B2E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f22412a2f4fbbe0251c132abee045d15a90e5b6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0f7baa82a24813cdad0b06a6f8f07e4824af5ed5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/34080db3e70ddf94c38512ad2331e3c3afca6cc1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4dd262f875e87653df50b138de1390ab0628e6b7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4fd34669558085bcb589aa2078a13b0ca79e360d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6e4615164d185a26badb2f376a2449f4d174a5f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a0148342badd8c9b2e46551766a27cb76c82e715","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/dcf458120add64c96a6ef5cf719340453f6e6abf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52940","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:24.287","lastModified":"2026-07-08T19:12:57.360","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntun: zero the whole vnet header in tun_put_user()\n\ntun_put_user() declares an on-stack struct virtio_net_hdr_v1_hash_tunnel\nwithout zeroing it. For a non-tunnel skb, virtio_net_hdr_tnl_from_skb()\nonly initializes the first 10 bytes (sizeof(struct virtio_net_hdr)),\nleaving bytes 10..23 (num_buffers and the hash/tunnel fields) as stack\ngarbage.\n\nAn unprivileged user can set the vnet header size to 24 with\nTUNSETVNETHDRSZ, so __tun_vnet_hdr_put() copies all 24 bytes of the\npartially-initialized struct to userspace, leaking 14 bytes of kernel\nstack on every read of a non-tunnel packet.\n\nFix it the same way tun_get_user() already does by zeroing the whole\nheader right after declaration."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/tun.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"288f30435132d2f9e7a29ec9b9745a4f9dc7fd37","lessThan":"5fd1fa5a4254bfdd70571c77f5e3bcb4e43738d5","versionType":"git","status":"affected"},{"version":"288f30435132d2f9e7a29ec9b9745a4f9dc7fd37","lessThan":"585cb85e9a29185be05f326369573c2663cf4380","versionType":"git","status":"affected"},{"version":"288f30435132d2f9e7a29ec9b9745a4f9dc7fd37","lessThan":"7f2fcff15e99bb852f6967396ed12b38376e2c8d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/tun.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.36","matchCriteriaId":"43D90067-1014-46EC-861E-3BAF5F823B65"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/585cb85e9a29185be05f326369573c2663cf4380","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5fd1fa5a4254bfdd70571c77f5e3bcb4e43738d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f2fcff15e99bb852f6967396ed12b38376e2c8d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52941","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:24.380","lastModified":"2026-07-08T19:10:24.267","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint\n\nThe smc_msg_event tracepoint class, shared by smc_tx_sendmsg and\nsmc_rx_recvmsg, unconditionally dereferences smc->conn.lnk:\n\n\t__string(name, smc->conn.lnk->ibname)\n\nconn->lnk is only set for SMC-R; for SMC-D it is NULL. Other code on\nthese paths already handles this (e.g. !conn->lnk in\nSMC_STAT_RMB_TX_SIZE_SMALL()). With the tracepoint enabled, the first\nsendmsg()/recvmsg() on an SMC-D socket crashes:\n\n  Oops: general protection fault, probably for non-canonical address\n  KASAN: null-ptr-deref in range [...]\n  RIP: 0010:strlen+0x1e/0xa0\n  Call Trace:\n   trace_event_raw_event_smc_msg_event (net/smc/smc_tracepoint.h:44)\n   smc_rx_recvmsg (net/smc/smc_rx.c:515)\n   smc_recvmsg (net/smc/af_smc.c:2859)\n   __sys_recvfrom (net/socket.c:2315)\n   __x64_sys_recvfrom (net/socket.c:2326)\n   do_syscall_64\n\nThe faulting address 0x3e0 is offsetof(struct smc_link, ibname),\nconfirming the NULL ->lnk deref. Enabling the tracepoint requires\nroot, but the trigger itself is unprivileged: socket(AF_SMC, ...) has\nno capability check, and SMC-D negotiation needs no admin step on\ns390 or on x86 with the loopback ISM device loaded.\n\nLog an empty device name for SMC-D instead of dereferencing NULL."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/smc/smc_tracepoint.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"68200112534bb2acd1d7117dc2d5c124868d866d","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"720c76b930c52cd58f50eb6b10569d03dccc7959","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"d2ea0b8aef8746e147602eac87ca8538f4bc7e66","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f","versionType":"git","status":"affected"},{"version":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","lessThan":"7bf563badd37cb796df5477d2b78bb64148a1268","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/smc/smc_tracepoint.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.16","status":"affected"},{"version":"0","lessThan":"5.16","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.142","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.92","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.34","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.11","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.175","matchCriteriaId":"92385813-D91D-480D-83A1-F423D2CBB2BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.142","matchCriteriaId":"FBFF77B0-526A-4AF1-84D0-ED7187624A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.92","matchCriteriaId":"9CB90BD9-95B7-4D7F-9F17-4ECE6CFB66C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.34","matchCriteriaId":"A4B1EF6D-18D7-4838-BC37-7499D5DCC3C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.11","matchCriteriaId":"0520D091-FC52-4A50-AF07-70AE7D08B750"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/68200112534bb2acd1d7117dc2d5c124868d866d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/720c76b930c52cd58f50eb6b10569d03dccc7959","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7bf563badd37cb796df5477d2b78bb64148a1268","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d2ea0b8aef8746e147602eac87ca8538f4bc7e66","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52942","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T08:16:24.490","lastModified":"2026-07-08T19:08:21.873","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_log: validate MAC header was set before dumping it\n\nThe fallback path of dump_mac_header() guards the MAC header access\nonly with \"skb->mac_header != skb->network_header\", without checking\nskb_mac_header_was_set(). When the MAC header is unset, mac_header is\n0xffff, so the test passes and skb_mac_header(skb) returns\nskb->head + 0xffff, ~64 KiB past the buffer; the loop then reads\ndev->hard_header_len bytes out of bounds into the kernel log.\n\nThis is reachable via the netdev logger: nf_log_unknown_packet() calls\ndump_mac_header() unconditionally, and an skb sent through AF_PACKET\nwith PACKET_QDISC_BYPASS reaches the egress hook with mac_header still\nunset (__dev_queue_xmit(), which would reset it, is bypassed).\n\nAdd the skb_mac_header_was_set() check the ARPHRD_ETHER path already\nuses, and replace the open-coded MAC header length test with\nskb_mac_header_len(). Only skbs with an unset MAC header are affected;\nvalid ones are dumped as before.\n\n BUG: KASAN: slab-out-of-bounds in dump_mac_header (net/netfilter/nf_log_syslog.c:831)\n Read of size 1 at addr ffff88800ea49d3f by task exploit/148\n Call Trace:\n  kasan_report (mm/kasan/report.c:595)\n  dump_mac_header (net/netfilter/nf_log_syslog.c:831)\n  nf_log_netdev_packet (net/netfilter/nf_log_syslog.c:938 net/netfilter/nf_log_syslog.c:963)\n  nf_log_packet (net/netfilter/nf_log.c:260)\n  nft_log_eval (net/netfilter/nft_log.c:60)\n  nft_do_chain (net/netfilter/nf_tables_core.c:285)\n  nft_do_chain_netdev (net/netfilter/nft_chain_filter.c:307)\n  nf_hook_slow (net/netfilter/core.c:619)\n  nf_hook_direct_egress (net/packet/af_packet.c:257)\n  packet_xmit (net/packet/af_packet.c:280)\n  packet_sendmsg (net/packet/af_packet.c:3114)\n  __sys_sendto (net/socket.c:2265)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netfilter/nf_log_syslog.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7eb9282cd0efac08b8377cbd5037ba297c77e3f7","lessThan":"d704ee9c7bc68a161684c51a7ac05b446dcf38d4","versionType":"git","status":"affected"},{"version":"7eb9282cd0efac08b8377cbd5037ba297c77e3f7","lessThan":"befb8968a2abdfa948d5600ea7f7a509a292a590","versionType":"git","status":"affected"},{"version":"7eb9282cd0efac08b8377cbd5037ba297c77e3f7","lessThan":"8a81e336da685423f5b64aac4d571e63d674c52a","versionType":"git","status":"affected"},{"version":"7eb9282cd0efac08b8377cbd5037ba297c77e3f7","lessThan":"c38d41134085193efd5b237cf513ad5b3421a60d","versionType":"git","status":"affected"},{"version":"7eb9282cd0efac08b8377cbd5037ba297c77e3f7","lessThan":"af1b7699466f6556b351fa25d3dc870abfb5d310","versionType":"git","status":"affected"},{"version":"7eb9282cd0efac08b8377cbd5037ba297c77e3f7","lessThan":"65ef7397eb9a296e91839f5fd10be96f23d332e7","versionType":"git","status":"affected"},{"version":"7eb9282cd0efac08b8377cbd5037ba297c77e3f7","lessThan":"a84b6fedbc97078788be78dbdd7517d143ad1a77","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netfilter/nf_log_syslog.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.36","status":"affected"},{"version":"0","lessThan":"2.6.36","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.36","versionEndExcluding":"5.15.210","matchCriteriaId":"6F1B61BC-E6AC-449C-B36A-46449DF524A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/65ef7397eb9a296e91839f5fd10be96f23d332e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8a81e336da685423f5b64aac4d571e63d674c52a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a84b6fedbc97078788be78dbdd7517d143ad1a77","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/af1b7699466f6556b351fa25d3dc870abfb5d310","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/befb8968a2abdfa948d5600ea7f7a509a292a590","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c38d41134085193efd5b237cf513ad5b3421a60d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d704ee9c7bc68a161684c51a7ac05b446dcf38d4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-52944","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T10:17:19.447","lastModified":"2026-07-08T19:03:29.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE\n\nFSCTL_SET_SPARSE in fsctl_set_sparse() modifies the file's sparse\nattribute and saves it through xattr without any permission checks.\n\nThis exposes two issues:\n\n1) A client on a read-only share can change the sparse attribute\n   on files it opened, even though the share is read-only.\n   Other FSCTL write operations already check\n   test_tree_conn_flag(work->tcon, KSMBD_TREE_CONN_FLAG_WRITABLE),\n   but FSCTL_SET_SPARSE does not.\n\n2) Even on writable shares, clients without FILE_WRITE_DATA or\n   FILE_WRITE_ATTRIBUTES access should not modify the sparse\n   attribute. Similar handle-level checks exist in other functions\n   but are missing here.\n\nAdd both share-level writable check and per-handle access check.\nUse goto out on error to avoid leaking file references."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/smb/server/smb2pdu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"3127a884525dc8ca4def73254bfcd3ccef0bf812","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"de9eb0b44fa9123170e6245b49638e0e453c10f8","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"aef151bcfa494bfe983669de2726734b534adb73","versionType":"git","status":"affected"},{"version":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","lessThan":"cc57232cae23c0df91b4a59d0f519141ce9b5b02","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/smb/server/smb2pdu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.18.35","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.12","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.6.143","matchCriteriaId":"3CEFB6A8-22D7-4D35-832D-007ECEE72942"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.18.35","matchCriteriaId":"78991494-12C9-4A28-BB46-23FB277E185A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.12","matchCriteriaId":"9161A938-0FA8-44BC-95FE-C5A271601AB3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3127a884525dc8ca4def73254bfcd3ccef0bf812","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/aef151bcfa494bfe983669de2726734b534adb73","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc57232cae23c0df91b4a59d0f519141ce9b5b02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/de9eb0b44fa9123170e6245b49638e0e453c10f8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53071","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:20.843","lastModified":"2026-07-08T13:16:53.650","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp\n\nl2cap_ecred_reconf_rsp() calls l2cap_chan_del() without holding\nl2cap_chan_lock(). Every other l2cap_chan_del() caller in the file\nacquires the lock first. A remote BLE device can send a crafted\nL2CAP ECRED reconfiguration response to corrupt the channel list\nwhile another thread is iterating it.\n\nAdd l2cap_chan_hold() and l2cap_chan_lock() before l2cap_chan_del(),\nand l2cap_chan_unlock() and l2cap_chan_put() after, matching the\npattern used in l2cap_ecred_conn_rsp() and l2cap_conn_del()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/l2cap_core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"96dca51715d86559ed6ed8028e5445cecb80f3ae","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"330b20ec97916961ee0e6c29c06bc0fa7c96e64c","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"0ccd75c51f620374086f359e906917676e699a1c","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"77a853aec710b2fdf41fa298ea3cbc9a4358f917","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"fe1188abdae9b7a8199dcdfcf9244d5e5d61eb14","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"dc89961b76f12aff47124c1df4bdb32a080f4d0c","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"5501d055a1ce3c747141e3955ba8cf034d193f3e","versionType":"git","status":"affected"},{"version":"15f02b91056253e8cdc592888f431da0731337b8","lessThan":"42776497cdbc9a665b384a6dcb85f0d4bd927eab","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/l2cap_core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.7","status":"affected"},{"version":"0","lessThan":"5.7","versionType":"semver","status":"unaffected"},{"version":"5.10.258","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.209","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.175","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.141","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.91","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}]},"weaknesses":[{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ccd75c51f620374086f359e906917676e699a1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/330b20ec97916961ee0e6c29c06bc0fa7c96e64c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/42776497cdbc9a665b384a6dcb85f0d4bd927eab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/5501d055a1ce3c747141e3955ba8cf034d193f3e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/77a853aec710b2fdf41fa298ea3cbc9a4358f917","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/96dca51715d86559ed6ed8028e5445cecb80f3ae","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/dc89961b76f12aff47124c1df4bdb32a080f4d0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/fe1188abdae9b7a8199dcdfcf9244d5e5d61eb14","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://access.redhat.com/security/cve/CVE-2026-53071","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492458","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53071.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c"}]}},{"cve":{"id":"CVE-2026-53143","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.607","lastModified":"2026-07-08T14:43:56.283","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11\n\nThe v11 MQD manager incorrectly assigned the CP-compute variants of\ncheckpoint_mqd/restore_mqd for KFD_MQD_TYPE_SDMA queues. These functions\nuse sizeof(struct v11_compute_mqd) (2048 bytes) instead of sizeof(struct\nv11_sdma_mqd) (512 bytes), causing a 1536-byte overflow.\n\nDuring CRIU checkpoint of an SDMA queue on Navi3x:\n- checkpoint_mqd() reads 2048 bytes from a 512-byte SDMA MQD buffer,\n  leaking 1536 bytes of adjacent GTT memory to userspace\n\nDuring CRIU restore:\n- restore_mqd() writes 2048 bytes into a 512-byte SDMA MQD buffer,\n  corrupting 1536 bytes of adjacent GTT memory (often the ring buffer\n  or neighboring MQDs)\n\nThis is a copy-paste regression unique to v11. All other ASIC backends\n(cik, vi, v9, v10, v12) correctly use the SDMA-specific variants.\n\nAdd checkpoint_mqd_sdma() and restore_mqd_sdma() functions that properly\nhandle the smaller v11_sdma_mqd structure, matching the pattern used in\nother MQD managers.\n\n(cherry picked from commit 6fa41db7ffdec97d62433adf03b7b9b759af8c2c)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"16dad1fb0d783a4008de30e32d0038c393de05b1","versionType":"git","status":"affected"},{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"2c5b66c9b4057b385566940935ebc32f6e6ebfd2","versionType":"git","status":"affected"},{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"d3efcadfe3eea5b4263b8f2d4463b15c9fc46a64","versionType":"git","status":"affected"},{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"d02f05d30f35b036f7cbaf72de634affb5b38ec6","versionType":"git","status":"affected"},{"version":"cc009e613de6560eb499f8bc92c80a737752cb30","lessThan":"352ea59028ea48a6fff77f19ae28f98f71946a80","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v11.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.19","status":"affected"},{"version":"0","lessThan":"5.19","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-131"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"6.6.143","matchCriteriaId":"83122EE5-06E7-4996-8D74-0522071B474D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/16dad1fb0d783a4008de30e32d0038c393de05b1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2c5b66c9b4057b385566940935ebc32f6e6ebfd2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/352ea59028ea48a6fff77f19ae28f98f71946a80","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d02f05d30f35b036f7cbaf72de634affb5b38ec6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d3efcadfe3eea5b4263b8f2d4463b15c9fc46a64","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-53143","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492719","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53143.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53145","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:31.810","lastModified":"2026-07-08T14:57:03.593","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gem: Try to fix change_handle ioctl, attempt 4\n\n[airlied: just added some comments on how to reenable]\nOn-list because the cat is out of the bag and we're clearly not good\nenough to figure this out in private. The story thus far:\n\n5e28b7b94408 (\"drm: Set old handle to NULL before prime swap in\nchange_handle\") tried to fix a race condition between the gem_close and\ngem_change_handle ioctls, but got a few things wrong:\n\n- There's a confusion with the local variable handle, which is actually\n  the new handle, and so the two-stage trick was actually applied to the\n  wrong idr slot. 7164d78559b0 (\"drm/gem: fix race between\n  change_handle and handle_delete\") tried to fix that by adding yet\n  another code block, but forgot to add the error handling. Which meant\n  we now have two paths, both kinda wrong.\n\n- dc366607c41c (\"drm: Replace old pointer to new idr\") tried to apply\n  another fix, but inconsistently, again because of the handle confusion\n  - this would be the right fix (kinda, somewhat, it's a mess) if we'd\n  do the two-stage approach for the new handle. Except that wasn't the\n  intent of the original fix.\n\nWe also didn't have an igt merged for the original ioctl, which is a big\nno-go. This was attempted to address off-list in the original bugfix,\nand amd QA people claimed the bug was fixed now. Very clearly that's not\nthe case. Here's my attempt to sort this out:\n\n- Rename the local variable to new_handle, the old aliasing with\n  args->handle is just too dangerously confusing.\n\n- Merge the gem obj lookup with the two-stage idr_replace so that we\n  avoid getting ourselves confused there.\n\n- This means we don't have a surplus temporary reference anymore, only\n  an inherited from the idr. A concurrent gem_close on the new_handle\n  could steal that. Fix that with the same two-stage approach\n  create_tail uses. This is a bit overkill as documented in the comment,\n  but I also don't trust my ability to understand this all correctly, so\n  go with the established pattern we have from other ioctls instead for\n  maximum paranoia.\n\n- Adjust error paths. I've tried to make the error and success paths\n  common, because they are identical except for which handle is removed\n  and on which we call idr_replace to (re)install the object again. But\n  that made things messier to read, so I've left it at the more verbose\n  version, which unfortunately hides the symmetry in the entire code\n  flow a bit.\n\n- While at it, also replace the 7 space indent with 1 tab.\n\nAnd finally, because I flat out don't trust my abilities here at all\nanymore:\n\n- Disable the ioctl until we have the igt situation and everything else\n  sorted out on-list and with full consensus.\n\nv2:\n\nSashiko noticed that I didn't handle the error path for idr_replace\ncorrectly, it must be checked with IS_ERR_OR_NULL like in\ngem_handle_delete. So yeah, definitely should just the existing paths\n1:1 because this is endless amounts of tricky.\n\nAlso add the Fixes: line for the original ioctl, I forgot that too."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/drm_gem.c","drivers/gpu/drm/drm_ioctl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"672464dd53231509c9c771110798c56d4660e19e","lessThan":"c0639ede2f24ac224b2079cd35ecd5fd8ad4e3cd","versionType":"git","status":"affected"},{"version":"61bd96d3e5472c253f9c1ab77608f0c8aaa9d025","lessThan":"1d9b93df7fc768228906e24220591ec1cddad391","versionType":"git","status":"affected"},{"version":"5e28b7b94408897e41c63477aabc9e1db439bc8c","lessThan":"1a4f03d22fb655e5f192244fb2c87d8066fcfca2","versionType":"git","status":"affected"},{"version":"318b995cffcfcaa69a234d28123a3f4ae186a9df","versionType":"git","status":"affected"},{"version":"38f12d0e10d83b66fa1466400d876a3a8da31542","versionType":"git","status":"affected"},{"version":"0dfa42cfe4dbe114533480503934f43e33c1e83d","versionType":"git","status":"affected"},{"version":"cde2c9257cbe8463b9dcf7b1075177b72b5fd938","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpu/drm/drm_gem.c","drivers/gpu/drm/drm_ioctl.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.18.32","lessThan":"6.18.36","versionType":"semver","status":"affected"},{"version":"7.0.9","lessThan":"7.0.13","versionType":"semver","status":"affected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.32","versionEndExcluding":"6.18.36","matchCriteriaId":"31CD171B-DFD5-4D12-B633-B42F02ACBD80"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.9","versionEndExcluding":"7.0.13","matchCriteriaId":"322D0AF5-A8BD-4FEE-82F7-1CCC7E7693B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F4CFF558-3C47-480D-A2F0-BABF26042943"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1a4f03d22fb655e5f192244fb2c87d8066fcfca2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1d9b93df7fc768228906e24220591ec1cddad391","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c0639ede2f24ac224b2079cd35ecd5fd8ad4e3cd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-53145","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492773","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53145.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53148","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:32.140","lastModified":"2026-07-08T14:41:01.103","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Clamp XDomain response data copy to allocation size\n\ntb_xdp_properties_request() derives the per-packet copy length from\nthe response header without checking that it fits in the previously\nallocated data buffer.  A malicious peer can set its length field\nlarger than the declared data_length, causing memcpy to write past\nthe kcalloc allocation.\n\nClamp the per-packet copy length so that the cumulative offset\nnever exceeds data_len."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/thunderbolt/xdomain.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"0b334279a82d79fb4723bd4f614305de1ab69caa","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"6021d39ccd979713b39b980286020d8f9a45efd1","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"89ae04365e01d5ae4aae83044a8bbd2a9aaf8d0d","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"5db10c8ad8c09f72c847dfeef3d876098257f505","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"05a43157676c243c248d1c6d9dcecbe6eba2f35d","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"fcbd0cdab92838854a5818be7ed8a097164ef6d5","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"906035d5c3784570191d259cbf9a0ac1617852b5","versionType":"git","status":"affected"},{"version":"cdae7c07e3e3509eaabc18c1640a55dc5b99c179","lessThan":"322e93448d908434ae5545660fcbe8f5a7a8e141","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/thunderbolt/xdomain.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.15","status":"affected"},{"version":"0","lessThan":"4.15","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"5.10.259","matchCriteriaId":"E2E6634B-DED7-40B3-A18B-2140A791419F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/05a43157676c243c248d1c6d9dcecbe6eba2f35d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0b334279a82d79fb4723bd4f614305de1ab69caa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/322e93448d908434ae5545660fcbe8f5a7a8e141","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5db10c8ad8c09f72c847dfeef3d876098257f505","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6021d39ccd979713b39b980286020d8f9a45efd1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/89ae04365e01d5ae4aae83044a8bbd2a9aaf8d0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/906035d5c3784570191d259cbf9a0ac1617852b5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fcbd0cdab92838854a5818be7ed8a097164ef6d5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-53148","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492756","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53148.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53153","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:32.680","lastModified":"2026-07-08T13:51:05.307","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/list_lru: drain before clearing xarray entry on reparent\n\nmemcg_reparent_list_lrus() clears the dying memcg's xarray entry with\nxas_store(&xas, NULL) before reparenting its per-node lists into the\nparent.  This opens a window where a concurrent list_lru_del() arriving\nfor the dying memcg sees xa_load() == NULL, walks to the parent in\nlock_list_lru_of_memcg(), takes the parent's per-node lock, and calls\nlist_del_init() on an item still physically linked on the dying memcg's\nlist.\n\nIf another in-flight thread holds the dying memcg's per-node lock at the\nsame moment (another list_lru_del, or a list_lru_walk_one running an\nisolate callback), both threads modify ->next/->prev pointers on the same\nphysical list under different locks.  Adjacent items can corrupt each\nother's links.\n\nFix it by reversing the order: reparent each per-node list and mark the\nchild's list lru dead and then clear the xarray entry.  Any concurrent\nlist_lru op that finds the still-set xarray entry either takes the dying\nmemcg's per-node lock (synchronizing with the drain) or sees LONG_MIN and\nwalks to the parent, where the items now live."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/list_lru.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fb56fdf8b9a2f7397f8a83dce50189f3f0cf71af","lessThan":"c19ff4351214f059349788e13e70e74325831ff6","versionType":"git","status":"affected"},{"version":"fb56fdf8b9a2f7397f8a83dce50189f3f0cf71af","lessThan":"2b66496d794e98f7aeec7688573051f22ec40bac","versionType":"git","status":"affected"},{"version":"fb56fdf8b9a2f7397f8a83dce50189f3f0cf71af","lessThan":"98733f3f0becb1ae0701d021c1748e974e5fa55c","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/list_lru.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","description":[{"lang":"en","value":"CWE-820"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2b66496d794e98f7aeec7688573051f22ec40bac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/98733f3f0becb1ae0701d021c1748e974e5fa55c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c19ff4351214f059349788e13e70e74325831ff6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-53153","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2492790","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53153.json","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-53234","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.293","lastModified":"2026-07-08T19:02:06.450","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ibm: emac: Fix use-after-free during device removal\n\nThe driver was using devm_register_netdev() which causes unregister_netdev()\nto be deferred until the devres cleanup phase, which runs after emac_remove()\nreturns. This creates a use-after-free window where:\n\n1. emac_remove() is called, which tears down hardware (cancels work, detaches\n   modules, unregisters from MAL)\n2. emac_remove() returns\n3. devres cleanup runs and finally calls unregister_netdev()\n\nDuring step 3, the network stack might still process packets, triggering\nemac_irq(), emac_poll(), or other handlers that access now-freed hardware\nresources (dev->emacp, dev->mal, etc.).\n\nFix this by replacing devm_register_netdev() with manual register_netdev()\nand calling unregister_netdev() at the beginning of emac_remove(), before\nany hardware teardown. This ensures the network device is fully stopped and\nunregistered before hardware resources are released.\n\nThe change is safe because:\n- dev->ndev is assigned very early in probe (before any error paths that\n  could bypass emac_remove)\n- platform_set_drvdata() is only called after successful registration, so\n  emac_remove() only runs for fully registered devices\n- unregister_netdev() is idempotent and safe to call on any registered device"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/net/ethernet/ibm/emac/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"a4dd8535a527061a01f2fd335596fa77ca240a96","lessThan":"cf8e14db93eaecc4c0c58299be3b3183b0e53ed5","versionType":"git","status":"affected"},{"version":"a4dd8535a527061a01f2fd335596fa77ca240a96","lessThan":"c09c2e236eef6f59e105f38a30f5439e6ccbcad7","versionType":"git","status":"affected"},{"version":"a4dd8535a527061a01f2fd335596fa77ca240a96","lessThan":"c12584cd6078085d707266be864e7e1cc91d74e3","versionType":"git","status":"affected"},{"version":"a4dd8535a527061a01f2fd335596fa77ca240a96","lessThan":"a0130d682222ae21afc395aead7cd2d87e1a8358","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/net/ethernet/ibm/emac/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"6.12.94","matchCriteriaId":"7327870E-8777-43EF-92CB-081E4B51D6F9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a0130d682222ae21afc395aead7cd2d87e1a8358","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c09c2e236eef6f59e105f38a30f5439e6ccbcad7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c12584cd6078085d707266be864e7e1cc91d74e3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cf8e14db93eaecc4c0c58299be3b3183b0e53ed5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53235","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.397","lastModified":"2026-07-08T19:00:57.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add pskb_may_pull() to skb_gro_receive_list()\n\nskb_gro_receive_list() calls skb_pull(skb, skb_gro_offset(skb)) without\nfirst ensuring the data is in the linear area via pskb_may_pull(). When\nthe skb arrives via napi_gro_frags(), skb_headlen can be 0 (all data in\npage fragments) while skb_gro_offset is non-zero (after IP+TCP header\nparsing). The skb_pull() then decrements skb->len by skb_gro_offset\nbut skb->data_len stays unchanged, hitting BUG_ON(skb->len < skb->data_len)\nin __skb_pull().\n\nThe UDP fraglist GRO path already contains this guard at\nudp_offload.c:749. Adding it to skb_gro_receive_list() itself provides\ncentralized protection for all callers (TCP, UDP, and any future\nprotocols), and ensures the precondition of skb_pull() is satisfied\nbefore it is called.\n\nOn pskb_may_pull() failure, set NAPI_GRO_CB(skb)->flush = 1 so the\nskb is not held as a new GRO head and is instead delivered through the\nnormal receive path, matching the UDP handling."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/gro.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8d95dc474f85481652a0e422d2f1f079de81f63c","lessThan":"9e636c995b7beeb74ea882968248752821c244c4","versionType":"git","status":"affected"},{"version":"8d95dc474f85481652a0e422d2f1f079de81f63c","lessThan":"0cde3a004119db637b401c54e77536e4145fc0b4","versionType":"git","status":"affected"},{"version":"8d95dc474f85481652a0e422d2f1f079de81f63c","lessThan":"848571dcbbbea7ba44dd4f7ebe1fbb274afe08ac","versionType":"git","status":"affected"},{"version":"8d95dc474f85481652a0e422d2f1f079de81f63c","lessThan":"f2bb3434544454099a5b6dec213567267b05d79d","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/gro.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.94","matchCriteriaId":"75F2C460-8745-4342-9F01-D6B029B4B9ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0cde3a004119db637b401c54e77536e4145fc0b4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/848571dcbbbea7ba44dd4f7ebe1fbb274afe08ac","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9e636c995b7beeb74ea882968248752821c244c4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f2bb3434544454099a5b6dec213567267b05d79d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53236","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.493","lastModified":"2026-07-08T13:20:37.600","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: restrict SO_ATTACH_FILTER to priv users\n\nThis patch restricts the use of SO_ATTACH_FILTER (cBPF) on TCP sockets\nto users with CAP_NET_ADMIN capability.\n\nThis blocks potential side-channel attack where an unprivileged application\nattaches a filter to leak TCP sequence/acknowledgment numbers."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/core/sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"3747de241a66ef2c7032d2cc2b826a47c5fa0f6a","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ecfe9171b26ae3eed0cd8bab7a943e9e2c9e51ba","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"82b3e7ce10c53fc12aab8904745603efc74f8c07","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"ede69b8f6670600e534591664584f810d7c385f9","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c68517a3e18e20997808821c5559d0cba4d776c1","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"5d39580f68e6ddeedd15e587282207489dfb3da2","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/core/sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"6.1.176","matchCriteriaId":"82D831C2-08D3-43F5-A6A7-F4B9A5A9B631"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/3747de241a66ef2c7032d2cc2b826a47c5fa0f6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d39580f68e6ddeedd15e587282207489dfb3da2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82b3e7ce10c53fc12aab8904745603efc74f8c07","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c68517a3e18e20997808821c5559d0cba4d776c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ecfe9171b26ae3eed0cd8bab7a943e9e2c9e51ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ede69b8f6670600e534591664584f810d7c385f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53237","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.597","lastModified":"2026-07-08T13:13:22.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mvebu: fix NULL pointer dereference in suspend/resume\n\nmvebu_pwm_suspend() and mvebu_pwm_resume() are called for all GPIO\nbanks during suspend/resume, but not all banks have PWM functionality.\nGPIO banks without PWM have mvchip->mvpwm set to NULL.\n\nCalling mvebu_pwm_suspend() with mvpwm == NULL causes a NULL pointer\ndereference when it tries to access mvpwm->blink_select.\n\n  Unable to handle kernel NULL pointer dereference at virtual address 00000020 when write\n  [00000020] *pgd=00000000\n  Internal error: Oops: 815 [#1] PREEMPT ARM\n  Modules linked in:\n  CPU: 0 UID: 0 PID: 406 Comm: sh Not tainted 6.12.74-rt12-yocto-standard-g4e96f98fb7db-dirty #353\n  Hardware name: Marvell Armada 370/XP (Device Tree)\n  PC is at regmap_mmio_read+0x38/0x54\n  LR is at regmap_mmio_read+0x38/0x54\n  pc : [<c05fd2ac>]    lr : [<c05fd2ac>]    psr: 200f0013\n  sp : f0c11d10  ip : 00000000  fp : c100d2f0\n  r10: c14fb854  r9 : 00000000  r8 : 00000000\n  r7 : c1799c00  r6 : 00000020  r5 : 00000020  r4 : c179c7c0\n  r3 : f0a231a0  r2 : 00000020  r1 : 00000020  r0 : 00000000\n  Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none\n  Control: 10c5387d  Table: 135ec059  DAC: 00000051\n  Call trace:\n   regmap_mmio_read from _regmap_bus_reg_read+0x78/0xac\n   _regmap_bus_reg_read from _regmap_read+0x60/0x154\n   _regmap_read from regmap_read+0x3c/0x60\n   regmap_read from mvebu_gpio_suspend+0xa4/0x14c\n   mvebu_gpio_suspend from dpm_run_callback+0x54/0x180\n   dpm_run_callback from device_suspend+0x124/0x630\n   device_suspend from dpm_suspend+0x124/0x270\n   dpm_suspend from dpm_suspend_start+0x64/0x6c\n   dpm_suspend_start from suspend_devices_and_enter+0x140/0x8e8\n   suspend_devices_and_enter from pm_suspend+0x2fc/0x308\n   pm_suspend from state_store+0x6c/0xc8\n   state_store from kernfs_fop_write_iter+0x10c/0x1f8\n   kernfs_fop_write_iter from vfs_write+0x270/0x468\n   vfs_write from ksys_write+0x70/0xf0\n   ksys_write from ret_fast_syscall+0x0/0x54\n\nAdd a NULL check for mvchip->mvpwm before calling the PWM\nsuspend/resume functions."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpio/gpio-mvebu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"7db09011ce62162d72897fc4856b4425245dfe35","versionType":"git","status":"affected"},{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"4ef24338eda3c7e96d6f94a988266ff16ed3985d","versionType":"git","status":"affected"},{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"6136c1474db88272231573e222896e1998d34662","versionType":"git","status":"affected"},{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"c9677a9274ffb44987ec209dc8ec9f2d34946956","versionType":"git","status":"affected"},{"version":"757642f9a584e893f3f4e50c99b674ee8a3ed363","lessThan":"b9ad50d7505ebd48282ec3630258dc820fc85c81","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpio/gpio-mvebu.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.12","status":"affected"},{"version":"0","lessThan":"4.12","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12","versionEndExcluding":"6.6.143","matchCriteriaId":"5A633716-C5E6-4EC9-BEBD-D8A0818C7F95"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4ef24338eda3c7e96d6f94a988266ff16ed3985d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6136c1474db88272231573e222896e1998d34662","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7db09011ce62162d72897fc4856b4425245dfe35","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9ad50d7505ebd48282ec3630258dc820fc85c81","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c9677a9274ffb44987ec209dc8ec9f2d34946956","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53238","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.713","lastModified":"2026-07-08T13:12:15.800","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: validate unlabeled address and mask attribute lengths\n\nnetlbl_unlabel_addrinfo_get() used the address attribute length to\ndetermine whether the attribute data could be read as an IPv4 or IPv6\naddress, but did not independently validate the corresponding mask\nattribute length.  A crafted Generic Netlink request could therefore\nprovide a valid IPv4/IPv6 address attribute with a shorter mask\nattribute, which would later be read as a full struct in_addr or\nstruct in6_addr.\n\nNLA_BINARY policy lengths are maximum lengths by default, so use\nNLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask\nattributes.  This rejects short attributes during policy validation and\nalso exposes the exact length requirements through policy introspection."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/netlabel/netlabel_unlabeled.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"975a84fd741440853380d37465b6e226cf47254c","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"672f0f3b8f875ffe6525a37847eafa7648c4c0c6","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"95bda3eac0b1454c2cee98d58d9ba6dd8391e843","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"07a18f5c90dd3d586b73242f5a5bbf0a72f2fdc6","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"71c52da13c3737493b42d20d9f33de34e03b3156","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"0c4bb32ad7fdc2dc6a8050f41eb04d4bda56b6c8","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"ccfe292a966079c61ea68a2da303b2a336170993","versionType":"git","status":"affected"},{"version":"8cc44579d1bd77ba3a32f2cb76fd9669c229c5fd","lessThan":"9772589b57e44aedc240211c5c3f7a684a034d3a","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/netlabel/netlabel_unlabeled.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.25","status":"affected"},{"version":"0","lessThan":"2.6.25","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.25","versionEndExcluding":"5.10.259","matchCriteriaId":"3D7B1C25-B15B-469B-86ED-C02BFEC9F0DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/07a18f5c90dd3d586b73242f5a5bbf0a72f2fdc6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0c4bb32ad7fdc2dc6a8050f41eb04d4bda56b6c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/672f0f3b8f875ffe6525a37847eafa7648c4c0c6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/71c52da13c3737493b42d20d9f33de34e03b3156","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/95bda3eac0b1454c2cee98d58d9ba6dd8391e843","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/975a84fd741440853380d37465b6e226cf47254c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9772589b57e44aedc240211c5c3f7a684a034d3a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ccfe292a966079c61ea68a2da303b2a336170993","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53239","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.840","lastModified":"2026-07-08T13:06:06.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: policy: fix use-after-free on inexact bin in xfrm_policy_bysel_ctx()\n\nFix the race by pruning the bin while still holding xfrm_policy_lock,\nbefore dropping it. Use __xfrm_policy_inexact_prune_bin() directly since\nthe lock is already held. The wrapper xfrm_policy_inexact_prune_bin()\nbecomes unused and is removed.\n\nRace:\n\n  CPU0 (XFRM_MSG_DELPOLICY)           CPU1 (XFRM_MSG_NEWSPDINFO)\n  ==========================          ==========================\n  xfrm_policy_bysel_ctx():\n    spin_lock_bh(xfrm_policy_lock)\n    bin = xfrm_policy_inexact_lookup()\n    __xfrm_policy_unlink(pol)\n    spin_unlock_bh(xfrm_policy_lock)\n    xfrm_policy_kill(ret)\n    // wide window, lock not held\n                                       xfrm_hash_rebuild():\n                                         spin_lock_bh(xfrm_policy_lock)\n                                         __xfrm_policy_inexact_flush():\n                                           kfree_rcu(bin)  // bin freed\n                                         spin_unlock_bh(xfrm_policy_lock)\n    xfrm_policy_inexact_prune_bin(bin)\n    // UAF: bin is freed"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xfrm/xfrm_policy.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"8fc536e9f6856230f19c7d13e71af064b6a77b22","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"c4c1ea36d83bf3c4569468ca5b8b614fda1bf821","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"25c8c7fb3b0b9668c7d05e209f58c158d2b020c7","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"42827d03f8009a6a218bacab153e21f39d6a121c","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"88697cf980222d5906a37bf47662dac0732e2a0f","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"b5316e2b8614a87d8736941972441cb47bfd4491","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"ec82ea4eb220164d854f8734ca5a35e23e577b94","versionType":"git","status":"affected"},{"version":"6be3b0db6db82cf056a72cc18042048edd27f8ee","lessThan":"7f2d76c9c03257c0782afef9d95321fa04096f60","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xfrm/xfrm_policy.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.259","matchCriteriaId":"1A9E792C-DB8D-45E1-BA0E-FADA558D6B15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/25c8c7fb3b0b9668c7d05e209f58c158d2b020c7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/42827d03f8009a6a218bacab153e21f39d6a121c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f2d76c9c03257c0782afef9d95321fa04096f60","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/88697cf980222d5906a37bf47662dac0732e2a0f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8fc536e9f6856230f19c7d13e71af064b6a77b22","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b5316e2b8614a87d8736941972441cb47bfd4491","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c4c1ea36d83bf3c4569468ca5b8b614fda1bf821","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec82ea4eb220164d854f8734ca5a35e23e577b94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53240","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:41.960","lastModified":"2026-07-08T13:05:31.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: iptfs: fix use-after-free on first_skb in __input_process_payload\n\n__input_process_payload() stores first_skb into xtfs->ra_newskb under\ndrop_lock when starting partial reassembly, then unlocks and breaks out\nof the processing loop. The post-loop check reads xtfs->ra_newskb\nwithout the lock to decide whether first_skb is still owned:\n\n    if (first_skb && first_iplen && !defer && first_skb != xtfs->ra_newskb)\n\nBetween spin_unlock and this read, a concurrent CPU running\niptfs_reassem_cont() (or the drop_timer hrtimer) can complete\nreassembly, NULL xtfs->ra_newskb, and free the skb. The check then\nevaluates first_skb != NULL as true, and pskb_trim/ip_summed/consume_skb\noperate on the freed skb — a use-after-free in skbuff_head_cache.\n\nReplace the unlocked read with a local bool that records whether\nfirst_skb was handed to the reassembly state in the current call. The\nflag is set after the existing spin_unlock, before the break, using the\npointer equality that is stable at that point (first_skb == skb iff\nfirst_skb was stored in ra_newskb)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xfrm/xfrm_iptfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"3f3339885fb343b7b42d7c34717108ce07da24ae","lessThan":"8d9a79fbf5172d9c4c0146057af2360913265a11","versionType":"git","status":"affected"},{"version":"3f3339885fb343b7b42d7c34717108ce07da24ae","lessThan":"ff2ee35b6ce5fa8a8e24ea50b15733d5c8780198","versionType":"git","status":"affected"},{"version":"3f3339885fb343b7b42d7c34717108ce07da24ae","lessThan":"eb48730bb827d1550401a5d391903f9d90b493c8","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xfrm/xfrm_iptfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.14","status":"affected"},{"version":"0","lessThan":"6.14","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14","versionEndExcluding":"6.18.36","matchCriteriaId":"F44E71B4-36C2-4FDD-9239-2EEBD641A1C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8d9a79fbf5172d9c4c0146057af2360913265a11","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/eb48730bb827d1550401a5d391903f9d90b493c8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ff2ee35b6ce5fa8a8e24ea50b15733d5c8780198","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53250","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:42.960","lastModified":"2026-07-08T13:04:07.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: cache csum_start/csum_offset to fix TOCTOU in xsk_skb_metadata()\n\nThe TX metadata area resides in the UMEM buffer which is memory-mapped\nand concurrently writable by userspace. In xsk_skb_metadata(),\ncsum_start and csum_offset are read from shared memory for bounds\nvalidation, then read again for skb assignment. A malicious userspace\napplication can race to overwrite these values between the two reads,\nbypassing the bounds check and causing out-of-bounds memory access\nduring checksum computation in the transmit path.\n\nFix this by reading csum_start and csum_offset into local variables\nonce, then using the local copies for both validation and assignment.\n\nNote that other metadata fields (flags, launch_time) and the cached\ncsum fields may be mutually inconsistent due to concurrent userspace\nwrites, but this is benign: the only security-critical invariant is\nthat each field's validated value is the same one used, which local\ncaching guarantees."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/xdp/xsk.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"48eb03dd26304c24f03bdbb9382e89c8564e71df","lessThan":"0dfe05b938435892875e07771170051346412df9","versionType":"git","status":"affected"},{"version":"48eb03dd26304c24f03bdbb9382e89c8564e71df","lessThan":"bfdfd2706d5fb2cd496a1506e680daf979309c8b","versionType":"git","status":"affected"},{"version":"48eb03dd26304c24f03bdbb9382e89c8564e71df","lessThan":"22ba97ea9cc1f63a0d0244fae38057ed452b6ac7","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/xdp/xsk.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.8","status":"affected"},{"version":"0","lessThan":"6.8","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.8","versionEndExcluding":"6.18.36","matchCriteriaId":"D3538284-FFD4-4105-A79C-901B10A64A4C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0dfe05b938435892875e07771170051346412df9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/22ba97ea9cc1f63a0d0244fae38057ed452b6ac7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bfdfd2706d5fb2cd496a1506e680daf979309c8b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53251","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.047","lastModified":"2026-07-08T16:51:26.347","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix not releasing hdev reference on iso_conn_big_sync\n\nhci_get_route() returns a reference-counted hci_dev pointer via\nhci_dev_hold(). The function exits normally or with an error without ever\nreleasing it."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/iso.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1360e5b6ce63d63d23223a659ca2bbafa30a53aa","lessThan":"4bbec25f47b930101294fd310c627c3f53e9661f","versionType":"git","status":"affected"},{"version":"07a9342b94a91b306ed1cf6aa8254aea210764c9","lessThan":"33d677d2e3713d98012c3dbd4a9207f7d785b854","versionType":"git","status":"affected"},{"version":"07a9342b94a91b306ed1cf6aa8254aea210764c9","lessThan":"23e8eb16820b866528fb300dc67fe3f67f00ef62","versionType":"git","status":"affected"},{"version":"07a9342b94a91b306ed1cf6aa8254aea210764c9","lessThan":"5cbf290b79351971f20c7a533247e8d58a3f970c","versionType":"git","status":"affected"},{"version":"bfec1e55314896bf4a4cfdb3a9ad4872be9f06ed","versionType":"git","status":"affected"},{"version":"6.12.2","lessThan":"6.12.94","versionType":"semver","status":"affected"},{"version":"6.11.11","lessThan":"6.12","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/iso.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.11.11","versionEndExcluding":"6.12","matchCriteriaId":"4CBF5F6E-D446-4CAE-AAA4-413442319824"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.2","versionEndExcluding":"6.12.94","matchCriteriaId":"18CC1B47-674B-4A44-90C8-E21FD96CFC54"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/23e8eb16820b866528fb300dc67fe3f67f00ef62","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/33d677d2e3713d98012c3dbd4a9207f7d785b854","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4bbec25f47b930101294fd310c627c3f53e9661f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5cbf290b79351971f20c7a533247e8d58a3f970c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53252","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.137","lastModified":"2026-07-08T16:48:59.550","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix memory leak in error path of hci_alloc_dev()\n\nEarly failures in Bluetooth HCI UART configuration leak SRCU percpu\nmemory.\n\nWhen device initialization fails before hci_register_dev() completes,\nthe HCI_UNREGISTER flag is never set. As a result, when the device\nreference count reaches zero, bt_host_release() evaluates this flag as\nfalse and falls back to a direct kfree(hdev).\n\nBecause hci_release_dev() is bypassed, the SRCU struct initialized\nearly in hci_alloc_dev() is never cleaned up, resulting in a leak of\npercpu memory.\n\nFix the leak by explicitly calling cleanup_srcu_struct() in the\nfallback (unregistered) branch of bt_host_release() before freeing\nthe device."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/hci_sysfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"90dee0a0ff84fac8accd5be98412b3819f667149","lessThan":"5b7dfca6f852e6b9d809fd0263b5427cc9fb33fd","versionType":"git","status":"affected"},{"version":"c56b177efce8b62798e4d96bdb9867106cb7c4a0","lessThan":"c016118b9e51eeaf5bc93850d4c455a3b583c0aa","versionType":"git","status":"affected"},{"version":"bc0819a25e04cd68ef3568cfa51b63118fea39a7","lessThan":"0622e527a31d4b44737fed5c1a2ac1fc2cfb5184","versionType":"git","status":"affected"},{"version":"ce23b73f0f27e2dbeb81734a79db710f05aa33c6","lessThan":"bc2efe73c194a74839d7cf57b63880d97e21d309","versionType":"git","status":"affected"},{"version":"1d6123102e9fbedc8d25bf4731da6d513173e49e","lessThan":"ce4b4cac3c5749b6aa75e62e2991ae2263f2f889","versionType":"git","status":"affected"},{"version":"1d6123102e9fbedc8d25bf4731da6d513173e49e","lessThan":"f82799407a50af7bcacacf09cc9b279af8fe9b81","versionType":"git","status":"affected"},{"version":"1d6123102e9fbedc8d25bf4731da6d513173e49e","lessThan":"37b3009bf5976e8ab77c8b9a9bc3bbd7ff49e37f","versionType":"git","status":"affected"},{"version":"dd4becd3fd4102696e1c15e6d260a1712a2d8685","versionType":"git","status":"affected"},{"version":"0e5c144c557df910ab64d9c25d06399a9a735e65","versionType":"git","status":"affected"},{"version":"5.15.209","lessThan":"5.15.210","versionType":"semver","status":"affected"},{"version":"6.1.167","lessThan":"6.1.176","versionType":"semver","status":"affected"},{"version":"6.6.97","lessThan":"6.6.143","versionType":"semver","status":"affected"},{"version":"6.12.36","lessThan":"6.12.94","versionType":"semver","status":"affected"},{"version":"5.10.259","lessThan":"5.11","versionType":"semver","status":"affected"},{"version":"6.15.5","lessThan":"6.16","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/hci_sysfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10.259","versionEndExcluding":"5.11","matchCriteriaId":"52F60680-8824-4BB5-AF9B-B593D23018AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.167","versionEndExcluding":"6.1.176","matchCriteriaId":"EA4D47D7-0677-4EA5-A70C-E66CDE321414"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6.97","versionEndExcluding":"6.6.143","matchCriteriaId":"8C5F210A-4D29-4A1A-A880-4FECCDC57247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12.36","versionEndExcluding":"6.12.94","matchCriteriaId":"34DC91E5-0FE4-476B-907F-F40D3F5F1197"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15.5","versionEndExcluding":"6.16","matchCriteriaId":"D10C9120-0117-4346-95CC-E5D06B9133C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16.1","versionEndExcluding":"6.18.36","matchCriteriaId":"1A9D8D37-BEDC-49CA-9E82-4D6B11A5675C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15.209:*:*:*:*:*:*:*","matchCriteriaId":"06EE5040-044C-46B4-B840-27D15DB507EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:-:*:*:*:*:*:*","matchCriteriaId":"6238B17D-C12B-458F-A138-97039BFC4595"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:*","matchCriteriaId":"A0517869-312D-4429-80C2-561086E1421C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc5:*:*:*:*:*:*","matchCriteriaId":"85421F4E-C863-4ABF-B4B4-E887CC2F7F92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc6:*:*:*:*:*:*","matchCriteriaId":"3827F0D4-5FEE-4181-B267-5A45E7CA11FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.16:rc7:*:*:*:*:*:*","matchCriteriaId":"7A9C2DE5-43B8-4D73-BDB5-EA55C7671A52"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0622e527a31d4b44737fed5c1a2ac1fc2cfb5184","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/37b3009bf5976e8ab77c8b9a9bc3bbd7ff49e37f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5b7dfca6f852e6b9d809fd0263b5427cc9fb33fd","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bc2efe73c194a74839d7cf57b63880d97e21d309","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c016118b9e51eeaf5bc93850d4c455a3b583c0aa","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ce4b4cac3c5749b6aa75e62e2991ae2263f2f889","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f82799407a50af7bcacacf09cc9b279af8fe9b81","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53253","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.253","lastModified":"2026-07-08T16:46:13.950","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bnep: reject short frames before parsing\n\nA BNEP peer can send a short BNEP SDU. bnep_rx_frame() reads the\npacket type byte immediately and, for control packets, reads the control\nopcode and setup UUID-size byte before proving that those bytes are\npresent. bnep_rx_control() also dereferences the control opcode without\nrejecting an empty control payload.\n\nUse skb_pull_data() for the fixed fields in bnep_rx_frame() so a NULL\nreturn gates each dereference. Split the control handler so the frame\npath can pass an opcode that has already been pulled, and keep the\nbyte-buffer wrapper for extension control payloads.\n\nFor BNEP_SETUP_CONN_REQ, name the UUID-size byte before pulling the\nsetup payload. struct bnep_setup_conn_req carries destination and source\nservice UUIDs after that byte, each uuid_size bytes, so the parser now\ndocuments that tuple explicitly instead of leaving the pull length as an\nopaque multiplication.\n\nValidation reproduced this kernel report:\nKASAN slab-out-of-bounds in bnep_rx_frame.isra.0+0x130c/0x1790\nThe buggy address belongs to the object at ffff88800c0f7908 which belongs\nto the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes to the right of allocated 1-byte\nregion [ffff88800c0f7908, ffff88800c0f7909)\nRead of size 1\nCall trace:\n  dump_stack_lvl+0xb3/0x140 (?:?)\n  print_address_description+0x57/0x3a0 (?:?)\n  bnep_rx_frame+0x130c/0x1790 (net/bluetooth/bnep/core.c:306)\n  print_report+0xb9/0x2b0 (?:?)\n  __virt_addr_valid+0x1ba/0x3a0 (?:?)\n  srso_alias_return_thunk+0x5/0xfbef5 (?:?)\n  kasan_addr_to_slab+0x21/0x60 (?:?)\n  kasan_report+0xe0/0x110 (?:?)\n  process_one_work+0xfce/0x17e0 (kernel/workqueue.c:3200)\n  worker_thread+0x65c/0xe40 (?:?)\n  __kthread_parkme+0x184/0x230 (?:?)\n  kthread+0x35e/0x470 (?:?)\n  _raw_spin_unlock_irq+0x28/0x50 (?:?)\n  ret_from_fork+0x586/0x870 (?:?)\n  __switch_to+0x74f/0xdc0 (?:?)\n  ret_from_fork_asm+0x1a/0x30 (?:?)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/bnep/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"0ef2ea86c82b2615902d085cd5a586fe9f58994f","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"2b83afb19293e4de700edae306115f18966dc4f9","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"691f14b6a48b637655755134f1e551c7c6fedc2e","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"d76dec1a37122bc16d83d059c08c0512ea8de909","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"c893e17d2809ec9c4b3f1cdd5847cecbc27a311b","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"be837cd09897e9e6e1958174501d467bdcbcc2bc","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"6770d3a8acdf9151769180cc3710346c4cfbe6f0","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/bnep/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.15.210","matchCriteriaId":"9C9C01DE-8B58-4685-BE17-27C5DE19C71B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0ef2ea86c82b2615902d085cd5a586fe9f58994f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2b83afb19293e4de700edae306115f18966dc4f9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6770d3a8acdf9151769180cc3710346c4cfbe6f0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/691f14b6a48b637655755134f1e551c7c6fedc2e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/be837cd09897e9e6e1958174501d467bdcbcc2bc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c893e17d2809ec9c4b3f1cdd5847cecbc27a311b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d76dec1a37122bc16d83d059c08c0512ea8de909","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53254","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.373","lastModified":"2026-07-08T16:45:33.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: validate skb length in MCC handlers\n\nThe RFCOMM MCC handlers cast skb->data to protocol-specific structs\nwithout validating skb->len first. A malicious remote device can send\ntruncated MCC frames and trigger out-of-bounds reads in these handlers.\n\nFix this by using skb_pull_data() to validate and access the required\ndata before dereferencing it.\n\nrfcomm_recv_rpn() requires special handling since ETSI TS 07.10 allows\n1-byte RPN requests. Handle this by validating only the DLCI byte first,\nand validating the full struct only when len > 1."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/rfcomm/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"7c15c7c2878957cbfed93bcc29c13fdace464254","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"0d637136ce89f9a2309b2c3502402ce400dab0ef","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"98377e6b1a1a56561ec66a181573ea2b61b2079e","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"1b070ac9e99c2c2c3a8112943ca98ab6fca7f10c","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"3eabc6d47a0ad22b053329997aaf0ec1e581e392","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"08b9c1fbe78f4ad3f6250c6541cfaabdbeb81997","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"23882b828c3c8c51d0c946446a396b10abb3b16b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/rfcomm/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.15.210","matchCriteriaId":"9C9C01DE-8B58-4685-BE17-27C5DE19C71B"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/08b9c1fbe78f4ad3f6250c6541cfaabdbeb81997","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/0d637136ce89f9a2309b2c3502402ce400dab0ef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1b070ac9e99c2c2c3a8112943ca98ab6fca7f10c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/23882b828c3c8c51d0c946446a396b10abb3b16b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3eabc6d47a0ad22b053329997aaf0ec1e581e392","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c15c7c2878957cbfed93bcc29c13fdace464254","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/98377e6b1a1a56561ec66a181573ea2b61b2079e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53255","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.480","lastModified":"2026-07-08T16:44:20.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: validate advertising TLV before type checks\n\ntlv_data_is_valid() reads each advertising data field length from\ndata[i], then inspects data[i + 1] for managed EIR types before\nchecking that the current field still fits inside the supplied buffer.\n\nA malformed field whose length byte is the last byte of the buffer can\ntherefore make the parser read one byte past the advertising data.\n\nKASAN reported the following when a malformed MGMT_OP_ADD_ADVERTISING\nrequest reached that path:\n\n  BUG: KASAN: vmalloc-out-of-bounds in tlv_data_is_valid()\n  Read of size 1\n  Call trace:\n    tlv_data_is_valid()\n    add_advertising()\n    hci_mgmt_cmd()\n    hci_sock_sendmsg()\n\nMove the existing element-length check before any type-octet inspection\nso each non-empty element is proven to contain its type byte before the\nparser looks at data[i + 1]."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/mgmt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2bb36870e8cb29949ef9acec37129cd8e70f1857","lessThan":"13ad995071a06570668dd8daab3616c247c72080","versionType":"git","status":"affected"},{"version":"2bb36870e8cb29949ef9acec37129cd8e70f1857","lessThan":"06fcbd79c3c360a50f9be9d370769bbd738d0976","versionType":"git","status":"affected"},{"version":"2bb36870e8cb29949ef9acec37129cd8e70f1857","lessThan":"f7093ac233c1e7f51d125534f46067772a113175","versionType":"git","status":"affected"},{"version":"2bb36870e8cb29949ef9acec37129cd8e70f1857","lessThan":"74c08e4db35a476c3462aeb65846f955be732626","versionType":"git","status":"affected"},{"version":"2bb36870e8cb29949ef9acec37129cd8e70f1857","lessThan":"18fea1cb0c2599752e908c8217490f73ddd33e00","versionType":"git","status":"affected"},{"version":"2bb36870e8cb29949ef9acec37129cd8e70f1857","lessThan":"1a3c8ffbb469859b076445af44bdfa6a711d483e","versionType":"git","status":"affected"},{"version":"2bb36870e8cb29949ef9acec37129cd8e70f1857","lessThan":"2a3f3ed9e198ae23c15859ace2f9ca6cfdc35b57","versionType":"git","status":"affected"},{"version":"2bb36870e8cb29949ef9acec37129cd8e70f1857","lessThan":"de23fb62259aa01d294f77238ae3b835eb674413","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/mgmt.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"4.9","status":"affected"},{"version":"0","lessThan":"4.9","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9","versionEndExcluding":"5.10.259","matchCriteriaId":"16757D5D-A936-4C6B-9458-0CCE90C2EE13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/06fcbd79c3c360a50f9be9d370769bbd738d0976","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/13ad995071a06570668dd8daab3616c247c72080","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/18fea1cb0c2599752e908c8217490f73ddd33e00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1a3c8ffbb469859b076445af44bdfa6a711d483e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2a3f3ed9e198ae23c15859ace2f9ca6cfdc35b57","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/74c08e4db35a476c3462aeb65846f955be732626","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/de23fb62259aa01d294f77238ae3b835eb674413","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f7093ac233c1e7f51d125534f46067772a113175","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53256","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.593","lastModified":"2026-07-08T16:42:18.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()\n\nrfcomm_get_sock_by_channel() scans rfcomm_sk_list under the list lock,\nbut returns the selected listener after dropping that lock without\ntaking a reference. rfcomm_connect_ind() then locks the listener,\nqueues a child socket on it, and may notify it after unlocking it.\n\nThe buggy scenario involves two paths, with each column showing the\norder within that path:\n\nrfcomm_connect_ind():            listener close:\n  1. Find parent in              1. close() enters\n     rfcomm_get_sock_by_channel()   rfcomm_sock_release().\n  2. Drop rfcomm_sk_list.lock    2. rfcomm_sock_shutdown()\n     without pinning parent.        closes the listener.\n  3. Call lock_sock(parent) and  3. rfcomm_sock_kill()\n     bt_accept_enqueue(parent,      unlinks and puts parent.\n     sk, true).\n  4. Read parent flags and may   4. parent can be freed.\n     call sk_state_change().\n\nIf close wins the race, parent can be freed before\nrfcomm_connect_ind() reaches lock_sock(), bt_accept_enqueue(), or the\ndeferred-setup callback.\n\nTake a reference on the listener before leaving rfcomm_sk_list.lock.\nAfter lock_sock() succeeds, recheck that it is still in BT_LISTEN\nbefore queueing a child, cache the deferred-setup bit while the parent\nis locked, and drop the reference after the last parent use.\n\nKASAN reported a slab-use-after-free in lock_sock_nested() from\nrfcomm_connect_ind(), with the freeing stack going through\nrfcomm_sock_kill() and rfcomm_sock_release()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/bluetooth/rfcomm/sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"f5ec76bdbeb80f75ad0be204371afffee0f8fac8","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"a07d741c077d4e34b16458241a94d29039386553","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"1f73f92f66251065a5f39b09a47cf05ea14d3107","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"de31973ef00e5aa55496f84cf6a44bb157a34e02","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b0e33e409715c617e2a20f46f99aa5403a14dfda","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"8802413ce63175fb522a2bd609fb043a3550c720","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"6f4462d12133106460d7c046b95aad2491e3fddf","versionType":"git","status":"affected"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"43c441edacf953b39517a44f5e5e10a93618b226","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/bluetooth/rfcomm/sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","versionType":"semver","status":"unaffected"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","versionType":"semver","status":"unaffected"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","versionType":"semver","status":"unaffected"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","versionType":"semver","status":"unaffected"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12.1","versionEndExcluding":"5.10.259","matchCriteriaId":"1D09A811-8082-4A08-AF10-F1F8501C5596"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.210","matchCriteriaId":"5E938CDF-D1C4-43D0-98DC-9E11B6B55801"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.176","matchCriteriaId":"C4446623-5F2B-4DD8-8666-9FAAC285A757"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.143","matchCriteriaId":"9062F1CD-CAD6-4EA2-A73F-C06D4A887B8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*","matchCriteriaId":"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*","matchCriteriaId":"4F76C298-81DC-43E4-8FC9-DC005A2116EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*","matchCriteriaId":"0AB349B2-3F78-4197-882B-90ADB3BF645A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*","matchCriteriaId":"6AC88830-A9BC-4607-B572-A4B502FC9FD0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*","matchCriteriaId":"476CB3A5-D022-4F13-AAEF-CB6A5785516A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1f73f92f66251065a5f39b09a47cf05ea14d3107","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/43c441edacf953b39517a44f5e5e10a93618b226","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6f4462d12133106460d7c046b95aad2491e3fddf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8802413ce63175fb522a2bd609fb043a3550c720","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a07d741c077d4e34b16458241a94d29039386553","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b0e33e409715c617e2a20f46f99aa5403a14dfda","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/de31973ef00e5aa55496f84cf6a44bb157a34e02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5ec76bdbeb80f75ad0be204371afffee0f8fac8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53257","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.713","lastModified":"2026-07-08T16:40:58.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: enforce HE/EHT cap/oper consistency\n\nXiang Mei reports that mac80211 could crash if eht_cap is set\nbut eht_oper isn't. Rather than fixing that for the individual\nuser(s), enforce that both HE/EHT have consistent elements."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/wireless/nl80211.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"22c64f37e1d4e757b0073a72f1439c2c3509c5cb","lessThan":"0f5e9ddd7e8e7758771a63cdd498a2007dc8da7a","versionType":"git","status":"affected"},{"version":"22c64f37e1d4e757b0073a72f1439c2c3509c5cb","lessThan":"cb9959ab5f99611d27a06586add84811fe8102dc","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/wireless/nl80211.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.16","status":"affected"},{"version":"0","lessThan":"6.16","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.16","versionEndExcluding":"7.0.13","matchCriteriaId":"7B612572-0B7C-4F1E-894D-060FED494683"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0f5e9ddd7e8e7758771a63cdd498a2007dc8da7a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cb9959ab5f99611d27a06586add84811fe8102dc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53258","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.800","lastModified":"2026-07-08T16:40:07.403","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: fix leak if split 6 GHz scanning fails\n\nrdev->int_scan_req is leaked if cfg80211_scan() fails.  Note that it's\nsupposed to be released at ___cfg80211_scan_done() but this doesn't happen\nas rdev->scan_req is NULL at that point, too, leading to the early return\nfrom the freeing function.\n\nunreferenced object 0xffff8881161d0800 (size 512):\n  comm \"wpa_supplicant\", pid 379, jiffies 4294749765\n  hex dump (first 32 bytes):\n    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................\n    00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff  ................\n  backtrace (crc c867fdb6):\n    kmemleak_alloc+0x89/0x90\n    __kmalloc_noprof+0x2fd/0x410\n    cfg80211_scan+0x133/0x730\n    nl80211_trigger_scan+0xc69/0x1cc0\n    genl_family_rcv_msg_doit+0x204/0x2f0\n    genl_rcv_msg+0x431/0x6b0\n    netlink_rcv_skb+0x143/0x3f0\n    genl_rcv+0x27/0x40\n    netlink_unicast+0x4f6/0x820\n    netlink_sendmsg+0x797/0xce0\n    __sock_sendmsg+0xc4/0x160\n    ____sys_sendmsg+0x5e4/0x890\n    ___sys_sendmsg+0xf8/0x180\n    __sys_sendmsg+0x136/0x1e0\n    __x64_sys_sendmsg+0x76/0xc0\n    x64_sys_call+0x13f0/0x17d0\n\nFound by Linux Verification Center (linuxtesting.org)."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/wireless/scan.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c8cb5b854b40f2ce52ccd032fa19750f4181d5fc","lessThan":"fb8db813eba2e56ee001c9fb5c2ce2cb78c42642","versionType":"git","status":"affected"},{"version":"c8cb5b854b40f2ce52ccd032fa19750f4181d5fc","lessThan":"a24134ddc18b4d440714365637d440b7121447b9","versionType":"git","status":"affected"},{"version":"c8cb5b854b40f2ce52ccd032fa19750f4181d5fc","lessThan":"e8694f7cc29287e843648d1075177b9a2000d957","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/wireless/scan.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"6.18.36","matchCriteriaId":"71576ED2-59A4-421C-AFAF-7379A7DAE364"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a24134ddc18b4d440714365637d440b7121447b9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8694f7cc29287e843648d1075177b9a2000d957","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fb8db813eba2e56ee001c9fb5c2ce2cb78c42642","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53259","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.893","lastModified":"2026-07-08T16:39:16.290","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: anycast: insert aca into global hash under idev->lock\n\nsyzbot reported a splat [1]: a slab-use-after-free in\nipv6_chk_acast_addr(), which walks the global inet6_acaddr_lst[] hash\nunder RCU and dereferences a struct ifacaddr6 that has already been\nfreed while still linked in the hash, so a later reader walks into a\ndangling node.\n\nIn __ipv6_dev_ac_inc() the aca is allocated with refcount 1, then\naca_get() bumps it to 2 to keep it alive across the unlocked region.\nIt is published to idev->ac_list under idev->lock, but\nipv6_add_acaddr_hash() runs after write_unlock_bh(). A concurrent\nteardown (ipv6_ac_destroy_dev() from addrconf_ifdown(), under RTNL)\ncan slip into that window:\n\n  CPU0 __ipv6_dev_ac_inc           CPU1 ipv6_ac_destroy_dev (RTNL)\n  ------------------------------   ------------------------------------\n  aca_alloc()              refcnt 1\n  aca_get()               refcnt 2\n  write_lock_bh(idev->lock)\n    add aca to ac_list\n  write_unlock_bh(idev->lock)\n                                   write_lock_bh(idev->lock)\n                                     pull aca off ac_list\n                                   write_unlock_bh(idev->lock)\n                                   ipv6_del_acaddr_hash(aca)\n                                     hlist_del_init_rcu() is a no-op,\n                                     aca is not in the hash yet\n                                   aca_put()           refcnt 2->1\n  ipv6_add_acaddr_hash(aca)\n    aca now inserted into the hash\n  aca_put()                refcnt 1->0\n    call_rcu(aca_free_rcu) -> kfree(aca)\n\nThe hash removal becomes a no-op because the insertion has not\nhappened yet, so once CPU0 inserts and drops the last reference, the\naca is freed while still linked in inet6_acaddr_lst[], and readers\ndereference freed memory after the slab slot is reused.\n\nThis window opened once RTNL stopped serializing the join path against\ndevice teardown. Move ipv6_add_acaddr_hash() inside the idev->lock\nsection so the ac_list and hash insertions are atomic with respect to\nteardown: a racing remover now either misses the aca entirely or finds\nit in both lists.\n\nacaddr_hash_lock is now nested under idev->lock, which is acquired in\nsoftirq context, so switch all acaddr_hash_lock sites to spin_lock_bh()\nto avoid the irq lock inversion reported in [2].\n\n[1] https://syzkaller.appspot.com/bug?extid=a01df04303c131efbf3a\n[2] https://lore.kernel.org/netdev/6a194ef7.ba3b1513.1890b4.0000.GAE@google.com/"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv6/anycast.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"eb1ac9ff6c4a5720b1a1476233be374c5dc44bff","lessThan":"15be7e9fdbff831fb3e89b83cc337a4f85ad3310","versionType":"git","status":"affected"},{"version":"eb1ac9ff6c4a5720b1a1476233be374c5dc44bff","lessThan":"3a967c498baa976b11d4800dda224c507416e97c","versionType":"git","status":"affected"},{"version":"eb1ac9ff6c4a5720b1a1476233be374c5dc44bff","lessThan":"f723ccaff2fb72b71ae8a9fd283f0dee4d9ae7a3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv6/anycast.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.17","status":"affected"},{"version":"0","lessThan":"6.17","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.17","versionEndExcluding":"6.18.36","matchCriteriaId":"43D90067-1014-46EC-861E-3BAF5F823B65"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/15be7e9fdbff831fb3e89b83cc337a4f85ad3310","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3a967c498baa976b11d4800dda224c507416e97c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f723ccaff2fb72b71ae8a9fd283f0dee4d9ae7a3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53260","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:43.993","lastModified":"2026-07-08T15:25:49.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Add preempt_{disable,enable}_nested() in reqsk_queue_hash_req().\n\nsyzbot reported a weird reqsk->rsk_refcnt underflow in\n__inet_csk_reqsk_queue_drop().\n\nThe captured reqsk_put() in __inet_csk_reqsk_queue_drop()\nis called only when it successfully removes reqsk from ehash.\n\nMoreover, reqsk_timer_handler() calls another reqsk_put()\nafter that.\n\nThis indicates that the reqsk was missing both refcnts for\nehash and the timer itself.\n\nSince all the syzbot reports had PREEMPT_RT enabled, the only\npossible scenario is that reqsk_queue_hash_req() is preempted\nafter mod_timer() and before refcount_set(), and then the timer\ntriggered after 1s aborts the reqsk due to its listener's close().\n\nLet's wrap mod_timer() and refcount_set() with\npreempt_disable_nested() and preempt_enable_nested().\n\nNote that inet_ehash_insert() holds the normal spin_lock()\n(mutex in PREEMPT_RT), so it must be called outside of\npreempt_disable_nested(), but this is fine.\n\nThe lookup path just ignores 0 sk_refcnt entries in ehash\nand tries to create another reqsk, but this will fail at\ninet_ehash_insert().\n\n[0]:\nrefcount_t: underflow; use-after-free.\nWARNING: lib/refcount.c:28 at refcount_warn_saturate+0xb2/0x110 lib/refcount.c:28, CPU#0: ktimers/0/16\nModules linked in:\nCPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)}\nTainted: [L]=SOFTLOCKUP\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026\nRIP: 0010:refcount_warn_saturate+0xb2/0x110 lib/refcount.c:28\nCode: e4 7d d1 0a 67 48 0f b9 3a eb 4a e8 38 3d 23 fd 48 8d 3d e1 7d d1 0a 67 48 0f b9 3a eb 37 e8 25 3d 23 fd 48 8d 3d de 7d d1 0a <67> 48 0f b9 3a eb 24 e8 12 3d 23 fd 48 8d 3d db 7d d1 0a 67 48 0f\nRSP: 0000:ffffc90000157948 EFLAGS: 00010246\nRAX: ffffffff84a1301b RBX: 0000000000000003 RCX: ffff88801ca98000\nRDX: 0000000000000100 RSI: 0000000000000000 RDI: ffffffff8f72ae00\nRBP: ffffffff99ae3b01 R08: ffff88801ca98000 R09: 0000000000000005\nR10: 0000000000000100 R11: 0000000000000004 R12: ffff8880425ef568\nR13: ffff8880425ef4f8 R14: ffff8880425ef578 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff888126386000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7b46710e9c CR3: 000000000dbb6000 CR4: 00000000003526f0\nCall Trace:\n <TASK>\n __refcount_sub_and_test include/linux/refcount.h:400 [inline]\n __refcount_dec_and_test include/linux/refcount.h:432 [inline]\n refcount_dec_and_test include/linux/refcount.h:450 [inline]\n reqsk_put include/net/request_sock.h:136 [inline]\n __inet_csk_reqsk_queue_drop+0x3ce/0x440 net/ipv4/inet_connection_sock.c:1007\n reqsk_timer_handler+0x651/0xdf0 net/ipv4/inet_connection_sock.c:1137\n call_timer_fn+0x192/0x5e0 kernel/time/timer.c:1748\n expire_timers kernel/time/timer.c:1799 [inline]\n __run_timers kernel/time/timer.c:2374 [inline]\n __run_timer_base+0x6a3/0x9f0 kernel/time/timer.c:2386\n run_timer_base kernel/time/timer.c:2395 [inline]\n run_timer_softirq+0x67/0x170 kernel/time/timer.c:2403\n handle_softirqs+0x1de/0x6d0 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0x69/0x100 kernel/softirq.c:1151\n smpboot_thread_fn+0x541/0xa50 kernel/smpboot.c:160\n kthread+0x388/0x470 kernel/kthread.c:436\n ret_from_fork+0x514/0xb70 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n </TASK>"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/ipv4/inet_connection_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"d2d6422f8bd17c6bb205133e290625a564194496","lessThan":"b183215ff714efb747d9d5a429322ba6404b5401","versionType":"git","status":"affected"},{"version":"d2d6422f8bd17c6bb205133e290625a564194496","lessThan":"e10902df24488ca722303133acfc82490f7d59ad","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/ipv4/inet_connection_sock.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.12","status":"affected"},{"version":"0","lessThan":"6.12","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.12","versionEndExcluding":"7.0.13","matchCriteriaId":"5F7CA1CD-70DF-41F4-8C32-AFEA390C118F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b183215ff714efb747d9d5a429322ba6404b5401","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e10902df24488ca722303133acfc82490f7d59ad","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53261","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:44.100","lastModified":"2026-07-08T15:17:32.770","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: Release nested relation on devlink free\n\ndevlink relation state is normally released from devl_unregister(), which\ncalls devlink_rel_put(). This misses devlink instances that get a nested\nrelation before registration and then fail probe before devl_register() is\nreached.\n\nThat flow can happen for SFs. The child devlink gets linked to its\nparent before registration, then a later probe error calls devlink_free()\ndirectly. Since the instance was never registered, devl_unregister() is not\ncalled and devlink->rel is leaked.\n\nRelease any pending relation from devlink_free() as well. The registered\npath is unchanged because devl_unregister() already clears devlink->rel\nbefore devlink_free() runs."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/devlink/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c137743bce02b18c1537d4681aa515f7b80bf0a8","lessThan":"a9137286884703113b1c9e6403bd6d7d97b14754","versionType":"git","status":"affected"},{"version":"c137743bce02b18c1537d4681aa515f7b80bf0a8","lessThan":"927f96861f939c0b517d13ed27bf4fabbfc1cfb3","versionType":"git","status":"affected"},{"version":"c137743bce02b18c1537d4681aa515f7b80bf0a8","lessThan":"11324d52b0c63f4f202b35793c6507a575e9a689","versionType":"git","status":"affected"},{"version":"c137743bce02b18c1537d4681aa515f7b80bf0a8","lessThan":"3522b21fd7e1863d0734537737bd59f1b90d0190","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/devlink/core.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.94","matchCriteriaId":"85421C0C-ABDE-4357-971C-67F9087DE1B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/11324d52b0c63f4f202b35793c6507a575e9a689","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3522b21fd7e1863d0734537737bd59f1b90d0190","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/927f96861f939c0b517d13ed27bf4fabbfc1cfb3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a9137286884703113b1c9e6403bd6d7d97b14754","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53262","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:44.190","lastModified":"2026-07-08T15:15:55.710","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pppol2tp: hold reference to session in pppol2tp_ioctl()\n\npppol2tp_ioctl() read sock->sk->sk_user_data directly without any\nlocks or reference counting.  If a controllable sleep was induced during\ncopy_from_user() (e.g. via a userfaultfd page fault sleep), a concurrent\nsocket close could trigger pppol2tp_session_close() asynchronously.  This\nfrees the l2tp_session structure via the l2tp_session_del_work workqueue.\nUpon resuming, the ioctl thread dereferences the stale session pointer,\nresulting in a Use-After-Free (UAF).\n\nFix this by securely fetching the session reference using the RCU-safe,\nrefcounted helper pppol2tp_sock_to_session(sk) on entry.  This locks the\nsession's refcount across the sleep.  We structured the function to exit\nvia standard err breaks, guaranteeing that l2tp_session_put() is cleanly\ncalled on all return paths to drop the reference.\n\nTo preserve existing behavior we validate the session and its magic\nsignature only for the specific L2TP commands that require it.  This\nensures that generic/unknown ioctls called on an unconnected socket\nstill return -ENOIOCTLCMD and correctly fall back to generic handlers\n(e.g. in sock_do_ioctl())."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["net/l2tp/l2tp_ppp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"fd558d186df2c13a22455373858bae634a4795af","lessThan":"78cdfdca88cbf731a92f3b9ee5427c633dd94e28","versionType":"git","status":"affected"},{"version":"fd558d186df2c13a22455373858bae634a4795af","lessThan":"e251d4cdfc725c9e7d686161e3b775a0e7d95053","versionType":"git","status":"affected"},{"version":"fd558d186df2c13a22455373858bae634a4795af","lessThan":"62f327e287cf7b595ae3f73ba72f5cd2a9e9f39f","versionType":"git","status":"affected"},{"version":"fd558d186df2c13a22455373858bae634a4795af","lessThan":"a213a8950414c684999dcf03edeea6c46ede172e","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["net/l2tp/l2tp_ppp.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"2.6.35","status":"affected"},{"version":"0","lessThan":"2.6.35","versionType":"semver","status":"unaffected"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.35","versionEndExcluding":"6.12.94","matchCriteriaId":"8E092CDC-D238-443D-B52B-C57704BE09B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.36","matchCriteriaId":"389025D2-958D-41BD-BD96-70ED1033A9F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/62f327e287cf7b595ae3f73ba72f5cd2a9e9f39f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/78cdfdca88cbf731a92f3b9ee5427c633dd94e28","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a213a8950414c684999dcf03edeea6c46ede172e","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e251d4cdfc725c9e7d686161e3b775a0e7d95053","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-50740","sourceIdentifier":"support@hackerone.com","published":"2026-06-26T02:16:53.517","lastModified":"2026-07-08T20:16:51.627","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A missing sanitisation vulnerability of user input in the zone-include.php script exists in Revive Adserver 6.0.7 and earlier. A low‑privileged user could exploit the refresh parameter of the iFrame invocation tag to perform reflected XSS attacks."}],"affected":[{"source":"support@hackerone.com","affectedData":[{"vendor":"Revive","product":"Adserver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.0.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T12:24:26.214843Z","id":"CVE-2026-50740","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.8","matchCriteriaId":"FD0ED938-344E-44B5-B3A6-793B968229B0"}]}]}],"references":[{"url":"https://hackerone.com/reports/3780806","source":"support@hackerone.com","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-48090","sourceIdentifier":"security-advisories@github.com","published":"2026-06-26T19:16:41.590","lastModified":"2026-07-08T20:16:50.213","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, the HTTP OAuth2 filter (envoy.filters.http.oauth2) can leave an in-flight async token exchange attached to a downstream stream that has already been torn down. A late AsyncClient completion can still invoke OAuth2Filter methods that use StreamDecoderFilterCallbacks after that object’s lifetime has ended, causing undefined behavior, worker crashes (availability loss), and use-after-free / invalid-vptr failures under AddressSanitizer. This is a memory-safety / lifetime issue in the data plane, not a trivial config bug. Remote code execution is not claimed here; the primary demonstrated impact is DoS via crash and UB; any further impact would be deployment- and allocator-dependent.  This vulnerability is fixed in 1.37.5 and 1.38.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"envoyproxy","product":"envoy","versions":[{"version":">= 1.38.0, < 1.38.3","status":"affected"},{"version":">= 1.37.0, < 1.37.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-29T12:01:33.641021Z","id":"CVE-2026-48090","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.37.0","versionEndExcluding":"1.37.5","matchCriteriaId":"2057BF79-00D1-4154-9DC0-3F278C72F4E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","versionStartIncluding":"1.38.0","versionEndExcluding":"1.38.3","matchCriteriaId":"2A218AD4-BF4B-46EA-96D7-3B25B7E71AC8"}]}]}],"references":[{"url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-3cj2-c63f-q26f","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"https://github.com/envoyproxy/envoy/security/advisories/GHSA-3cj2-c63f-q26f","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57676","sourceIdentifier":"audit@patchstack.com","published":"2026-06-29T09:16:31.147","lastModified":"2026-07-08T20:16:53.687","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels.\n\nThis issue affects Simple User Avatar: from n/a through 4.9."}],"affected":[{"source":"audit@patchstack.com","affectedData":[{"vendor":"Matteo Manna","product":"Simple User Avatar","defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins","packageName":"simple-user-avatar","versions":[{"version":"n/a","lessThanOrEqual":"4.9","versionType":"custom","status":"affected","changes":[{"at":"5.0","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-01T10:23:41.207667Z","id":"CVE-2026-57676","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/simple-user-avatar/vulnerability/wordpress-simple-user-avatar-plugin-4-9-insecure-direct-object-references-idor-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}},{"cve":{"id":"CVE-2026-56290","sourceIdentifier":"security@joomla.org","published":"2026-06-29T15:16:42.360","lastModified":"2026-07-08T13:37:08.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE."}],"affected":[{"source":"security@joomla.org","affectedData":[{"vendor":"joomlack.fr","product":"JoomlaCK.fr Page Builder CK extension for Joomla","defaultStatus":"unaffected","versions":[{"version":"1.0-3.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@joomla.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"ATTACKED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"RED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T00:00:00+00:00","id":"CVE-2026-56290","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-07","cisaActionDue":"2026-07-10","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Joomlack Page Builder Improper Access Control Vulnerability","weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomlack:page_builder_ck:*:*:*:*:*:joomla\\!:*:*","versionEndExcluding":"3.6.0","matchCriteriaId":"5181215D-DF24-47CA-B49B-23BCB55C1C60"}]}]}],"references":[{"url":"https://www.joomlack.fr/","source":"security@joomla.org","tags":["Product"]},{"url":"https://forum.joomlack.fr/index.php/page-builder-ck/21627-nouvelle-version-de-pbck-et-joomla-3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Patch"]},{"url":"https://mysites.guru/blog/pagebuilderck-unauthenticated-file-upload-rce/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-56290","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-13149","sourceIdentifier":"22e2d327-25fe-45d7-9f0c-dcd23b7108df","published":"2026-06-30T10:16:34.560","lastModified":"2026-07-08T12:17:20.087","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of consecutive non-expanding '{}' brace groups. An attacker who passes a crafted string to expand(), directly or transitively, can cause significant CPU consumption and event-loop blocking. The max option does not mitigate this, as it bounds the output size rather than the recursion work."}],"affected":[{"source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df","affectedData":[{"vendor":"juliangruber","product":"brace-expansion","defaultStatus":"unaffected","collectionURL":"https://registry.npmjs.org","packageName":"brace-expansion","repo":"https://github.com/juliangruber/brace-expansion","versions":[{"version":"0","lessThanOrEqual":"5.0.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NEGLIGIBLE","Automatable":"YES","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"MODERATE","providerUrgency":"AMBER"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T12:43:12.568372Z","id":"CVE-2026-13149","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df","type":"Secondary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-407"}]}],"references":[{"url":"https://github.com/juliangruber/brace-expansion/commit/c7e33ec13ac1a684c116720843ce24e208611754","source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df"},{"url":"https://www.npmjs.com/package/brace-expansion","source":"22e2d327-25fe-45d7-9f0c-dcd23b7108df"}]}},{"cve":{"id":"CVE-2026-48282","sourceIdentifier":"psirt@adobe.com","published":"2026-06-30T16:16:54.533","lastModified":"2026-07-08T14:58:28.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"ColdFusion","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"2023.20","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T00:00:00+00:00","id":"CVE-2026-48282","options":[{"exploitation":"active"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"cisaExploitAdd":"2026-07-07","cisaActionDue":"2026-07-10","cisaRequiredAction":"Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.","cisaVulnerabilityName":"Adobe ColdFusion Path Traversal Vulnerability","weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:-:*:*:*:*:*:*","matchCriteriaId":"B02A37FE-5D31-4892-A3E6-156A8FE62D28"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update1:*:*:*:*:*:*","matchCriteriaId":"0AA3D302-CFEE-4DFD-AB92-F53C87721BFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update10:*:*:*:*:*:*","matchCriteriaId":"645D1B5F-2DAB-4AB8-A465-AC37FF494F95"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update11:*:*:*:*:*:*","matchCriteriaId":"ED6D8996-0770-4C9F-BEA5-87EA479D40A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update12:*:*:*:*:*:*","matchCriteriaId":"4836086E-3D4A-4A07-A372-382D385CB490"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update13:*:*:*:*:*:*","matchCriteriaId":"CBC19168-4184-4B59-B9C8-E98844124EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update14:*:*:*:*:*:*","matchCriteriaId":"A60DCD92-9A5B-411C-9554-642C91D77FAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update15:*:*:*:*:*:*","matchCriteriaId":"58CC65EF-60A3-4DFA-AA51-E5013F116CEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update16:*:*:*:*:*:*","matchCriteriaId":"2E3EBFB1-4488-4924-A2E2-B7E422D68345"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update17:*:*:*:*:*:*","matchCriteriaId":"A683F9B2-A0DC-4AA0-BE97-9E74FA200AB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update18:*:*:*:*:*:*","matchCriteriaId":"8689F35F-9A81-45D2-B782-DBA12306BA45"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update19:*:*:*:*:*:*","matchCriteriaId":"5FAA5985-4B25-46C5-8064-0713AB251704"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update2:*:*:*:*:*:*","matchCriteriaId":"EB88D4FE-5496-4639-BAF2-9F29F24ABF29"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update20:*:*:*:*:*:*","matchCriteriaId":"9E3884AF-7A1A-4604-B653-6694B7BD1E86"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update3:*:*:*:*:*:*","matchCriteriaId":"43E0ED98-2C1F-40B8-AF60-FEB1D85619C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update4:*:*:*:*:*:*","matchCriteriaId":"76204873-C6E0-4202-8A03-0773270F1802"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update5:*:*:*:*:*:*","matchCriteriaId":"C1A22BE9-0D47-4BA8-8BDB-9B12D7A0F7C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update6:*:*:*:*:*:*","matchCriteriaId":"E3A83642-BF14-4C37-BD94-FA76AABE8ADC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update7:*:*:*:*:*:*","matchCriteriaId":"A892E1DC-F2C8-4F53-8580-A2D1BEED5A25"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update8:*:*:*:*:*:*","matchCriteriaId":"DB97ADBA-C1A9-4EE0-9509-68CB12358AE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2023:update9:*:*:*:*:*:*","matchCriteriaId":"E17C38F0-9B0F-4433-9CBD-6E3D63EA9BDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:-:*:*:*:*:*:*","matchCriteriaId":"30779417-D4E5-4A01-BE0E-1CE1D134292A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update1:*:*:*:*:*:*","matchCriteriaId":"80D7FC6A-F264-4CB1-A18D-B091EBA47882"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update2:*:*:*:*:*:*","matchCriteriaId":"E3DA0D20-93BA-4C76-A400-159853CD7277"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update3:*:*:*:*:*:*","matchCriteriaId":"5BAB6F21-61F1-43AB-88BA-553CD9AD6C0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update4:*:*:*:*:*:*","matchCriteriaId":"C85288B9-5D63-49EA-828A-8DB3BB2367F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update5:*:*:*:*:*:*","matchCriteriaId":"3882A011-5A01-48E7-B5E7-5A837B1CE245"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update6:*:*:*:*:*:*","matchCriteriaId":"AACCE621-3380-4144-BA1B-AA26FE96B902"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update7:*:*:*:*:*:*","matchCriteriaId":"EBC62370-3FA2-4AF7-A201-4155D09051F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update8:*:*:*:*:*:*","matchCriteriaId":"D7616F34-9422-4815-806F-4484F68ED2A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:coldfusion:2025:update9:*:*:*:*:*:*","matchCriteriaId":"FB078BC9-164F-46D0-99F8-086F93FF2046"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/coldfusion/apsb26-68.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48282","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}},{"cve":{"id":"CVE-2026-58467","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-02T20:17:06.733","lastModified":"2026-07-08T14:17:19.517","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cockpit CMS through 2.14.0 contains a path traversal and local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files or execute PHP files by including unvalidated PATH_INFO derived from REQUEST_URI in filesystem path construction without containment checks. Attackers can inject dot-dot sequences into the URL to traverse outside the designated spaces directory, and when the resolved path ends with a .php extension, the application passes it to include(), enabling local file inclusion on deployments using the PHP built-in server or certain non-default Nginx configurations."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"cockpit-hq","product":"cockpit","defaultStatus":"affected","repo":"https://github.com/cockpit-hq/cockpit","versions":[{"version":"0","lessThanOrEqual":"2.14.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:21:37.199759Z","id":"CVE-2026-58467","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/geo-chen/oss/blob/main/cockpit.md","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/cockpit-cms-path-traversal-local-file-inclusion-via-index-php","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-38968","sourceIdentifier":"cve@mitre.org","published":"2026-07-02T21:16:55.170","lastModified":"2026-07-08T18:39:19.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T17:15:18.846487Z","id":"CVE-2026-38968","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-341"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntop:ntopng:*:*:*:*:*:*:*:*","versionEndIncluding":"6.6","matchCriteriaId":"0A7E691E-54AD-43A4-B3DC-C3FB234B1FB9"}]}]}],"references":[{"url":"https://github.com/ntop/ntopng/commit/14e22497233dc7d31d19dccb74b13bb073d16c2c","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/ntop/ntopng/commit/179a346ceb6239fd36128ccca3efa8f9ea61eeb5","source":"cve@mitre.org","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-38972","sourceIdentifier":"cve@mitre.org","published":"2026-07-02T21:16:56.353","lastModified":"2026-07-08T18:49:50.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibrary(L\"MSFTEDIT.DLL\") with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or another preferred DLL search location and achieve arbitrary code execution in the context of the user when the About dialog is opened."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:42:46.409319Z","id":"CVE-2026-38972","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rizonesoft:notepad3:*:*:*:*:*:*:*:*","versionEndIncluding":"6.25.822.1","matchCriteriaId":"35948CE1-8CB5-4879-A6FC-482FD123643E"}]}]}],"references":[{"url":"https://github.com/rizonesoft/Notepad3","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/rizonesoft/Notepad3/issues/5605","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/rizonesoft/Notepad3/pull/5606","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rizonesoft/Notepad3/issues/5605","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2026-12413","sourceIdentifier":"d42dc95b-23f1-4e06-9076-20753a0fb0df","published":"2026-07-02T22:16:42.517","lastModified":"2026-07-08T18:52:42.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected."}],"affected":[{"source":"d42dc95b-23f1-4e06-9076-20753a0fb0df","affectedData":[{"vendor":"The Libreswan Project","product":"libreswan","defaultStatus":"unaffected","versions":[{"version":"4.6","lessThanOrEqual":"5.3","versionType":"semver","status":"affected"},{"version":"5.3.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"d42dc95b-23f1-4e06-9076-20753a0fb0df","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:12:21.499364Z","id":"CVE-2026-12413","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"d42dc95b-23f1-4e06-9076-20753a0fb0df","type":"Secondary","description":[{"lang":"en","value":"CWE-193"},{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*","versionStartIncluding":"4.6","versionEndExcluding":"5.3.1","matchCriteriaId":"535F926A-021B-40BB-929F-618252622EAB"}]}]}],"references":[{"url":"https://libreswan.org/security/CVE-2026-12413/","source":"d42dc95b-23f1-4e06-9076-20753a0fb0df","tags":["Vendor Advisory"]},{"url":"https://libreswan.org/security/CVE-2026-12413/CVE-2026-12413.txt","source":"d42dc95b-23f1-4e06-9076-20753a0fb0df","tags":["Vendor Advisory","Mitigation"]}]}},{"cve":{"id":"CVE-2026-57100","sourceIdentifier":"secure@microsoft.com","published":"2026-07-02T23:16:51.267","lastModified":"2026-07-08T18:34:25.597","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"secure@microsoft.com","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network."}],"affected":[{"source":"secure@microsoft.com","affectedData":[{"vendor":"Microsoft","product":"Microsoft Entra Provisioning Service","versions":[{"version":"-","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-57100","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secure@microsoft.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:entra_provisioning_service:-:*:*:*:*:*:*:*","matchCriteriaId":"4DA622DA-A98B-42D4-B57C-EB8175EE4264"}]}]}],"references":[{"url":"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57100","source":"secure@microsoft.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-47897","sourceIdentifier":"security@apache.org","published":"2026-07-03T08:16:24.817","lastModified":"2026-07-08T18:29:03.233","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).\n\nThis issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018.\n\nUsers are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Lucene.Net","defaultStatus":"unaffected","collectionURL":"https://www.nuget.org","packageName":"Lucene.Net.Replicator","versions":[{"version":"4.8.0-beta00005","lessThan":"4.8.0-beta00018","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:L/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T17:31:12.886478Z","id":"CVE-2026-47897","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00005:*:*:*:*:*:*","matchCriteriaId":"79E25A9C-01FC-44B3-9A5E-F5E1D3CFADD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00006:*:*:*:*:*:*","matchCriteriaId":"7553B675-B9BE-4969-81F4-0757F91478CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00007:*:*:*:*:*:*","matchCriteriaId":"1405236D-970D-4879-A98C-87693C758494"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00008:*:*:*:*:*:*","matchCriteriaId":"07188547-C926-4937-87E9-23546E2EABFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00009:*:*:*:*:*:*","matchCriteriaId":"74865A6E-42F5-4C8E-9159-63240AE55BAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00010:*:*:*:*:*:*","matchCriteriaId":"EC844BB8-F736-4DFD-9410-E45558F112B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00011:*:*:*:*:*:*","matchCriteriaId":"C4FB017B-3FE4-4272-AB5C-292F4833BD81"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00012:*:*:*:*:*:*","matchCriteriaId":"5882F11D-D145-46D3-8740-D4336E34F323"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00013:*:*:*:*:*:*","matchCriteriaId":"24AD241C-97F8-4F93-811C-99E707E2B0E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00014:*:*:*:*:*:*","matchCriteriaId":"2E363C64-EE85-4302-8D26-71B11D8B9B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00015:*:*:*:*:*:*","matchCriteriaId":"FB9EB424-2545-4B57-8284-68AD0E57A92A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00016:*:*:*:*:*:*","matchCriteriaId":"B8B783C0-35FD-433D-A597-3B2B3B5E190A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00017:*:*:*:*:*:*","matchCriteriaId":"F46E0873-4467-44E8-A8EF-FB805DDF512B"}]}]}],"references":[{"url":"https://lists.apache.org/thread/on1j3zmvgtf8n9fw78z3lyf6dn94p5zc","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/03/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47898","sourceIdentifier":"security@apache.org","published":"2026-07-03T08:16:24.977","lastModified":"2026-07-08T18:25:07.617","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis.Common library).\n\nThis issue affects Apache Lucene.Net.Analysis.Common: from 4.8.0-beta00005 before 4.8.0-beta00018.\n\nUsers are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Lucene.Net","defaultStatus":"unaffected","collectionURL":"https://www.nuget.org","packageName":"Lucene.Net.Analysis.Common","versions":[{"version":"4.8.0-beta00005","lessThan":"4.8.0-beta00018","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T17:32:16.370064Z","id":"CVE-2026-47898","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00005:*:*:*:*:*:*","matchCriteriaId":"79E25A9C-01FC-44B3-9A5E-F5E1D3CFADD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00006:*:*:*:*:*:*","matchCriteriaId":"7553B675-B9BE-4969-81F4-0757F91478CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00007:*:*:*:*:*:*","matchCriteriaId":"1405236D-970D-4879-A98C-87693C758494"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00008:*:*:*:*:*:*","matchCriteriaId":"07188547-C926-4937-87E9-23546E2EABFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00009:*:*:*:*:*:*","matchCriteriaId":"74865A6E-42F5-4C8E-9159-63240AE55BAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00010:*:*:*:*:*:*","matchCriteriaId":"EC844BB8-F736-4DFD-9410-E45558F112B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00011:*:*:*:*:*:*","matchCriteriaId":"C4FB017B-3FE4-4272-AB5C-292F4833BD81"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00012:*:*:*:*:*:*","matchCriteriaId":"5882F11D-D145-46D3-8740-D4336E34F323"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00013:*:*:*:*:*:*","matchCriteriaId":"24AD241C-97F8-4F93-811C-99E707E2B0E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00014:*:*:*:*:*:*","matchCriteriaId":"2E363C64-EE85-4302-8D26-71B11D8B9B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00015:*:*:*:*:*:*","matchCriteriaId":"FB9EB424-2545-4B57-8284-68AD0E57A92A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00016:*:*:*:*:*:*","matchCriteriaId":"B8B783C0-35FD-433D-A597-3B2B3B5E190A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00017:*:*:*:*:*:*","matchCriteriaId":"F46E0873-4467-44E8-A8EF-FB805DDF512B"}]}]}],"references":[{"url":"https://lists.apache.org/thread/7yn9k6sbbsk18yco5y2hszpcf8dst489","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/03/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-47896","sourceIdentifier":"security@apache.org","published":"2026-07-03T09:16:37.397","lastModified":"2026-07-08T15:04:21.570","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene.Net (Lucene.Net.Replicator library).\n\nThis issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 through 4.8.0-beta00017.\n\nUsers are recommended to upgrade to version 4.8.0-beta00018, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Lucene.Net","defaultStatus":"unaffected","collectionURL":"https://www.nuget.org","packageName":"Lucene.Net.Replicator","versions":[{"version":"4.8.0-beta00005","lessThan":"4.8.0-beta00018","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:L/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"YES","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T17:30:40.261299Z","id":"CVE-2026-47896","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00005:*:*:*:*:*:*","matchCriteriaId":"79E25A9C-01FC-44B3-9A5E-F5E1D3CFADD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00006:*:*:*:*:*:*","matchCriteriaId":"7553B675-B9BE-4969-81F4-0757F91478CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00007:*:*:*:*:*:*","matchCriteriaId":"1405236D-970D-4879-A98C-87693C758494"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00008:*:*:*:*:*:*","matchCriteriaId":"07188547-C926-4937-87E9-23546E2EABFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00009:*:*:*:*:*:*","matchCriteriaId":"74865A6E-42F5-4C8E-9159-63240AE55BAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00010:*:*:*:*:*:*","matchCriteriaId":"EC844BB8-F736-4DFD-9410-E45558F112B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00011:*:*:*:*:*:*","matchCriteriaId":"C4FB017B-3FE4-4272-AB5C-292F4833BD81"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00012:*:*:*:*:*:*","matchCriteriaId":"5882F11D-D145-46D3-8740-D4336E34F323"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00013:*:*:*:*:*:*","matchCriteriaId":"24AD241C-97F8-4F93-811C-99E707E2B0E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00014:*:*:*:*:*:*","matchCriteriaId":"2E363C64-EE85-4302-8D26-71B11D8B9B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00015:*:*:*:*:*:*","matchCriteriaId":"FB9EB424-2545-4B57-8284-68AD0E57A92A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00016:*:*:*:*:*:*","matchCriteriaId":"B8B783C0-35FD-433D-A597-3B2B3B5E190A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:lucene.net:4.8.0:beta00017:*:*:*:*:*:*","matchCriteriaId":"F46E0873-4467-44E8-A8EF-FB805DDF512B"}]}]}],"references":[{"url":"https://lists.apache.org/thread/7y9gbt17p55fh1zltks4pnh719wq9sqt","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/03/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-26355","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:02.320","lastModified":"2026-07-08T19:34:55.017","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-26355","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndExcluding":"7.13.1.80","matchCriteriaId":"064F56BA-B974-4133-9DFA-B13D503766AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.3.1.0","versionEndExcluding":"8.3.1.40","matchCriteriaId":"C7291573-9C79-45AA-9675-18274FA52BAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.6.1.0","versionEndExcluding":"8.6.1.20","matchCriteriaId":"54CE0223-C1DD-448E-86DE-CF95EF6FBA48"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41123","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:10.720","lastModified":"2026-07-08T19:34:50.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.7.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:26:02.368915Z","id":"CVE-2026-41123","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndExcluding":"7.13.1.80","matchCriteriaId":"064F56BA-B974-4133-9DFA-B13D503766AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.14.0.0","versionEndExcluding":"8.3.1.40","matchCriteriaId":"EB4BB568-B169-4202-94E0-8D808419241B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndExcluding":"8.6.1.20","matchCriteriaId":"BA61361F-FED8-4936-A9F6-FFA35BE413F8"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-41124","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:10.837","lastModified":"2026-07-08T19:34:04.767","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:34:01.090466Z","id":"CVE-2026-41124","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndExcluding":"7.13.1.80","matchCriteriaId":"064F56BA-B974-4133-9DFA-B13D503766AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.14.0.0","versionEndExcluding":"8.3.1.40","matchCriteriaId":"EB4BB568-B169-4202-94E0-8D808419241B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndExcluding":"8.6.1.20","matchCriteriaId":"BA61361F-FED8-4936-A9F6-FFA35BE413F8"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44268","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:15.750","lastModified":"2026-07-08T19:33:14.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.7.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:21:24.648770Z","id":"CVE-2026-44268","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.6.1.10","matchCriteriaId":"1717B5B3-E190-4BE6-AAFC-CE0924D8497E"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-44269","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:15.870","lastModified":"2026-07-08T19:33:08.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.7.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:04:46.583622Z","id":"CVE-2026-44269","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.6.1.10","matchCriteriaId":"1717B5B3-E190-4BE6-AAFC-CE0924D8497E"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46467","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:22.990","lastModified":"2026-07-08T19:33:06.270","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T02:13:54.066332Z","id":"CVE-2026-46467","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46468","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:23.110","lastModified":"2026-07-08T19:33:04.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:33:00.657796Z","id":"CVE-2026-46468","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46730","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:23.390","lastModified":"2026-07-08T19:32:43.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect authorization vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized command execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:14.044409Z","id":"CVE-2026-46730","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54483","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:29.507","lastModified":"2026-07-08T19:32:39.970","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.7.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:16.299487Z","id":"CVE-2026-54483","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.6.1.10","matchCriteriaId":"1717B5B3-E190-4BE6-AAFC-CE0924D8497E"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-56085","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T13:17:30.240","lastModified":"2026-07-08T19:32:34.597","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of uninitialized resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:28:54.811003Z","id":"CVE-2026-56085","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-908"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46463","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T14:16:29.660","lastModified":"2026-07-08T19:32:28.133","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:28:04.886427Z","id":"CVE-2026-46463","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46464","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T14:16:30.360","lastModified":"2026-07-08T19:32:24.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access ('Link following') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T02:14:56.590648Z","id":"CVE-2026-46464","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46465","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T14:16:30.473","lastModified":"2026-07-08T19:32:19.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of externally-controlled format string vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and denial of service."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T16:29:00.503730Z","id":"CVE-2026-46465","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-134"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46466","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T14:16:30.593","lastModified":"2026-07-08T19:32:15.503","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an use of less trusted source vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information tampering."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T14:18:31.419001Z","id":"CVE-2026-46466","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-348"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49813","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T15:16:32.487","lastModified":"2026-07-08T19:32:10.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary command execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T03:56:07.469282Z","id":"CVE-2026-49813","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49814","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T15:16:32.610","lastModified":"2026-07-08T19:32:07.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-49814","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-49815","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T15:16:32.720","lastModified":"2026-07-08T19:32:01.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to execution of arbitrary OS commands."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-49815","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53478","sourceIdentifier":"security_alert@emc.com","published":"2026-07-03T15:16:32.840","lastModified":"2026-07-08T19:31:54.393","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to command execution."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThanOrEqual":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThanOrEqual":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThanOrEqual":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-53478","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndIncluding":"7.13.1.70","matchCriteriaId":"D81B827B-47D1-4856-ABEE-7FDB8599AD42"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.3.1.30","matchCriteriaId":"3A1E837C-2175-494D-8C20-EB25AE30F07F"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndIncluding":"8.7.0.0","matchCriteriaId":"FFF0094F-0C71-461F-9760-E9E0AB269FE1"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-12481","sourceIdentifier":"security@huntr.dev","published":"2026-07-03T21:16:54.737","lastModified":"2026-07-08T15:01:47.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set to `None`, which is the default value when `from_config()` is called outside of a `SafeModeScope` context. This logic error conflates `None` (unset/default-deny) with `False` (explicitly disabled), bypassing the guard and allowing attacker-controlled `marshal` bytecode to be deserialized. Affected call sites include `keras.layers.deserialize(config)`, `keras.models.clone_model(model)`, and any direct invocation of `Lambda.from_config(config)` without an enclosing `SafeModeScope(True)`. This vulnerability can be exploited to achieve arbitrary OS-level code execution in the context of the server or user process."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"keras-team","product":"keras-team/keras","versions":[{"version":"unspecified","lessThanOrEqual":"latest","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T15:15:34.297007Z","id":"CVE-2026-12481","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:keras:keras:3.14.0:*:*:*:*:*:*:*","matchCriteriaId":"5AB5B43D-0D41-4CBB-97B5-F5FE10D56689"}]}]}],"references":[{"url":"https://huntr.com/bounties/59ceaed1-c8a3-4135-8f94-169ade02823d","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/59ceaed1-c8a3-4135-8f94-169ade02823d","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-14355","sourceIdentifier":"security@php.net","published":"2026-07-03T21:16:55.783","lastModified":"2026-07-08T20:11:16.060","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without accounting for RFC 5649 expansion. This may cause OpenSSL to write beyond allocated memory, corrupting heap metadata and triggering application abort."}],"affected":[{"source":"security@php.net","affectedData":[{"vendor":"php","product":"php","defaultStatus":"affected","collectionURL":"https://www.php.net/","packageName":"openssl","modules":["ext/openssl"],"versions":[{"version":"8.2.0","lessThan":"8.2.32","versionType":"semver","status":"affected"},{"version":"8.3.0","lessThan":"8.3.32","versionType":"semver","status":"affected"},{"version":"8.4.0","lessThan":"8.4.23","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThan":"8.5.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@php.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T13:57:51.767008Z","id":"CVE-2026-14355","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@php.net","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.32","matchCriteriaId":"84838FE7-7252-4A91-B533-6DF96F7638E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.3.0","versionEndExcluding":"8.3.32","matchCriteriaId":"BDE92322-4655-4D52-8130-0CEB76EE18B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0","versionEndExcluding":"8.4.23","matchCriteriaId":"7069BD62-FE98-468E-8BBE-6EE4AAA1770E"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndExcluding":"8.5.8","matchCriteriaId":"594B2AC2-D4EE-47A0-A522-F64240A10583"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*","matchCriteriaId":"46D69DCC-AE4D-4EA5-861C-D60951444C6C"}]}]}],"references":[{"url":"https://github.com/php/php-src/security/advisories/GHSA-7jrw-539f-x6vr","source":"security@php.net","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2026/07/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-12252","sourceIdentifier":"security@huntr.dev","published":"2026-07-04T02:16:23.603","lastModified":"2026-07-08T15:01:20.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute them via the `java()` function, which invokes `subprocess.Popen()` without integrity verification. This vulnerability is identical to CVE-2026-0848, which was fixed for StanfordSegmenter by adding SHA256 verification. However, the fix was not applied to these additional classes, leaving them susceptible to arbitrary code execution when loading untrusted JAR files."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"nltk","product":"nltk/nltk","versions":[{"version":"unspecified","lessThanOrEqual":"latest","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:32:42.979501Z","id":"CVE-2026-12252","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nltk:nltk:*:*:*:*:*:*:*:*","versionEndIncluding":"3.9.3","matchCriteriaId":"E3C35863-7D82-4EEF-BDE8-E94C559CF4FB"}]}]}],"references":[{"url":"https://huntr.com/bounties/f5c93982-0cc9-4e2e-bb85-1b6ab29a2efb","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]},{"url":"https://huntr.com/bounties/f5c93982-0cc9-4e2e-bb85-1b6ab29a2efb","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-10656","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-07-05T23:16:52.730","lastModified":"2026-07-08T14:59:33.740","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The MAX32xxx USB device controller driver (drivers/usb/udc/udc_max32.c, compatible adi_max32_usbhs) dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udc_event_xfer_out_done() called net_buf_add(buf, ep_request->actlen) immediately after buf = udc_buf_get(ep_cfg), where udc_buf_get() returns NULL when the endpoint FIFO is empty. A transfer-completion event is queued from interrupt context and processed asynchronously by the driver thread; between queuing and processing, the endpoint FIFO can be drained by host-controlled control flow — in particular udc_setup_received() drains the EP0 OUT/IN FIFOs whenever a new SETUP packet arrives, and dequeue/disable/purge paths drain it likewise. A USB host that aborts an in-flight EP0 control transfer with a new SETUP packet (legal USB behavior) can therefore cause a stale XFER_OUT_DONE event to be processed against an empty FIFO, producing net_buf_add(NULL, ...), a near-NULL pointer dereference that faults and crashes the device. No authentication is required; the attacker is the USB host the device is connected to (physical bus access). Impact is denial of service (device crash). The defect was introduced when the MAX32 UDC driver was added and shipped in Zephyr v4.4.0. The fix adds NULL-buffer checks that return early with UDC_EVT_ERROR/-ENOBUFS in both the OUT-done and IN-done handlers."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","versions":[{"version":"4.2.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:52:25.573518Z","id":"CVE-2026-10656","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndIncluding":"4.4.0","matchCriteriaId":"2333543A-2859-4C85-906B-FF6DBE95A355"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/a0d8f786559355fb3b38e34799e1ae491ba9545c","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-58p9-6mjq-rf2m","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-10657","sourceIdentifier":"vulnerabilities@zephyrproject.org","published":"2026-07-05T23:16:52.863","lastModified":"2026-07-08T14:55:01.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Zephyr's DNS resolver detects mDNS (.local) queries in dns_resolve_name_internal() (subsys/net/lib/dns/resolve.c) with memcmp(strrchr(query, '.'), \".local\", 7), which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes (e.g. names ending in .org, .com, .net, .io, or a trailing dot), the comparison reads 1-2 bytes past the string's NUL terminator. The hostname (query) is the caller-supplied name passed through the standard getaddrinfo()/dns_get_addr_info()/dns_resolve_name() path and is influenceable by operators or remote inputs (server names from configuration, parsed URLs, or app-facing interfaces). On a tightly-sized buffer with no slack (for example a userspace getaddrinfo call where the hostname is copied with k_usermode_string_alloc_copy to exactly strlen+1 bytes), the over-read crosses the allocation boundary; if that boundary is unmapped (guard page, memory-domain boundary under MPU, or an address sanitizer) the over-read faults, causing a denial of service. The over-read bytes are never returned, so there is no information disclosure. The flaw is compiled only when CONFIG_MDNS_RESOLVER is enabled, exists since v1.10.0, and is fixed by replacing the fixed-length memcmp with a NUL-safe strcmp(ptr, \".local\")."}],"affected":[{"source":"vulnerabilities@zephyrproject.org","affectedData":[{"vendor":"zephyrproject","product":"zephyr","defaultStatus":"unaffected","collectionURL":"https://github.com/zephyrproject-rtos/zephyr","packageName":"zephyr","versions":[{"version":"1.10.0","lessThan":"4.5.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:51:45.471859Z","id":"CVE-2026-10657","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vulnerabilities@zephyrproject.org","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*","versionStartIncluding":"1.10.0","versionEndIncluding":"4.4.0","matchCriteriaId":"6E12BDC8-E574-4145-B8B8-F647CC5EB913"}]}]}],"references":[{"url":"https://github.com/zephyrproject-rtos/zephyr/commit/448a21da12c9ea28f7fd12c6894e03a987b17a27","source":"vulnerabilities@zephyrproject.org","tags":["Patch"]},{"url":"https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-76jh-3j5f-9vq4","source":"vulnerabilities@zephyrproject.org","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-40047","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:35.377","lastModified":"2026-07-08T15:06:53.087","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component.\n\nThe camel-docling component invokes the external `docling` command-line tool by assembling an argument list in DoclingProducer and executing it through java.lang.ProcessBuilder. Custom CLI arguments supplied through the `CamelDoclingCustomArguments` exchange header (a List<String>) were appended to that argument list with insufficient validation: the original implementation relied on a denylist of disallowed flags and only rejected path values that contained a literal `../` sequence. As a result, a Camel route that forwards externally-influenced data into the `CamelDoclingCustomArguments` header (or into the path-bearing headers used to build the invocation) could cause the producer to pass unrecognized or unintended `docling` CLI flags to the subprocess, and could supply path-like argument values that resolved outside the intended directory through traversal sequences not caught by the literal `../` check. Because Camel itself builds the `docling` invocation from these values, the component is responsible for constraining them, and the weak validation allowed CLI-argument injection and directory traversal in the arguments passed to the external tool. The invocation uses the list-based form of ProcessBuilder, so a shell does not interpret the argument values; OS command injection through shell metacharacters was not possible, and the metacharacter rejection added by the fix is defense-in-depth.\nThis issue affects Apache Camel: from 4.15.0 before 4.18.3.\n\nUsers are recommended to upgrade to a release that contains the CAMEL-23212 fix. On the mainline the fix is included from Apache Camel 4.19.0 (and later releases such as 4.20.0). For users on the 4.18.x LTS releases stream, upgrade to 4.18.3. The fix replaces the denylist with a strict allowlist of recognized `docling` CLI flags (rejecting any unrecognized flag, and rejecting producer-managed flags such as the output-directory flags), defensively rejects shell metacharacters in argument values, and normalizes path-like values with Path.normalize() before validating them so that traversal sequences which bypass a literal `../` check are detected. As defence in depth, route authors should avoid mapping untrusted message content into the `CamelDoclingCustomArguments` header and the path-bearing headers, and should strip Camel-internal headers from messages that arrive from untrusted producers."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-docling","versions":[{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:48:56.576065Z","id":"CVE-2026-40047","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-88"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-40047.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46584","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:36.927","lastModified":"2026-07-08T15:06:26.423","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component.\n\nThe camel-mail producer (MailProducer.getSender) scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present, built a per-message JavaMail sender with those values applied as JavaMail session properties, overriding the endpoint configuration. This namespace is Camel-internal - only MailProducer interprets it - and was not blocked by any HeaderFilterStrategy, so the values could originate from any inbound protocol (for example platform-http query parameters or request headers, or JMS / Kafka messages from untrusted producers) that feeds a route ending in an smtp / smtps producer without an intervening removeHeaders. The maximal impact is version-dependent: on releases before 4.19.0, setting mail.smtp.host redirects the SMTP connection to a server under the attacker's control, and because the producer then authenticates with the endpoint's configured username and password those credentials are transmitted to the attacker; on 4.19.0 and later the producer connects to the endpoint's configured host explicitly, so the reachable impact is limited to weakening transport security (for example mail.smtp.ssl.trust, mail.smtp.starttls.enable or mail.smtp.socks.host) and interception of the outgoing message rather than host redirect. Exploitation requires a route that channels untrusted input into the mail producer without stripping the namespace.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, the per-message override is disabled by default; enable it only on trusted endpoints with useJavaMailSessionPropertiesFromHeaders=true. For deployments that cannot upgrade immediately, strip the namespace before the mail producer with removeHeaders('mail.smtp.*') and removeHeaders('mail.smtps.*') between any untrusted ingress and the smtp / smtps producer. Even with the opt-in enabled, route authors should still strip the namespace on any path that carries untrusted input."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel Mail","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-mail","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"r","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:25:21.574867Z","id":"CVE-2026-46584","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46584.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46585","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.030","lastModified":"2026-07-08T15:06:03.840","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\n\nThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route's intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader('QUERY') and removeHeader('RETURN_LUCENE_DOCS'), then setHeader('QUERY', constant(...)) at the start of the route)."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel Lucene","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-lucene","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:24:25.722933Z","id":"CVE-2026-46585","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46585.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46590","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.147","lastModified":"2026-07-08T15:05:34.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Deserialization of Untrusted Data vulnerability in Apache Camel PQC component.\n\nThe camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadata back from the configured secret backend by deserializing a Base64-wrapped value with a raw java.io.ObjectInputStream.readObject() and no ObjectInputFilter or class allow-list; the cast to KeyMetadata happens only after readObject() returns, so any readObject() side effects in a crafted object run before the type check. The same unfiltered legacy-migration read also remained in FileBasedKeyLifecycleManager (for the stored KeyPair and KeyMetadata). A principal who can write to the operator-controlled backend that holds these values - the HashiCorp Vault KV path, or the AWS Secrets Manager secret (requiring a Vault token or secretsmanager:PutSecretValue) - could store a crafted serialized object that is deserialized during normal key-lifecycle operations, potentially leading to code execution in the context of the application that manages the keys. This is an incomplete-remediation follow-on to CVE-2026-40048 (CAMEL-23200), which changed FileBasedKeyLifecycleManager to store metadata as JSON / PKCS#8 / X.509 but did not add an ObjectInputFilter, did not cover the Vault and AWS sibling managers, and left FileBasedKeyLifecycleManager's own legacy-migration deserialization unfiltered.\nThis issue affects Apache Camel: from 4.18.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.3. For deployments that cannot upgrade immediately, restrict write access to the key backend so that only the application's own identity can write the camel-pqc secrets (least-privilege HashiCorp Vault policies and secretsmanager:PutSecretValue IAM), and keep the PQC key material in a backend separate from any data that less-trusted principals can write."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-pqc","versions":[{"version":"4.18.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:15:54.431681Z","id":"CVE-2026-46590","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.18.0","versionEndExcluding":"4.18.3","matchCriteriaId":"3F672322-AA52-4621-B687-76B5AC9D619F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46590.html","source":"security@apache.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46591","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.263","lastModified":"2026-07-08T15:05:01.700","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component.\n\nThe camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection through the property values by binding them as query parameters ($paramN), but the property names (the JSON keys of that map) were still concatenated into the query string verbatim in Neo4jProducer.retrieveNodes() and deleteNode(). A property name containing Cypher syntax therefore alters the structure of the executed query. Where a route maps untrusted input into the CamelNeo4jMatchProperties map - for example by passing a request body as the match map, or from a consumer that does not filter inbound Camel* headers - an attacker who controls the JSON key names can inject arbitrary Cypher and read, modify or delete any node or relationship in the Neo4j database. The CamelNeo4jMatchProperties header is itself Camel-prefixed and is filtered by the HTTP header-filter strategy, so a plain HTTP client cannot set it directly; the issue is reachable through routes that deliberately or inadvertently carry untrusted data into that header.\nThis issue affects Apache Camel: from 4.10.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. For deployments that cannot upgrade immediately, do not populate the CamelNeo4jMatchProperties map from untrusted input: validate or allow-list the property names (for example against ^[A-Za-z_][A-Za-z0-9_]*$) before the Neo4j producer, and ensure that any consumer feeding such a route filters inbound Camel* / camel* headers so the match header cannot be supplied by an external sender."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-neo4j","versions":[{"version":"4.10.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:20:49.095923Z","id":"CVE-2026-46591","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-943"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10.0","versionEndExcluding":"4.14.8","matchCriteriaId":"CD453DD1-65B8-49D0-BB84-3D585163C326"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46591.html","source":"security@apache.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46592","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.380","lastModified":"2026-07-08T14:54:24.890","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component.\n\nThe camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName (and operationNamespace) Exchange header, whose constant values (CxfConstants.OPERATION_NAME / OPERATION_NAMESPACE) were the plain strings operationName / operationNamespace. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a cxf: producer, any HTTP client could therefore set the operationName header and have CxfProducer resolve and invoke a different WSDL operation than the route intended - for example replacing a read operation with a destructive one - against the backend SOAP service (a confused-deputy redirection). The constant is defined in the shared camel-cxf-common module, so the same non-prefixed names also applied to camel-cxfrs. No credentials are required when the bridging consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, the operation-selection headers are named CamelCxfOperationName / CamelCxfOperationNamespace and are filtered at transport boundaries; see the 4.21 upgrade guide for the cross-transport carrier-header pattern. For deployments that cannot upgrade immediately, do not select the CXF operation from untrusted input: strip the operationName and operationNamespace headers from any untrusted ingress before the cxf: producer and set the operation from a trusted source in the route."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-cxf-soap","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:19:37.827133Z","id":"CVE-2026-46592","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-441"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46592.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46726","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:37.503","lastModified":"2026-07-08T14:54:13.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Vertx Websocket component.\n\nThe camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header map without applying any HeaderFilterStrategy (VertxWebsocketConsumer.populateExchangeHeaders()). Because nothing blocked the Camel header namespace, a client connecting to the WebSocket endpoint could set Camel-internal control headers - including CamelHttpUri (Exchange.HTTP_URI) - simply by supplying them as query parameters. In a route where the WebSocket consumer feeds a downstream HTTP producer, the injected CamelHttpUri redirects the server-side HTTP request to an attacker-chosen destination (server-side request forgery - for example to an internal service or a cloud metadata endpoint). In addition, the HTTP producer resolves Camel property placeholders on the resulting (attacker-controlled) URI, so placeholders embedded in the injected value - such as an environment-variable reference, an application property, or a vault reference - are resolved to their real values and sent to the attacker, disclosing environment variables, application properties and vault secrets. When the WebSocket endpoint is exposed without authentication, this is reachable by an unauthenticated remote attacker.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix makes the affected consumers apply a HeaderFilterStrategy that filters the Camel header namespace case-insensitively on inbound mapping, so externally-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from the inbound message before they reach any downstream producer (for example removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), require authentication on the WebSocket endpoint, and avoid bridging an untrusted consumer directly into an HTTP producer whose target URI can be driven from message headers."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel Vertx Websocket","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-vertx-websocket","versions":[{"version":"4.0.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:18:45.331627Z","id":"CVE-2026-46726","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46726.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49086","sourceIdentifier":"security@apache.org","published":"2026-07-06T09:16:38.120","lastModified":"2026-07-08T14:53:56.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel DAPR component.\n\nThe camel-dapr Dapr Pub/Sub consumer (DaprPubSubConsumer) copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the CamelDaprPubSubName and CamelDaprTopic Exchange headers. These two headers are producer-direction routing headers: when the route republishes through a Dapr producer, DaprConfigurationOptionsProxy reads them back and prefers them over the destination configured on the endpoint. As a result, in a route that consumes from one Dapr Pub/Sub topic and republishes to another (for example from('dapr-pubsub:p:t').to('dapr-pubsub:p:other')), an actor able to publish a message to the subscribed topic could set the CloudEvent's pub/sub-name and topic to values of their choosing and cause the re-published message to be delivered to an arbitrary Dapr Pub/Sub component and topic instead of the configured destination - redirecting or exfiltrating the message and bypassing the route's intended routing and any topic-level access controls in the underlying broker. Exploitation requires the ability to publish to the topic the route subscribes to; no other authentication or user interaction is needed.\nThis issue affects Apache Camel: from 4.12.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. For deployments that cannot upgrade immediately, remove the CamelDaprPubSubName and CamelDaprTopic headers from the Exchange between the Dapr consumer and any Dapr producer in the route (for example removeHeaders('CamelDaprPubSubName', 'CamelDaprTopic')), and restrict who can publish to the subscribed Dapr Pub/Sub topic so that only trusted producers can send to it."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel Dapr","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.camel:camel-dapr","versions":[{"version":"4.12.0","lessThan":"4.14.8","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThan":"4.18.3","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThan":"4.21.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:04:19.786692Z","id":"CVE-2026-49086","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-441"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12.0","versionEndExcluding":"4.14.8","matchCriteriaId":"E11116FE-0265-47C9-BF4E-C129E050E736"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-49086.html","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/05/21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46587","sourceIdentifier":"security@apache.org","published":"2026-07-06T11:16:28.677","lastModified":"2026-07-08T14:38:17.680","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.\n\nUsers are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.14.7","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThanOrEqual":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThanOrEqual":"4.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:39:16.885479Z","id":"CVE-2026-46587","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46587.html","source":"security@apache.org","tags":["Vendor Advisory","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-46588","sourceIdentifier":"security@apache.org","published":"2026-07-06T11:16:28.777","lastModified":"2026-07-08T14:38:22.180","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.\n\nUsers are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.14.7","versionType":"semver","status":"affected"},{"version":"4.15.0","lessThanOrEqual":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThanOrEqual":"4.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:37:28.968816Z","id":"CVE-2026-46588","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.14.8","matchCriteriaId":"7662EB25-EAB6-493F-924C-5CA8A6F462B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.18.3","matchCriteriaId":"0AEE4159-4465-4ACD-B94A-1E4682C85270"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-46588.html","source":"security@apache.org","tags":["Vendor Advisory","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49042","sourceIdentifier":"security@apache.org","published":"2026-07-06T11:16:29.607","lastModified":"2026-07-08T14:38:10.537","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Input Validation vulnerability in Apache Camel.\n\nThis issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0.\n\nUsers are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Camel","defaultStatus":"unaffected","versions":[{"version":"4.8.0","lessThanOrEqual":"4.18.2","versionType":"semver","status":"affected"},{"version":"4.19.0","lessThanOrEqual":"4.20.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T18:39:58.115864Z","id":"CVE-2026-49042","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8.0","versionEndExcluding":"4.18.3","matchCriteriaId":"E24A874B-2B0D-4B55-A6E7-4865E7B13ED8"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.0","versionEndExcluding":"4.21.0","matchCriteriaId":"1C2A1A7A-FADC-470F-8265-FA126AFD94ED"}]}]}],"references":[{"url":"https://camel.apache.org/security/CVE-2026-49042.html","source":"security@apache.org","tags":["Vendor Advisory","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49297","sourceIdentifier":"security@apache.org","published":"2026-07-06T11:16:30.207","lastModified":"2026-07-08T14:53:39.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author — partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Airflow Google provider","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"apache-airflow-providers-google","versions":[{"version":"0","lessThan":"22.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:25:48.763029Z","id":"CVE-2026-49297","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:apache-airflow-providers-google:*:*:*:*:*:*:*:*","versionEndExcluding":"22.2.1","matchCriteriaId":"6CAFC50E-13FD-4AFB-8556-D9EE695D5A18"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/67667","source":"security@apache.org","tags":["Exploit","Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/cb5nvoxsj1q7rv878cyqgtg150w0zglq?users@airflow.apache.org","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/04/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-43825","sourceIdentifier":"security@apache.org","published":"2026-07-06T17:16:31.570","lastModified":"2026-07-08T19:46:24.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel\n\nVersions Affected:\n  before 3.0.0-M4 (libsvm document categorization module; introduced in\n  OPENNLP-1808 and only present on the 3.x line)\n\nDescription:\nSvmDoccatModel.deserialize(InputStream) reads an attacker-controlled\nstream with java.io.ObjectInputStream and calls readObject() without an\nObjectInputFilter installed. ObjectInputStream materialises every class\nreferenced in the stream before the resulting object is cast to\nSvmDoccatModel, so the cast that follows readObject() executes only\nafter the foreign object graph has already been deserialised in full.\n\nIf a Java deserialization gadget chain is available on the consumer's\nclasspath, a crafted payload supplied to\ndeserialize() executes arbitrary code in the JVM that loads it. Apache\nOpenNLP itself does not ship a known gadget chain, so the realistic\nrisk is to downstream applications that embed the libsvm module\nalongside vulnerable transitive dependencies. The method is public and\nstatic, so any caller can pass an untrusted stream to it directly.\n\nThe practical impact is remote code execution against processes that\nload SvmDoccatModel instances from untrusted or semi-trusted origins.\n\nMitigation:\n\n3.x users should upgrade to 3.0.0-M4.\n\nUsers who cannot upgrade immediately should treat all serialized\nSvmDoccatModel streams as untrusted input unless their provenance is\nverified, and should avoid invoking SvmDoccatModel.deserialize() on\nstreams supplied by end users or fetched from third-party sources\nwithout integrity checks."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache OpenNLP :: Core :: ML :: LibSVM","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.opennlp:opennlp-ml-libsvm","versions":[{"version":"3.0.0-M1","lessThan":"3.0.0-M4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:11:49.058504Z","id":"CVE-2026-43825","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:opennlp:3.0.0:m1:*:*:*:*:*:*","matchCriteriaId":"57E14048-91DB-4673-9A7B-B15675B3994A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:opennlp:3.0.0:m2:*:*:*:*:*:*","matchCriteriaId":"2E738486-C0BD-4FDB-8880-DBC2BA4C0D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:opennlp:3.0.0:m3:*:*:*:*:*:*","matchCriteriaId":"FB9FDE8C-5093-4106-99EA-D1C273B81D21"}]}]}],"references":[{"url":"https://lists.apache.org/thread/c7kom0pgk9cbpfnbooh5m3g85ndf50hn","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/06/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-9181","sourceIdentifier":"psirt@esri.com","published":"2026-07-06T19:17:09.553","lastModified":"2026-07-08T15:16:32.720","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this issue can allow full administrative access to ArcGIS Server, with high impact to confidentiality, integrity, and availability. This issue impacts all versions of ArcGIS Server on Windows and Linux 12.0 and prior. This issue does not impact ArcGIS Enterprise for Kubernetes."}],"affected":[{"source":"psirt@esri.com","affectedData":[{"vendor":"Esri","product":"ArcGIS Server","defaultStatus":"unaffected","platforms":["Windows","Linux"],"versions":[{"version":"0","lessThanOrEqual":"12.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@esri.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T00:00:00+00:00","id":"CVE-2026-9181","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@esri.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*","versionEndIncluding":"12.0","matchCriteriaId":"C61890F4-51DC-4DC5-8993-4C9D2CA0099A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/may-2026-arcgis-security-bulletin","source":"psirt@esri.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-9182","sourceIdentifier":"psirt@esri.com","published":"2026-07-06T19:17:09.680","lastModified":"2026-07-08T16:16:35.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts all versions of ArcGIS Server on Windows and Linux 12.0 and prior. This issue does not impact ArcGIS Enterprise for Kubernetes."}],"affected":[{"source":"psirt@esri.com","affectedData":[{"vendor":"Esri","product":"ArcGIS Server","defaultStatus":"unaffected","platforms":["Windows","Linux"],"versions":[{"version":"0","lessThanOrEqual":"12.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@esri.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T19:21:40.781968Z","id":"CVE-2026-9182","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@esri.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:*","versionEndIncluding":"12.0","matchCriteriaId":"C61890F4-51DC-4DC5-8993-4C9D2CA0099A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/may-2026-arcgis-security-bulletin","source":"psirt@esri.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-11405","sourceIdentifier":"cret@cert.org","published":"2026-07-06T20:16:29.450","lastModified":"2026-07-08T14:16:54.773","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function at 004c88b8.\r\n\r\n- The function contains a normal authentication path using MD5/hash-based password verification (prod_encode64/PasswordToMd5/check_rand_key).\r\n- After normal authentication fails, it calls GetValue(\"sys.rzadmin.password\") to read a backdoor password from the device configuration.\r\n- It performs a direct strcmp() comparison (plaintext, not hashed) between the config value and the user-supplied password.\r\n\r\nA successful match grants role=2 (admin-level access) and creates a valid session. The rzadmin username is never checked — any username works with the backdoor"}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_AC6V2.0RTL_V15.03.06.51_multi_T","status":"affected"}]},{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_AC5V1.0RTL_V15.03.06.48_multi_TDE01","status":"affected"}]},{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_AC10V1.0re_V15.03.06.46_multi_TDE01","status":"affected"}]},{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE","status":"affected"}]},{"vendor":"Tenda","product":"firmware","versions":[{"version":"US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T03:56:43.961536Z","id":"CVE-2026-11405","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://cwe.mitre.org/data/definitions/912.html","source":"cret@cert.org"},{"url":"https://kb.cert.org/vuls/id/213560","source":"cret@cert.org"},{"url":"https://www.kb.cert.org/vuls/id/213560","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-48267","sourceIdentifier":"psirt@adobe.com","published":"2026-07-06T21:16:56.223","lastModified":"2026-07-08T19:42:40.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DNG SDK versions 1.7.1 2536 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"affected":[{"source":"psirt@adobe.com","affectedData":[{"vendor":"Adobe","product":"DNG SDK","defaultStatus":"affected","versions":[{"version":"0","lessThanOrEqual":"1.7.1 2536","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:43:39.490277Z","id":"CVE-2026-48267","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*","versionEndExcluding":"1.7.1.2611","matchCriteriaId":"EB12F01C-B3CE-4C78-8974-8E1F27294CBA"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/dng-sdk/apsb26-67.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-50135","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:56.347","lastModified":"2026-07-08T14:53:04.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made  RootMappingFs.statRoot  use  Stat  (follows symlinks) instead of  Lstat , so a direct  resources.Get  of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount (e.g. a vendored  themes/  theme) read arbitrary files accessible to the Hugo user. Go-module themes from GitHub (symlinks stripped) and directory walks were unaffected. Fixed in 0.162.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"gohugoio","product":"hugo","versions":[{"version":">= 0.123.0, < 0.162.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:52:31.351209Z","id":"CVE-2026-50135","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gohugo:hugo:*:*:*:*:*:*:*:*","versionStartIncluding":"0.123.0","versionEndExcluding":"0.161.1","matchCriteriaId":"C293B2BB-CA8A-4ECD-9674-943C0196A0A1"}]}]}],"references":[{"url":"https://github.com/gohugoio/hugo/commit/f8b5fa09a64950c32b803821ede411ebfe772b7a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/gohugoio/hugo/releases/tag/v0.162.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/gohugoio/hugo/security/advisories/GHSA-fw87-fv5r-9fpw","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54763","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:56.787","lastModified":"2026-07-08T20:16:52.803","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which many backends normalize identically to dashed forms. An attacker able to reach a protected route can inject an underscore-variant header that survives Traefik's stripping and reaches the backend alongside, or on the unauthenticated ForwardAuth authResponseHeaders path instead of, the value Traefik intended to set, spoofing identity or authorization context. This issue is fixed in versions v2.11.51, v3.6.22, and v3.7.6."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"traefik","product":"traefik","versions":[{"version":"< 2.11.51","status":"affected"},{"version":">= 3.0.0-beta1, < 3.6.22","status":"affected"},{"version":">= 3.7.0-ea.1, < 3.7.6","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:13:29.094037Z","id":"CVE-2026-54763","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-178"},{"lang":"en","value":"CWE-290"},{"lang":"en","value":"CWE-345"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11.51","matchCriteriaId":"5AEF8E00-6A9F-4F16-BEC2-9CCF183AC647"},{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.6.22","matchCriteriaId":"A035A58C-BBD8-4E57-B6F3-A42E2F9CC4BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.0","versionEndExcluding":"3.7.6","matchCriteriaId":"359A11C2-8FAA-436F-BB24-C2B166473FDC"}]}]}],"references":[{"url":"https://github.com/traefik/traefik/commit/108a5264473a2cbc8f12d6d691a3c6553cdf2c1b","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/traefik/traefik/pull/13262","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/traefik/traefik/security/advisories/GHSA-x677-9fxg-v5c5","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-57572","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T21:16:58.047","lastModified":"2026-07-08T20:16:53.567","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together with --no-zygote, causing Chromium to fork or exec an attacker-controlled command as the container's runtime user. The Docker API is unauthenticated by default, so a single request yields arbitrary command execution. This issue is fixed in version 0.9.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"unclecode","product":"crawl4ai","versions":[{"version":"< 0.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:13:03.306047Z","id":"CVE-2026-57572","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-88"},{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kidocode:crawl4ai:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.0","matchCriteriaId":"E7ED5B79-F478-4E2C-B384-BA572D992FAA"}]}]}],"references":[{"url":"https://github.com/unclecode/crawl4ai/commit/60886d1a0c52682e4c83a7cef9dfac417fff6bd2","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/unclecode/crawl4ai/security/advisories/GHSA-r253-r9jw-qg44","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-34167","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:48.497","lastModified":"2026-07-08T20:16:48.697","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property without Livewire's #[Locked] attribute. It loads activities via Activity::find($this->activityId) with no authorization or team scoping. Activity IDs are auto-incrementing integers. Any authenticated user can enumerate activity records across all teams and read the full command output from remote SSH processes, which may include secrets, configuration files, and infrastructure details. This issue is fixed in version 4.0.0-beta.471."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coollabsio","product":"coolify","versions":[{"version":"< 4.0.0-beta.471","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:14:55.507572Z","id":"CVE-2026-34167","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/coollabsio/coolify/commit/2729dffb3e30167c1ffd642357b7e0bb99b7d180","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/pull/9189","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/releases/tag/v4.0.0-beta.471","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-962v-gxmw-56hc","source":"security-advisories@github.com"},{"url":"https://github.com/coollabsio/coolify/security/advisories/GHSA-962v-gxmw-56hc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-43918","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T22:16:49.707","lastModified":"2026-07-08T20:16:49.663","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions are not invalidated. The session identity loaders in src/di.php (loggedin_client and loggedin_admin) only reject sessions if the backing account record no longer exists in the database. They do not verify that the account's status is still active. This allows a suspended or deactivated user to retain full access until their session naturally expires. This issue has been fixed in version 0.8.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":"< 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:13:53.682802Z","id":"CVE-2026-43918","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0","source":"security-advisories@github.com"},{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-qv6c-v49w-8g2j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53641","sourceIdentifier":"security-advisories@github.com","published":"2026-07-06T23:16:55.967","lastModified":"2026-07-08T20:16:52.437","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting (XSS) vulnerability in the client-facing email history views of FOSSBilling. Email HTML content (`content_html`) is rendered into a JavaScript template literal using the `|raw` filter, bypassing all output escaping. An attacker with admin access can inject malicious JavaScript payloads into email content that execute in the browser of any client who views their email history. Version 0.8.0 contains a fix. Some workarounds are available. Restrict admin account access, audit email content in the database for suspicious payloads, and/or monitor client accounts for unusual activity."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"FOSSBilling","product":"FOSSBilling","versions":[{"version":">= 0.6.0, < 0.8.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:48:10.248215Z","id":"CVE-2026-53641","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"},{"lang":"en","value":"CWE-838"}]}],"references":[{"url":"https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-q6c8-6r72-35f7","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2024-56141","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T00:16:33.607","lastModified":"2026-07-08T20:16:46.777","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager  encryption routine ( CryptManager.kt ) initializes its AES cipher using an initialization vector (IV) that is set equal to the secret key rather than to a sufficiently random value. Because the IV is not random and is derived directly from the key, the encryption is vulnerable to chosen-ciphertext/chosen-plaintext attacks: an attacker who can submit specific messages for encryption can recover the secret key. This affects all versions supporting Minecraft protocol 1.7 and later. No patched version is available, and no known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"Bixilon","product":"Minosoft","versions":[{"version":">= f1ae30e2b046a490026a8413b075685deb795122","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T17:48:31.002750Z","id":"CVE-2024-56141","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-329"}]}],"references":[{"url":"https://github.com/Bixilon/Minosoft/blob/3a608abe2d0999e4e702cc1b2d28366884c7f31e/src/main/java/de/bixilon/minosoft/protocol/protocol/encryption/CryptManager.kt#L72","source":"security-advisories@github.com"},{"url":"https://github.com/Bixilon/Minosoft/security/advisories/GHSA-rvr6-48rj-c94j","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-13356","sourceIdentifier":"security@mozilla.org","published":"2026-07-07T00:16:34.063","lastModified":"2026-07-08T14:52:38.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3."}],"affected":[{"source":"security@mozilla.org","affectedData":[{"vendor":"Mozilla","product":"Firefox for iOS","versions":[{"version":"152.3","lessThanOrEqual":"*","versionType":"rpm","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:26:57.344345Z","id":"CVE-2026-13356","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-451"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"152.3","matchCriteriaId":"71042F58-3679-49B6-B19D-B7F7342C4A1B"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2047768","source":"security@mozilla.org","tags":["Permissions Required"]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-65/","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14345","sourceIdentifier":"security@wordfence.com","published":"2026-07-07T06:16:22.113","lastModified":"2026-07-08T18:16:32.003","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values into a PHP-includeable .log file combined with the use of include_once to render that file in wpfnl_show_log. This makes it possible for unauthenticated attackers to execute code on the server. Exploitation requires that the Log Settings \"Enable Logs\" toggle is on and that an administrator subsequently opens the polluted log file via the plugin's Log Settings View UI; however, the nonce required to reach the optin endpoint is publicly emitted on every funnel step page, so the injection step itself is fully unauthenticated."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"getwpfunnels","product":"WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.12.7","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:52:57.720625Z","id":"CVE-2026-14345","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/admin/modules/settings/class-wpfnl-settings.php#L709","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L39","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/includes/core/classes/class-wpfnl-ajax-handler.php#L523","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.5/public/class-wpfnl-public.php#L1185","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/admin/modules/settings/class-wpfnl-settings.php#L709","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/includes/core/classes/class-wpfnl-ajax-handler.php#L39","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/includes/core/classes/class-wpfnl-ajax-handler.php#L523","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wpfunnels/tags/3.12.7/public/class-wpfnl-public.php#L1185","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3597260/wpfunnels/trunk/admin/modules/settings/class-wpfnl-settings.php","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpfunnels/tags/3.12.7&new_path=%2Fwpfunnels/tags/3.12.8","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d84d749-0ab5-49dd-8e4f-45681f197742?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-33264","sourceIdentifier":"security@apache.org","published":"2026-07-07T10:16:40.443","lastModified":"2026-07-08T19:37:10.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossing the Airflow security boundary that DAG-author code must never execute in those processes. Users are advised to upgrade to `apache-airflow` 3.3.0 or later. As a defense-in-depth mitigation, deployments where DAG-author trust is limited can restrict the `[core] allowed_deserialization_classes` config to a narrow allowlist."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Airflow","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"apache-airflow","versions":[{"version":"0","lessThan":"3.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T00:00:00+00:00","id":"CVE-2026-33264","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"6E334749-0D93-4319-9286-B9AC590F4698"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/66002","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/apache/airflow/pull/68528","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/otvdw8qt2y7xy2n5nq9xby9ky4rf5ltj","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/07/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Mailing List"]}]}},{"cve":{"id":"CVE-2026-48828","sourceIdentifier":"security@apache.org","published":"2026-07-07T10:16:41.260","lastModified":"2026-07-08T19:26:11.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based `should_hide_value_for_key` check (which triggers on secret-suffixed key names like `*_password` / `*_token` / `*_secret`) could not fire for JSON-decodable variable values. An authenticated UI/API user with bulk Variable read permission could retrieve plaintext values from JSON variables whose key would otherwise trigger redaction. Affects deployments that store sensitive values in JSON-typed Airflow Variables under secret-suffixed key names. Users are advised to upgrade to `apache-airflow` 3.3.0 or later (the fix landed on `main` after 3.2.2; no 3.2.x backport)."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Airflow","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"apache-airflow","versions":[{"version":"0","lessThan":"3.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:47:25.626361Z","id":"CVE-2026-48828","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"6E334749-0D93-4319-9286-B9AC590F4698"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/67495","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/y9kf314t6dhnv994hr11wj3tbow847yc","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/07/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Mailing List"]}]}},{"cve":{"id":"CVE-2026-49296","sourceIdentifier":"security@apache.org","published":"2026-07-07T10:16:41.603","lastModified":"2026-07-08T20:04:17.073","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. `GET /api/v2/dagSources/{dag_id}` — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not authorized to read, bypassing per-DAG read authorization. Deployments that co-locate multiple Dags in a single file and rely on per-DAG access control to limit source visibility are affected; single-Dag-per-file deployments are not. Upgrade to apache-airflow 3.3.0 or later."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Airflow","defaultStatus":"unaffected","collectionURL":"https://pypi.python.org","packageName":"apache-airflow","versions":[{"version":"3.0.0","lessThan":"3.3.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:28:04.105895Z","id":"CVE-2026-49296","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*","versionEndExcluding":"3.3.0","matchCriteriaId":"6E334749-0D93-4319-9286-B9AC590F4698"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/67662","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/qqv41t3oydkn9o14r2rfz1wkdrsp5jzn","source":"security@apache.org","tags":["Vendor Advisory","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2026/07/07/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Mailing List"]}]}},{"cve":{"id":"CVE-2026-53481","sourceIdentifier":"security_alert@emc.com","published":"2026-07-07T13:16:31.397","lastModified":"2026-07-08T19:57:35.883","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access to the system. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T00:00:00+00:00","id":"CVE-2026-53481","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndExcluding":"7.13.1.80","matchCriteriaId":"064F56BA-B974-4133-9DFA-B13D503766AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.14.0.0","versionEndExcluding":"8.3.1.40","matchCriteriaId":"EB4BB568-B169-4202-94E0-8D808419241B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndExcluding":"8.6.1.20","matchCriteriaId":"BA61361F-FED8-4936-A9F6-FFA35BE413F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.7.0.0","versionEndExcluding":"8.8.0.0","matchCriteriaId":"4BA45B0F-6A67-476D-9101-0DDC91B77D51"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53483","sourceIdentifier":"security_alert@emc.com","published":"2026-07-07T13:16:31.590","lastModified":"2026-07-08T19:57:04.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 an improper authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. This is a critical severity vulnerability as it allows an attacker to take complete control of system; so Dell recommends customers to upgrade at the earliest opportunity."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T00:00:00+00:00","id":"CVE-2026-53483","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndExcluding":"7.13.1.80","matchCriteriaId":"064F56BA-B974-4133-9DFA-B13D503766AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.14.0.0","versionEndExcluding":"8.3.1.40","matchCriteriaId":"EB4BB568-B169-4202-94E0-8D808419241B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndExcluding":"8.6.1.20","matchCriteriaId":"BA61361F-FED8-4936-A9F6-FFA35BE413F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.7.0.0","versionEndExcluding":"8.8.0.0","matchCriteriaId":"4BA45B0F-6A67-476D-9101-0DDC91B77D51"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53479","sourceIdentifier":"security_alert@emc.com","published":"2026-07-07T14:16:32.410","lastModified":"2026-07-08T19:57:25.183","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS command Injection') vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to protection mechanism bypass. This is a Critical vulnerability as it allows an attacker to invoke arbitrary command execution with root privileges; so Dell recommends customers to upgrade at the earliest opportunity."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T03:56:33.302107Z","id":"CVE-2026-53479","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndExcluding":"7.13.1.80","matchCriteriaId":"064F56BA-B974-4133-9DFA-B13D503766AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.14.0.0","versionEndExcluding":"8.3.1.40","matchCriteriaId":"EB4BB568-B169-4202-94E0-8D808419241B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndExcluding":"8.6.1.20","matchCriteriaId":"BA61361F-FED8-4936-A9F6-FFA35BE413F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.7.0.0","versionEndExcluding":"8.8.0.0","matchCriteriaId":"4BA45B0F-6A67-476D-9101-0DDC91B77D51"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14935","sourceIdentifier":"secalert@redhat.com","published":"2026-07-07T16:16:38.010","lastModified":"2026-07-08T15:24:06.060","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gstreamer1-plugins-bad-free","cpes":["cpe:/o:redhat:enterprise_linux:9"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T16:13:21.634704Z","id":"CVE-2026-14935","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-670"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-14935","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2497679","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/98","source":"secalert@redhat.com"},{"url":"https://gitlab.freedesktop.org/gstreamer/gstreamer/-/work_items/5171","source":"secalert@redhat.com"}]}},{"cve":{"id":"CVE-2026-14904","sourceIdentifier":"ff89ba41-3aa1-4d27-914a-91399e9639e5","published":"2026-07-07T17:16:35.627","lastModified":"2026-07-08T15:36:14.057","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS.\n\n\n\nImproper link resolution before file access issue (CWE-59) in the Auth.GetUserPrivateKey API. An authenticated remote user could read arbitrary files on the cluster-manager EC2 instance by replacing their SSH private key file (~/.ssh/id_rsa) with a symbolic link targeting any file on the host. Because the cluster-manager process runs as root, any file readable by root is exposed, including other users' SSH private keys and application configuration secrets.\n\n\n\nIt's recommended to upgrade to RES version 2026.06."}],"affected":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","affectedData":[{"vendor":"AWS","product":"res","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2026.03","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T17:08:18.431361Z","id":"CVE-2026-14904","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"ff89ba41-3aa1-4d27-914a-91399e9639e5","type":"Secondary","description":[{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://aws.amazon.com/security/security-bulletins/2026-053-aws/","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"},{"url":"https://github.com/aws/res/releases/tag/2026.06","source":"ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}},{"cve":{"id":"CVE-2026-23697","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T17:16:35.977","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the .phar extension. The uploaded file is stored with its original .phar extension under the web-accessible storage directory, and a misconfigured .htaccess using Apache 2.2 syntax is silently ignored on Apache 2.4 deployments, allowing unauthenticated HTTP requests to directly execute the uploaded PHP payload."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vtiger","product":"Vtiger CRM","defaultStatus":"affected","repo":"https://sourceforge.net/projects/vtigercrm/","versions":[{"version":"0","lessThanOrEqual":"8.3.0","versionType":"semver","status":"affected"},{"version":"8.4.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T17:31:42.988594Z","id":"CVE-2026-23697","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://jivasecurity.com/writeups/vtiger-rce-phar-upload-cve-2026-23697","source":"disclosure@vulncheck.com"},{"url":"https://www.vtiger.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vtiger-crm-authenticated-file-upload-rce-via-documents-module","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-23698","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T17:16:36.123","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents directly into the modules/ directory under the web root without validating file types beyond the manifest.xml descriptor. Attackers can place executable PHP files in the modules/ directory that become directly accessible via HTTP, bypassing Vtiger's authentication and authorization layer entirely since Apache resolves the path and invokes the PHP interpreter before the application routing layer is involved, resulting in a persistent web shell independent of the originating session."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Vtiger","product":"Vtiger CRM","defaultStatus":"affected","repo":"https://sourceforge.net/projects/vtigercrm/","versions":[{"version":"0","lessThanOrEqual":"8.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T17:11:14.403153Z","id":"CVE-2026-23698","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://jivasecurity.com/writeups/vtiger-rce-module-import-cve-2026-23698","source":"disclosure@vulncheck.com"},{"url":"https://www.vtiger.com/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/vtiger-crm-authenticated-rce-via-module-import-file-upload","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-7017","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-07T19:16:55.530","lastModified":"2026-07-08T15:56:29.290","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"HTTP::Tiny versions before 0.095 for Perl forward credential headers to cross-origin redirect targets.\n\nWhen the server returns a 3xx redirect, `_maybe_redirect` follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request, without checking whether the redirect target shares an origin with the original URL. Caller-supplied `Authorization`, `Cookie` and `Proxy-Authorization` headers are therefore re-sent to whatever host the redirect names, across scheme, host or port boundaries, and including `https` to `http` downgrades that expose them in plaintext on the wire.\n\nThe HTTP::Tiny POD note that \"Authorization headers will not be included in a redirected request\" applied only to the URL-userinfo Basic-auth path, not to headers passed explicitly by the caller."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"HAARG","product":"HTTP::Tiny","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"HTTP-Tiny","programFiles":["lib/HTTP/Tiny.pm"],"programRoutines":[{"name":"_maybe_redirect"},{"name":"_prepare_headers_and_cb"}],"repo":"https://github.com/Perl-Toolchain-Gang/HTTP-Tiny","versions":[{"version":"0","lessThan":"0.095","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T18:31:23.699590Z","id":"CVE-2026-7017","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"references":[{"url":"https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/84984ef3930ddd4afcf5eb83b40d3cee200739c3.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/8f32ca89e21c3ad0422adc698fa6ad17a193f55f.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/e7a03aedf2395158f2b0d3bad2df943349227bb3.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/pull/36","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/HAARG/HTTP-Tiny-0.095-TRIAL/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/07/13","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-58468","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T20:16:29.240","lastModified":"2026-07-08T18:16:33.757","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"NocoBase through 2.1.20 contains a server-side request forgery vulnerability in the serverRequest wrapper that allows authenticated administrators to issue arbitrary outbound HTTP requests by supplying malicious URLs to workflow request nodes, custom request action buttons, or the AI plugin. Attackers can target loopback addresses, RFC-1918 private ranges, and cloud instance metadata endpoints to perform internal network port enumeration, host discovery, and retrieval of IAM role credentials from the instance metadata service. v2.1.18 added a warning message for when SERVER_REQUEST_WHITELIST is not configured."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"nocobase","product":"nocobase","defaultStatus":"affected","repo":"https://github.com/nocobase/nocobase","versions":[{"version":"0","lessThanOrEqual":"2.1.20","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:48:33.586731Z","id":"CVE-2026-58468","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/nocobase/nocobase/commit/5706fb48d9bbe190f9e0044c6d5c87fc5b68c7f1","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nocobase/nocobase/issues/9962","source":"disclosure@vulncheck.com"},{"url":"https://github.com/nocobase/nocobase/pull/9966","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/nocobase-server-side-request-forgery-via-serverrequest-wrapper","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-44454","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:25.180","lastModified":"2026-07-08T19:47:37.463","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the `dotfiles` registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a crafted `dotfiles_uri` value (for example, one containing shell command substitution such as `$(...)`) could achieve command execution in their own workspace. The Create Workspace page's `mode=auto` deep links amplified this into a one-click attack: an attacker could craft a URL that prefilled `param.dotfiles_uri` and silently provisioned a workspace with the attacker-controlled value, with no explicit user confirmation. In versions 2.29.7 and 2.30.2, input validation was added to the dotfiles module to reject URIs and usernames containing special characters, and the unsafe `eval`/`sh -c` usage was removed. This eliminated the command injection at its source."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":"< 2.29.7","status":"affected"},{"version":">= 2.30.0, < 2.30.2","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:47:43.261401Z","id":"CVE-2026-44454","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.7","matchCriteriaId":"D37CCB83-921A-4600-8B00-0C43292359C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.30.2","matchCriteriaId":"8D0B7997-9C95-4059-BE18-43C39DD9AC2A"}]}]}],"references":[{"url":"https://github.com/coder/coder/commit/60e3ab7632f42415d283b9fd5622ee53a4639ceb","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/coder/coder/pull/22011","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.30.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-m3cr-vc2j-pm27","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/coder/registry/commit/8e68c96633f65a1babd76a93b6923e3deead4a82","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/coder/registry/pull/703","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2026-46672","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:25.420","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Actual is a local-first personal finance app. Prior to 26.6.0, @actual-app/cli ships a hand-rolled CSV serializer in packages/cli/src/output.ts used whenever the global --format csv option is passed, whose escapeCsv helper only handles RFC 4180 delimiter, quote, and newline escaping and does not neutralize standard CSV formula-injection prefixes. Any CLI command that streams an object array containing user-controlled strings, including transactions list, accounts list, payees list, categories list, tags list, category-groups list, rules list, schedules list, and query, can emit cells that auto-evaluate when the resulting CSV is opened in Excel, LibreOffice Calc, or Google Sheets, enabling data exfiltration and arbitrary formula execution. This issue is fixed in version 26.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"actualbudget","product":"actual","versions":[{"version":"< 26.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:59:38.913676Z","id":"CVE-2026-46672","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"references":[{"url":"https://github.com/actualbudget/actual/commit/068185751c03b42e726e3c60b718413d5f96c306","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/pull/7859","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/releases/tag/v26.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-7gh7-258j-4mpq","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-7gh7-258j-4mpq","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-46700","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:25.560","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Actual is a local-first personal finance tool. Prior to 26.6.0, the GET /secret/:name endpoint in @actual-app/sync-server checks only that the caller has a valid session and does not verify the caller is an admin, while the sibling POST /secret/ handler enforces an admin check in OpenID mode. Any authenticated non-admin BASIC user in OpenID multi-user deployments can probe the secrets store and learn which admin-managed bank-sync integrations have been configured, including simplefin_accessKey, pluggyai_clientSecret, pluggyai_itemIds, and the gocardless secrets. This issue is fixed in version 26.6.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"actualbudget","product":"actual","versions":[{"version":"< 26.6.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:43:08.864861Z","id":"CVE-2026-46700","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/actualbudget/actual/commit/3494f78c9459ed9c412e28b500b675ba5eb72d4e","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/pull/7862","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/releases/tag/v26.6.0","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-3f62-qv96-4p78","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-3f62-qv96-4p78","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50007","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:25.977","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with user_access on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users, including /delete-user-file, /reset-user-file, and /user-create-key, because requireFileAccess treats ordinary shared access as sufficient for file-management operations that should be restricted to the file owner or an administrator. This issue is fixed in version 26.7.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"actualbudget","product":"actual","versions":[{"version":"< 26.7.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:01:55.677484Z","id":"CVE-2026-50007","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/actualbudget/actual/commit/18a8dc03c48eeb2e8252669a80673e6a9933b5fd","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/commit/3b9e79ed5ee795a80bbae214d6ebb2755289d7f2","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/pull/7977","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/pull/8333","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-23vm-ffgg-qvjr","source":"security-advisories@github.com"},{"url":"https://github.com/actualbudget/actual/security/advisories/GHSA-23vm-ffgg-qvjr","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50529","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.110","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid link token for subsequent share-related API calls even with missing or invalid credentials. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:13:30.348616Z","id":"CVE-2026-50529","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/c4e85a981e53c95b1ea73757db31e3025efdc410","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-7287-qqj9-phr6","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-7287-qqj9-phr6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-50530","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.240","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing an attacker with a valid share link token to replace dataset identifiers and retrieve unauthorized data through POST /de2api/chartData/getData. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:54:45.493386Z","id":"CVE-2026-50530","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/c4e85a981e53c95b1ea73757db31e3025efdc410","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-qcf4-345v-6vg9","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-qcf4-345v-6vg9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-53729","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.543","lastModified":"2026-07-08T15:16:29.190","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/exportCenter/generateDownloadUri/{id}) for export tasks belonging to other users by manipulating the task ID parameter, and the /exportCenter/download/{id} endpoint is whitelisted from authentication, allowing unauthenticated access to exported files. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:49:52.215818Z","id":"CVE-2026-53729","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/57e90bdcc21c3fa2ec57184671603ad88a5b941b","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-9423-78gr-xjj5","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-53751","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:26.857","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous parameters such as init in malicious H2 JDBC connection strings and achieve arbitrary code execution. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:48:50.317866Z","id":"CVE-2026-53751","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/2204258118eac6160a6636ca20dbedb0d3f95747","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-xjhm-r8p8-c2cg","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-xjhm-r8p8-c2cg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55434","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.290","lastModified":"2026-07-08T19:47:17.140","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Exploitation requires authenticated access to the AI Bridge endpoints and the impact is limited to availability (denial of service). Versions 2.33.8 and 2.34.2 patch the issue. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:15:03.906169Z","id":"CVE-2026-55434","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26164","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-f5vp-w269-392g","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55592","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.433","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy origin and can read same-origin browser data, interact with the Dashy DOM, and send requests as the victim. This issue is fixed in version 4.3.7."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"lissy93","product":"dashy","versions":[{"version":"< 4.3.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":3.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:30:25.302873Z","id":"CVE-2026-55592","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/lissy93/dashy/commit/4bc620e21cc8e3466f32b8bc40614b0d0eb5648b","source":"security-advisories@github.com"},{"url":"https://github.com/lissy93/dashy/releases/tag/4.3.7","source":"security-advisories@github.com"},{"url":"https://github.com/lissy93/dashy/security/advisories/GHSA-58mp-4qr3-vmrc","source":"security-advisories@github.com"},{"url":"https://github.com/lissy93/dashy/security/advisories/GHSA-58mp-4qr3-vmrc","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55631","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.593","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font storage directory and passes it to FileUtils.deleteFile() without path traversal sanitization, allowing deletion of arbitrary writable files in the application container. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:55:13.912367Z","id":"CVE-2026-55631","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-r99p-w8fc-93g6","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-r99p-w8fc-93g6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55633","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:27.750","lastModified":"2026-07-08T15:16:29.953","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol to achieve remote code execution. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:45:59.007550Z","id":"CVE-2026-55633","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/265b31179f1427c059f739841f2e39aaa6d1b937","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/releases/tag/v2.10.24","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-8x36-774q-pwqg","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-8x36-774q-pwqg","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55647","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:28.060","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable event handlers that execute when another user or shared-link visitor views the dashboard. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:50:15.562603Z","id":"CVE-2026-55647","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/9565812980da781eda04c0a3632bf5dc8b0469f6","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/commit/adab5f1e8954ff91830a3b2f052a42a139d978e1","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-4v63-24fg-pfg7","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-4v63-24fg-pfg7","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-57172","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T21:17:28.223","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs, bypass TokenFilter verification, and access backend resources as the share creator even if the original share has been revoked. This issue is fixed in version 2.10.24."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dataease","product":"dataease","versions":[{"version":"< 2.10.24","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:37:32.958637Z","id":"CVE-2026-57172","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-321"},{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://github.com/dataease/dataease/commit/356e83b518603f5612104760ced80aae8fc5d675","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-7cpg-f4cj-7pgm","source":"security-advisories@github.com"},{"url":"https://github.com/dataease/dataease/security/advisories/GHSA-7cpg-f4cj-7pgm","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58583","sourceIdentifier":"9119a7d8-5eab-497f-8521-727c672e3725","published":"2026-07-07T21:17:29.163","lastModified":"2026-07-08T15:01:22.897","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"FluxInk (formerly Sunia SPB Peripheral) Color Management Driver (TcnPeripheral64.sys) 1.0.7.2 allows local privilege escalation for a standard user account via arbitrary physical memory mapping at \\Device\\PhysicalMemory. Fixed in version 1.0.7.6. The fixed driver is currently available in the Windows 11 25H2 HLK (Hardware Lab Kit). The fixed driver may be available through Windows Update or from Lenovo directly."}],"affected":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","affectedData":[{"vendor":"FluxInk","product":"Color Management Driver","defaultStatus":"unknown","versions":[{"version":"0","lessThan":"1.0.7.6","versionType":"custom","status":"affected"},{"version":"1.0.7.6","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.2}],"ssvcV203":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","ssvcData":{"timestamp":"2026-07-01T15:52:01.675857Z","id":"CVE-2026-58583","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9119a7d8-5eab-497f-8521-727c672e3725","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://github.com/b3s3da/TcnPeripheral64_PoC","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://github.com/b3s3da/TcnPeripheral64_PoC/security/advisories/GHSA-x4rw-h4v2-v83h","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2026/va-26-188-01.json","source":"9119a7d8-5eab-497f-8521-727c672e3725"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-58583","source":"9119a7d8-5eab-497f-8521-727c672e3725"}]}},{"cve":{"id":"CVE-2026-45796","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:52.317","lastModified":"2026-07-08T19:47:08.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 are vulnerable to unauthenticated semi-blind Server-Side Request Forgery (SSRF) via the Azure instance identity endpoint (`POST /api/v2/workspaceagents/azure-instance-identity`). An external attacker can force the Coder server to issue HTTP GET requests to arbitrary internal or external hosts by submitting a crafted PKCS#7 signature. The server does not return the target's response body, but error messages in the API response reveal whether the target is reachable and what type of failure occurred. Versions 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 patch the issue. As a workaround, if the Azure identity-auth mechanism is not being used then restrict access to the corresponding endpoint (`/api/v2/workspaceagents/azure-instance-identity`) using ingress firewall and/or proxy ACLs."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.33.0-rc.0, < 2.33.3","status":"affected"},{"version":">= 2.32.0-rc.0, < 2.32.2","status":"affected"},{"version":">= 2.31.0, < 2.31.12","status":"affected"},{"version":">= 2.30.0, < 2.30.8","status":"affected"},{"version":">= 2.29.0, < 2.29.13","status":"affected"},{"version":"< 2.24.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:53:31.695518Z","id":"CVE-2026-45796","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.24.5","matchCriteriaId":"38FD51E2-14DE-4C93-8EFC-267C222E06FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.29.0","versionEndExcluding":"2.29.13","matchCriteriaId":"055001B5-79DC-4275-91EF-8D7C45FCA8ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.30.8","matchCriteriaId":"7646D2AE-2363-4C43-853A-4F61C95B253B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.31.0","versionEndExcluding":"2.31.12","matchCriteriaId":"02976D4C-3CEB-430B-A464-141A28B2CBED"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.32.0","versionEndExcluding":"2.32.2","matchCriteriaId":"4498D465-4F7F-4786-8716-43A78FBC35B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.3","matchCriteriaId":"88AFFF26-1B74-4DD4-98C7-D5FE8F17CF00"}]}]}],"references":[{"url":"https://github.com/coder/coder/commit/57b11d405f17492aa789d4b9ff33366f961a37f8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/coder/coder/pull/25274","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.24.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.13","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.30.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.31.12","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-686c-7vgv-v3fx","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-46354","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:52.467","lastModified":"2026-07-08T19:47:02.427","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. In versions prior tp 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3, `azureidentity.Validate()` verifies that the PKCS#7 signer certificate chains to a trusted Azure CA but never verifies the PKCS#7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. `{\"vmId\":\"<target>\"}` and the forged `vmId` will be accepted returning the victim workspace agent's session token. No authentication is required. The attacker only needs to know a target VM's `vmId` which is a `UUIDv4`. That's a practical limitation which would typically require prior access to be exploited. Versions 2.24.5, 2.29.13, 2.30.8, 2.31.12, 2.32.2, and 2.33.3 patch the issue. As a workaround, reconfigure any Azure templates to use token authentication rather than `azure-instance-identity`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.33.0-rc.0, < 2.33.3","status":"affected"},{"version":">= 2.32.0-rc.0, < 2.32.2","status":"affected"},{"version":">= 2.31.0, < 2.31.12","status":"affected"},{"version":">= 2.30.0, < 2.30.8","status":"affected"},{"version":">= 2.29.0, < 2.29.13","status":"affected"},{"version":"< 2.24.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:01:18.394796Z","id":"CVE-2026-46354","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.24.5","matchCriteriaId":"38FD51E2-14DE-4C93-8EFC-267C222E06FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.29.0","versionEndExcluding":"2.29.13","matchCriteriaId":"055001B5-79DC-4275-91EF-8D7C45FCA8ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.30.8","matchCriteriaId":"7646D2AE-2363-4C43-853A-4F61C95B253B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.31.0","versionEndExcluding":"2.31.12","matchCriteriaId":"02976D4C-3CEB-430B-A464-141A28B2CBED"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.32.0","versionEndExcluding":"2.32.2","matchCriteriaId":"4498D465-4F7F-4786-8716-43A78FBC35B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.3","matchCriteriaId":"88AFFF26-1B74-4DD4-98C7-D5FE8F17CF00"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/25286","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.24.5","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.13","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.30.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.31.12","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-6x44-w3xg-hqqf","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54601","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.060","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixed dataset objects and downstream dataset, collection, and training endpoints then make authorization decisions from inconsistent ownership anchors, allowing cross-tenant read, update, and delete access when mixed object ids are known. This issue is fixed in version 4.15.0-beta4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"labring","product":"FastGPT","versions":[{"version":">= 4.14.17, < 4.15.0-beta4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:52:48.582115Z","id":"CVE-2026-54601","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-915"}]}],"references":[{"url":"https://github.com/labring/FastGPT/commit/54a53e7d4399f1dfa2913394442c3cf6de672fb3","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/pull/7071","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/releases/tag/v4.15.0-beta4","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-qxcq-48gr-93pj","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-qxcq-48gr-93pj","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-54602","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.217","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FastGPT is a knowledge-based AI application platform. Prior to 4.15.0, GET /api/core/ai/record/getRecord authenticates the caller but loads LLM request and response traces only by requestId without team scoping, allowing any authenticated user to read another team's prompts, retrieved RAG chunks, and completions if the requestId is known. This issue is fixed in version 4.15.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"labring","product":"FastGPT","versions":[{"version":"< 4.15.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:45:07.715556Z","id":"CVE-2026-54602","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://github.com/labring/FastGPT/commit/60c62b7af8269c826885b541bb56e6e5c424c11a","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-6vx6-f72r-74cg","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-54607","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.357","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"FastGPT is a knowledge-based AI application platform. Prior to 4.15.0-beta4, the HTTP-tool OpenAPI schema importer validates only the top-level URL before passing it to SwaggerParser.bundle, whose remote reference resolver fetches $ref URLs without FastGPT's internal-address guard and returns fetched content inline, allowing an authenticated team member to read internal services or cloud metadata. This issue is fixed in version 4.15.0-beta4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"labring","product":"FastGPT","versions":[{"version":"< 4.15.0-beta4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:48:47.765322Z","id":"CVE-2026-54607","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/labring/FastGPT/commit/1d7b8768aecd53ae59372fd68b10af0e80722c79","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/pull/7073","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/releases/tag/v4.15.0-beta4","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-72hf-5382-2mq9","source":"security-advisories@github.com"},{"url":"https://github.com/labring/FastGPT/security/advisories/GHSA-72hf-5382-2mq9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55075","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.650","lastModified":"2026-07-08T19:46:56.620","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link to a different IdP subject and the `email_verified` claim was only enforced when present as a boolean `false` so an absent or non-boolean claim was treated as verified. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 restricts the email fallback to first-time and legacy linking and defaults `email_verified` to false when the claim is absent or of an unexpected type. As a workaround, configure the OIDC provider to disallow self-registration or to require email verification before issuing tokens."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:02:51.874018Z","id":"CVE-2026-55075","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-289"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/25712","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/pull/25713","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-9r87-mvcw-x35f","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55408","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:53.790","lastModified":"2026-07-08T15:16:29.527","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can craft an EPUB book that, when imported and opened by the victim, instantiates a hidden iframe with Node.js API access and executes arbitrary operating system commands with the victim user's privileges. This issue is fixed in version 2.3.1."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"koodo-reader","product":"koodo-reader","versions":[{"version":"< 2.3.1","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:07:51.495637Z","id":"CVE-2026-55408","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://github.com/koodo-reader/koodo-reader/security/advisories/GHSA-mjr7-w4jq-2rq9","source":"security-advisories@github.com"},{"url":"https://github.com/koodo-reader/koodo-reader/security/advisories/GHSA-mjr7-w4jq-2rq9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58266","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:54.207","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal localhost API, and user scripts included via iframes in the editor can access this API despite protections intended to block reviewer and editor scripts. A malicious imported card package with an embedded iframe can use exposed API methods such as getImageForOcclusion to read arbitrary files accessible to the Anki process and exfiltrate them over the network. This issue is fixed in version 25.09.4."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ankitects","product":"anki","versions":[{"version":"< 25.09.4","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:23:23.495354Z","id":"CVE-2026-58266","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/ankitects/anki/commit/b2b68d829e853da51b5de8aad6c13b53e90bc20d","source":"security-advisories@github.com"},{"url":"https://github.com/ankitects/anki/releases/tag/25.09.4","source":"security-advisories@github.com"},{"url":"https://github.com/ankitects/anki/security/advisories/GHSA-cw6h-ffmh-x6vh","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59153","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T22:16:54.363","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting requests to the local server, with severity varying by browser depending on Private Network Access protections. This issue is fixed in version 25.09.3."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"ankitects","product":"anki","versions":[{"version":"< 25.09.3","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:49:55.586751Z","id":"CVE-2026-59153","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/ankitects/anki/commit/858e5689d0e4fd24f74856c7e8f245412694a219","source":"security-advisories@github.com"},{"url":"https://github.com/ankitects/anki/releases/tag/25.09.3","source":"security-advisories@github.com"},{"url":"https://github.com/ankitects/anki/security/advisories/GHSA-869j-r97x-hx2g","source":"security-advisories@github.com"},{"url":"https://x.com/taviso/status/2051310678800253318","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-59706","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T22:16:54.503","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attacker-controlled ollama_base_url parameter. Unauthenticated attackers can retrieve stored secrets like OpenAI API keys via GET /api/v1/config/ or trigger SSRF attacks by setting ollama_base_url to internal addresses like cloud IMDS via PUT /api/v1/config/mem0/llm endpoint."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"mem0","product":"mem0","defaultStatus":"unaffected","packageURL":"pkg:pypi/mem0ai","versions":[{"version":"0","lessThanOrEqual":"a3154d5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:34:02.069552Z","id":"CVE-2026-59706","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/mem0ai/mem0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/issues/6081","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/mem0-server-side-request-forgery-and-plaintext-api-key-exposure-via-unauthenticated-config-endpoints","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/issues/6081","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-14895","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-07T23:16:54.293","lastModified":"2026-07-08T15:56:29.290","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service.\n\nThe trim and rtrim functions stripped trailing whitespace with s/\\s*$//u. Because \\s* matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex engine retries the match at each offset of a long whitespace run, producing quadratic backtracking. The fix replaces \\s*$ with \\s+$.\n\nAny caller that passes untrusted input to trim or rtrim can trigger CPU exhaustion with a string containing a long run of whitespace."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"BAKERSCOT","product":"String::Util","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"String-Util","programFiles":["lib/String/Util.pm"],"programRoutines":[{"name":"String::Util::trim"},{"name":"String::Util::rtrim"}],"repo":"https://github.com/scottchiefbaker/String-Util","versions":[{"version":"0","lessThan":"1.36","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:05:12.698100Z","id":"CVE-2026-14895","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/scottchiefbaker/String-Util/commit/f8150867aaeb8f57c59601aefb2193f2caed8745.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/scottchiefbaker/String-Util/releases","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/BAKERSCOT/String-Util-1.36/diff/BAKERSCOT/String-Util-1.35#lib/String/Util.pm","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/07/18","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-55076","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T23:16:55.237","lastModified":"2026-07-08T19:46:04.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, Coder's OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `\"false\"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based account fallback, this enabled account takeover. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 coerces `email_verified` across bool, string and numeric types (fail-closed) and blocks the email fallback when the matched user already has a different linked IdP subject. As a workaround, ensure the IdP returns `email_verified` as a native JSON boolean. The email-fallback linking issue has no configuration workaround; upgrading is required."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:03:30.696230Z","id":"CVE-2026-55076","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-704"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/25712","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/pull/25713","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-75vm-6w67-gwvp","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55078","sourceIdentifier":"security-advisories@github.com","published":"2026-07-07T23:16:55.510","lastModified":"2026-07-08T19:45:05.967","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.17.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `POST /api/v2/files` converts zip uploads to tar in memory via `CreateTarFromZip`, which enforced a per-entry size limit but no aggregate limit on total decompressed output, writing to an unbounded in-memory buffer. Exploitation requires authenticated file-upload access and the impact is limited to availability (denial of service). The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 adds a metadata preflight check that sums projected entry sizes and a streaming writer that enforces the aggregate limit during decompression. As a workaround, restrict file-upload permissions to trusted users or place a reverse proxy with request-body size limits in front of `coderd`."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":">= 2.17.0, < 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:54:48.796364Z","id":"CVE-2026-55078","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-409"},{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.17.0","versionEndExcluding":"2.29.17","matchCriteriaId":"6197C053-9BC3-4F5B-8BBA-B47352F9653B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/25877","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-2mg2-p7r7-g27f","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-59705","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-07T23:16:55.997","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary user_id parameters or directly access memory retrieval endpoints to expose private memory content, or invoke pause endpoints with global_pause=true to cause denial-of-service across all users."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"mem0","product":"mem0","defaultStatus":"unaffected","packageURL":"pkg:pypi/mem0ai","versions":[{"version":"0","lessThan":"a3154d5","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:09:22.095370Z","id":"CVE-2026-59705","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/mem0ai/mem0","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/commit/a3154d59e52386d4e1189c1f5f44819868f76514","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/issues/6080","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/mem0-openmemory-api-unauthenticated-access-via-memory-endpoints","source":"disclosure@vulncheck.com"},{"url":"https://github.com/mem0ai/mem0/issues/6080","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55079","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T00:16:33.153","lastModified":"2026-07-08T19:44:45.573","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `NewDataBuilder` in `provisionersdk/proto/dataupload.go` allocated a byte slice using the client-supplied `FileSize` from a `DataUpload` message without an upper-bound check. Although the DRPC wire limit is 4 MiB, the `FileSize` value itself was unconstrained. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 validates `FileSize` against an upper bound (`MaxFileSize = 100 MiB`) before allocation. As a workaround, restrict access to the provisioner daemon serve endpoint to trusted provisioner daemon service accounts."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":">= 2.24.0, < 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:53:26.878982Z","id":"CVE-2026-55079","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-789"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.24.0","versionEndExcluding":"2.29.17","matchCriteriaId":"E3F9D09F-C957-4CCA-8AEB-B401AFD44D18"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/25710","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-f962-qm93-mj4c","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55427","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T00:16:33.323","lastModified":"2026-07-08T19:44:24.297","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `coder config-ssh` wrote server-supplied SSH settings (`HostnameSuffix`, `SSHConfigOptions`) into the user's `~/.ssh/config` without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. Practical exploitation requires control of the server-supplied values through a malicious or compromised deployment, a man-in-the-middle position or admin access to the `HostnameSuffix` and `SSHConfigOptions` settings. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 validates `HostnameSuffix` and `SSHConfigOptions` against a strict character set that rejects newlines and other control characters. As a workaround, inspect `coder config-ssh --dry-run` output before applying changes."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:09:33.858876Z","id":"CVE-2026-55427","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"},{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26154","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-mcqq-fqgf-rxwm","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55428","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T00:16:33.463","lastModified":"2026-07-08T19:44:06.553","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 validates each `AllowedIPs` prefix against the authenticating agent's UUID just like `Addresses`. As a workaround, monitor coordinator logs for agents advertising unexpected `AllowedIPs` prefixes."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:10:59.507766Z","id":"CVE-2026-55428","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26144","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-wrq8-fcv5-8hvp","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55429","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T00:16:33.597","lastModified":"2026-07-08T19:43:31.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `UpsertWorkspaceApp` overwrites an existing app's `agent_id` on a primary-key conflict and `insertAgentApp` accepts the app ID from the provisioner's `CompleteJob` payload without verifying it belongs to the workspace being built. `CompleteJob` runs under `dbauthz.AsProvisionerd` so the authorization layer does not block the cross-workspace upsert. Exploitation requires elevated access as a template author or external provisioner operator. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 verifies that any existing `workspace_apps` row matching the supplied ID belongs to the workspace being built and rejects cross-workspace agent reassignment. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:41:33.806014Z","id":"CVE-2026-55429","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26103","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-9rjw-3gwp-f59v","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55430","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T01:16:27.270","lastModified":"2026-07-08T19:43:14.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the workspace app proxy resolves the target app from `httpapi.RequestHost()` which prefers the `X-Forwarded-Host` header over the real `Host` header. No middleware strips `X-Forwarded-Host` before routing and the header is not browser-forbidden so client-side JavaScript can set it on `fetch()` calls. Practical exploitation requires subdomain app routing (wildcard hostname) enabled, a victim who visits the attacker's shared app and a deployment whose upstream proxy does not strip `X-Forwarded-Host`. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 trusts `X-Forwarded-Host` only from configured trusted proxies and otherwise resolves the routing host from the verified request host. As a workaround, place an upstream reverse proxy that strips or overwrites `X-Forwarded-Host` on untrusted requests."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:57:10.249359Z","id":"CVE-2026-55430","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-345"},{"lang":"en","value":"CWE-441"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26204","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-5g4w-3vw9-478w","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55431","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T01:16:27.480","lastModified":"2026-07-08T19:42:45.880","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `coder open app` opens external workspace-app URLs without validating the scheme or host. When an external app URL contains the `$SESSION_TOKEN` placeholder the CLI replaces it with the user's real session token before handing the URL to the OS open handler. Practical exploitation requires the victim to run `coder open app` against a workspace whose external app definition the attacker controls. Only a malicious template author can control external app URLs. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 applies a URL-scheme allowlist in the CLI and limits `$SESSION_TOKEN` substitution to trusted destinations like the web frontend. As a workaround, avoid running `coder open app` for untrusted workspaces."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:56:53.370657Z","id":"CVE-2026-55431","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-522"},{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26146","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-v54h-cp2w-9x4g","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55432","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T01:16:27.620","lastModified":"2026-07-08T19:40:36.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, letting a workspace owner exceed the administrator's configured maximum. Exploitation requires the ability to register sub-agent apps in a workspace the attacker controls. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2clamps the sub-agent app sharing level to the template's `MaxPortSharingLevel`. As a workaround, disable wildcard app hostnames (`CODER_WILDCARD_ACCESS_URL`) to block subdomain-based app routing."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:51:04.699684Z","id":"CVE-2026-55432","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26061","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-x9qq-2qh5-8rxf","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55433","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T01:16:27.760","lastModified":"2026-07-08T19:39:45.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only `ActionRead` on the workspace and, unlike the sibling delete endpoint, performed no `ActionUpdate` check before triggering the destructive rebuild. Exploitation requires an existing low-privilege role with access to the target workspace. The fix in versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2 adds an explicit `ActionUpdate` authorization check before the agent is dialed like the delete endpoint. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:01:36.512667Z","id":"CVE-2026-55433","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/25812","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-jqj2-x4c5-jfxm","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55436","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T01:16:27.890","lastModified":"2026-07-08T19:39:30.790","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned a secure transport when an upstream proxy was configured. In the default configuration (no upstream proxy), outbound HTTPS to the Coder access URL accepted any TLS certificate. Practical exploitation requires an on-path (man-in-the-middle) position between the AI Bridge Proxy and the Coder server. Deployments where they are co-located over loopback are effectively unaffected. The fix in versions 2.32.7, 2.33.8, and 2.34.2 applies the secure transport (TLS 1.2 or higher using system root CAs) unconditionally. As a workaround, ensure the Coder access URL uses a trusted certificate and secure the network path between the AI Bridge Proxy and the Coder server (for example, loopback or mTLS)."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:11:39.614123Z","id":"CVE-2026-55436","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26131","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-84rm-42xw-mx52","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55437","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T01:16:28.020","lastModified":"2026-07-08T19:38:48.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the `AgentLogLine` dashboard component instantiated `ansi-to-html` without `escapeXML: true` and inserted the result via `dangerouslySetInnerHTML` so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Exploitation requires a victim to view attacker-controlled agent logs in the dashboard. The fix in versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2 enables `escapeXML: true` so HTML metacharacters are escaped before DOM insertion. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:00:28.554141Z","id":"CVE-2026-55437","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/25808","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-7qw2-f75v-62f7","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-55438","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T01:16:28.150","lastModified":"2026-07-08T19:38:38.473","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, the workspace was resolved by ID without confirming the URL's username matched the real owner, while the CORS middleware trusted the unverified username in the hostname. Practical exploitation requires subdomain app routing (wildcard hostname) enabled and a victim who visits the attacker's crafted app URL while authenticated. The fix in versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2 validates the subdomain username against the resolved workspace's actual owner and bases the same-owner CORS decision on the authoritative owner identity. No known workarounds are available."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"coder","product":"coder","versions":[{"version":">= 2.34.0, < 2.34.2","status":"affected"},{"version":">= 2.33.0, < 2.33.8","status":"affected"},{"version":">= 2.30.0, < 2.32.7","status":"affected"},{"version":"< 2.29.17","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:56:25.900709Z","id":"CVE-2026-55438","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionEndExcluding":"2.29.17","matchCriteriaId":"F97FAF48-192E-4814-82A5-085C44F1D261"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.30.0","versionEndExcluding":"2.32.7","matchCriteriaId":"7ABD4A9B-6AE8-47D8-A1B7-91E42EE0481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.33.0","versionEndExcluding":"2.33.8","matchCriteriaId":"F759EEF3-6EAE-475B-85F8-38E7D7B47438"},{"vulnerable":true,"criteria":"cpe:2.3:a:coder:coder:*:*:*:*:*:go:*:*","versionStartIncluding":"2.34.0","versionEndExcluding":"2.34.2","matchCriteriaId":"397A02BF-6CF6-40B1-B792-D7CB9D229050"}]}]}],"references":[{"url":"https://github.com/coder/coder/pull/26085","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/pull/26086","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/coder/coder/releases/tag/v2.29.17","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.32.7","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.33.8","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/releases/tag/v2.34.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/coder/coder/security/advisories/GHSA-5wg6-jmq2-53pw","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-14158","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:26.463","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widget_logic_visual_check_visibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action combined with insufficient sanitization of the 'nwlv[cod-tag]' parameter before storage and subsequent use in an eval() call. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the server."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"totalbounty","product":"Widget Logic Visual","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.52","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:45:05.011451Z","id":"CVE-2026-14158","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/widget-logic-visual/trunk/ajax.php#L14","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/widget-logic-visual/trunk/ajax.php#L91","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/widget-logic-visual/trunk/custom.php#L50","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5d82e9e2-c572-4911-a6a5-1384844214b0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14244","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:26.700","lastModified":"2026-07-08T16:16:27.013","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"jssor","product":"Jssor Slider by jssor.com","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.1.24","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:08:06.178479Z","id":"CVE-2026-14244","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/interface/api/class-jssor-slider-admin-controller.php#L307","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/interface/api/class-jssor-slider-admin-controller.php#L414","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/interface/api/class-jssor-slider-admin-controller.php#L43","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/interface/api/class-jssor-slider-admin-controller.php#L506","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/jssor-slider-dispatcher.php#L96","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/jssor-slider/tags/3.1.24/jssor-slider.php#L128","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd880c9-75fe-420b-ae41-558678adb57b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14482","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:26.840","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an always-empty WordPress option, which allows the endpoint's `update_option` handler to pass attacker-controlled `option` and `value` parameters directly to WordPress's `update_option` function without any allowlist or sanitization. This makes it possible for unauthenticated attackers to update arbitrary WordPress options — such as setting `default_role` to `administrator` and enabling open registration — and subsequently register an account with full administrator privileges."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"shen2","product":"多说社会化评论框","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:57:36.253903Z","id":"CVE-2026-14482","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/LocalServer.php#L49","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/LocalServer.php#L54","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/api.php#L40","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/732c7ccd-de50-4e27-8cb9-3bb0ed30f0b4?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14487","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:26.980","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The scf_get_id_upload endpoint freely issues a valid scf_upload_file_removal nonce to any unauthenticated visitor, and the removal endpoint's secondary hash check is forgeable offline because it relies on a hardcoded salt embedded in the plugin source, meaning neither control presents a real authorization boundary."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tombgtn","product":"Simple Coherent Form","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.4.13","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:12:15.352165Z","id":"CVE-2026-14487","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L1387","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L1494","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L1521","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L1544","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/simple-coherent-form/tags/2.4.13/includes/fields/file.php#L43","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f4831e75-dc0e-4d6f-b2cb-8498d8629319?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9701","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:28.977","lastModified":"2026-07-08T18:16:35.717","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Eventer plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 4.4.2. The plugin stores a plaintext copy of the password reset key in the `eventer_verification_code` user meta field when a user requests a password reset. The plaintext key stored in `wp_usermeta` can be used with the plugin's custom reset action to set a new password for any user. Combined with another vulnerability such as SQL Injection (CVE-2026-9700), this makes it possible for unauthenticated attackers to extract the plaintext reset key and take over any user account, including administrators. Note: The password reset function only works up to PHP version 7.4."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"joe007","product":"Eventer","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:47:48.350133Z","id":"CVE-2026-9701","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-289"}]}],"references":[{"url":"https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/bc656765-1eac-4a96-99e9-c22d64984923?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9842","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T05:16:29.097","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the `manage_options` capability to the `backstage_customizer_user` demo role, which is more permissive than necessary for Customizer-only demo access. This makes it possible for unauthenticated attackers to navigate beyond the Customizer and update arbitrary WordPress options such as `default_role`, leading to privilege escalation."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"pixelgrade","product":"Backstage – Customizer Demo Access","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:00:54.003774Z","id":"CVE-2026-9842","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/backstage/tags/1.4.2/includes/class-Backstage.php#L154","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/backstage/tags/1.4.2/includes/class-Backstage.php#L348","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5bcf1f02-0946-4e96-a81b-00c7c48d64b3?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-10570","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:20.720","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symp_arfe_replace_content() function, which uses str_replace() to substitute raw ACF field values (retrieved via get_field()) directly into Elementor-rendered HTML without any escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"idocoh","product":"Sympl Repeater for ACF and Elementor","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:40:27.624321Z","id":"CVE-2026-10570","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/acf-repeater-for-elementor/tags/2.3/sympl-repeater-for-acf-and-elementor.php#L179","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/acf-repeater-for-elementor/tags/2.3/sympl-repeater-for-acf-and-elementor.php#L99","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/daa38c2c-9992-400b-acef-dcd37f9c7269?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-11798","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:21.707","lastModified":"2026-07-08T16:16:26.770","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateor_mastodon_share' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"the_champ","product":"Social Share, Social Login and Social Comments Plugin – Super Socializer","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"7.14.5","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:06:35.384620Z","id":"CVE-2026-11798","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/super-socializer/tags/7.14.5/helper.php#L1243","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/super-socializer/tags/7.14.5/helper.php#L1246","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/37d9171d-4722-4ebc-a773-9fd497bc12cf?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12041","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:21.853","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"chatra","product":"Chatra Live Chat + ChatBot + Cart Saver","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.12","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:59:14.619642Z","id":"CVE-2026-12041","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/chatra-live-chat/tags/1.0.12/chatra.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/chatra-live-chat/tags/1.0.12/chatra.php#L61","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/75da660b-04c7-4f15-b49d-2aa320ef5b4b?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12097","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:22.000","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to modify the plugin's export field configuration stored in the uiewp_export_field option, controlling which user fields such as password hashes are included in CSV exports and how columns are mapped during imports."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"saadiqbal","product":"User Management","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:12:51.875969Z","id":"CVE-2026-12097","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/user-management/tags/1.2/includes/model.php#L21","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-management/tags/1.2/includes/model.php#L729","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-management/tags/1.2/includes/model.php#L853","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/user-management/tags/1.2/users-imp-exp-wpexperts.php#L22","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4f1d0a07-254c-4df9-90a4-966dff014df0?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12153","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:22.157","lastModified":"2026-07-08T18:16:30.763","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins from the WordPress.org repository on the vulnerable site."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"rabilal","product":"WP Learn Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:39:00.577656Z","id":"CVE-2026-12153","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/learn-manager/tags/1.1.8/includes/ajax.php#L15","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learn-manager/tags/1.1.8/includes/ajax.php#L8","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learn-manager/tags/1.1.8/modules/jslearnmanager/model.php#L879","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/learn-manager/tags/1.1.8/modules/jslearnmanager/model.php#L920","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8cbf5121-2511-4e21-a346-67fa1e34fc02?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14489","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:22.307","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"globalprogramming","product":"WHMCS Bridge","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:48:00.445998Z","id":"CVE-2026-14489","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/bridge.init.php#L482","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/bridge.init.php#L809","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/bridge.init.php#L852","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/includes/request.class.php#L296","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/whmcs-bridge/tags/6.9/includes/request.class.php#L309","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c4fe6dcc-93c8-4956-85ae-a1125bc84509?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14495","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:22.443","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The DoLogin Security plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Randomness in all versions up to, and including, 4.3. The vulnerability exists because `dologin\\s::rrand()` seeds the Mersenne Twister with `mt_srand((double) microtime() * 1000000)` — discarding the integer-seconds component of `microtime()` and constraining the seed to a range of approximately 10^6 values (~20 bits of entropy) — after which every character of the 32-character magic-link token is drawn sequentially with `mt_rand()`, making the entire token a deterministic function of that seed. Because `Pswdless::try_login()` is registered on the unauthenticated `init` hook, resolves the target account by the auto-increment numeric ID embedded in the `?dologin=<id>.<hash>` parameter, performs the hash comparison using a non-constant-time `!=` operator, and then calls `wp_set_auth_cookie()` directly — never passing through `wp_authenticate()` and therefore never triggering the plugin's own `Auth::_has_login_err()` lockout — an unauthenticated attacker can brute-force the ~10^6-candidate seed space to reconstruct an active passwordless login token and authenticate as any targeted user, including administrators, without a password. Exploitation requires that a valid, unexpired passwordless login link (active for up to 7 days) exists for the target account at the time of the attack, and that the numeric link ID is known or guessable from the auto-increment primary key."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdo5ea","product":"DoLogin Security","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:43:37.967188Z","id":"CVE-2026-14495","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-338"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L197","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L27","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/pswdless.cls.php#L86","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/dologin/tags/4.3/src/s.cls.php#L240","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/16bce371-b524-48eb-8537-3f9df802abd3?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14500","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:22.583","lastModified":"2026-07-08T16:16:27.123","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouw_fetch_csv_data() AJAX handler being registered on the wp_ajax_nopriv_ hook with no capability or nonce check, and passing the attacker-supplied csv_url POST parameter — filtered only by esc_url_raw() (which leaves absolute filesystem paths intact) and validate_file() (which only rejects '..' traversal patterns) — directly into fopen()/fgetcsv() and reflecting the first parsed line in the JSON response. This makes it possible for unauthenticated attackers to read the first line of arbitrary files on the server (such as /etc/passwd) and to use the handler as a file-existence oracle."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"sayantandas20","product":"Bulk Order Update for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.6","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:03:58.642046Z","id":"CVE-2026-14500","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/bulk-order-update-for-woocommerce/tags/1.6/inc/plugin-html.php#L23","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bulk-order-update-for-woocommerce/tags/1.6/inc/plugin-html.php#L33","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/bulk-order-update-for-woocommerce/tags/1.6/inc/plugin-html.php#L48","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d3aa1f74-6372-4abe-894b-07ad3e81ea81?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-56437","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-08T06:16:22.733","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege."}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"Fuji Electric Co.,Ltd.","product":"Pupsman","versions":[{"version":"prior to 3.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:57:37.716692Z","id":"CVE-2026-56437","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN62347140/","source":"vultures@jpcert.or.jp"},{"url":"https://www.fujielectric.co.jp/products/power_supply/ups/product_detail/software_pupsman.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-57895","sourceIdentifier":"vultures@jpcert.or.jp","published":"2026-07-08T06:16:22.900","lastModified":"2026-07-08T15:07:37.767","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege"}],"affected":[{"source":"vultures@jpcert.or.jp","affectedData":[{"vendor":"Fuji Electric Co.,Ltd.","product":"Pupsman","versions":[{"version":"prior to 3.9.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV30":[{"source":"vultures@jpcert.or.jp","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:56:32.270683Z","id":"CVE-2026-57895","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"vultures@jpcert.or.jp","type":"Secondary","description":[{"lang":"en","value":"CWE-276"}]}],"references":[{"url":"https://jvn.jp/en/jp/JVN62347140/","source":"vultures@jpcert.or.jp"},{"url":"https://www.fujielectric.co.jp/products/power_supply/ups/product_detail/software_pupsman.html","source":"vultures@jpcert.or.jp"}]}},{"cve":{"id":"CVE-2026-9700","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:23.043","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"joe007","product":"Eventer","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.4.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:58:39.229719Z","id":"CVE-2026-9700","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3b0a3a-ce4b-40fd-9519-a81e315cee42?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-9731","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T06:16:23.217","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Wp Js Detect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the plugin_settings function. This makes it possible for unauthenticated attackers to update the plugin's notification text and CSS settings (wp_non_js_notification_text and wp_non_js_notification_css), injecting arbitrary content that is echoed unescaped on the frontend via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpkuf","product":"Wp Js Detect","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.9","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:13:12.998854Z","id":"CVE-2026-9731","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/wp-js-detect/trunk/wp-js-detect.php#L190","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-js-detect/trunk/wp-js-detect.php#L192","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-js-detect/trunk/wp-js-detect.php#L193","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-js-detect/trunk/wp-js-detect.php#L250","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/afca7b14-f3bb-4612-b81c-bde120b380ba?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12378","sourceIdentifier":"contact@wpscan.com","published":"2026-07-08T07:16:46.550","lastModified":"2026-07-08T14:56:35.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Appointment Booking Calendar Plugin and Scheduling Plugin  WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this can be leveraged to achieve remote code execution."}],"affected":[{"source":"contact@wpscan.com","affectedData":[{"vendor":"Unknown","product":"Appointment Booking Calendar Plugin and Scheduling Plugin","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"1.1.28","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T10:03:52.140888Z","id":"CVE-2026-12378","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"references":[{"url":"https://wpscan.com/vulnerability/eb3abb88-43c3-42a8-a8a8-2ad67d37e020/","source":"contact@wpscan.com"}]}},{"cve":{"id":"CVE-2026-9695","sourceIdentifier":"3DS.Information-Security@3ds.com","published":"2026-07-08T07:16:46.870","lastModified":"2026-07-08T15:30:04.497","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server."}],"affected":[{"source":"3DS.Information-Security@3ds.com","affectedData":[{"vendor":"Dassault Systèmes","product":"DELMIA Apriso","defaultStatus":"unaffected","versions":[{"version":"Release 2020 Golden","lessThanOrEqual":"Release 2020 SP4","versionType":"custom","status":"affected"},{"version":"Release 2021 Golden","lessThanOrEqual":"Release 2021 SP3","versionType":"custom","status":"affected"},{"version":"Release 2022 Golden","lessThanOrEqual":"Release 2022 SP4","versionType":"custom","status":"affected"},{"version":"Release 2023 Golden","lessThanOrEqual":"Release 2023 SP3","versionType":"custom","status":"affected"},{"version":"Release 2024 Golden","lessThanOrEqual":"Release 2024 SP2","versionType":"custom","status":"affected"},{"version":"Release 2025 Golden","lessThanOrEqual":"Release 2025 SP1","versionType":"custom","status":"affected"},{"version":"Release 2026 Golden","lessThanOrEqual":"Release 2026 SP1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:46:02.952002Z","id":"CVE-2026-9695","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"references":[{"url":"https://www.3ds.com/trust-center/security/security-advisories/cve-2026-9695","source":"3DS.Information-Security@3ds.com"}]}},{"cve":{"id":"CVE-2026-6280","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-08T09:16:34.403","lastModified":"2026-07-08T14:57:28.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"NOMYSOFT Informatics Education and Consulting Inc.","product":"Nomysem","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"08072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:09:17.803895Z","id":"CVE-2026-6280","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-213"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0516","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2025-14785","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:18.223","lastModified":"2026-07-08T18:16:28.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Website Builder by SeedProd - Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `seedprodnestedmenuwidget` shortcode in all versions up to, and including, 6.20.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"seedprod","product":"Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.20.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:30:17.467675Z","id":"CVE-2025-14785","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3565979/coming-soon/trunk/app/nestednavmenu.php?old=3422960&old_path=coming-soon%2Ftrunk%2Fapp%2Fnestednavmenu.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ba751f98-f86c-451b-8a12-a2e9e76768e5?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12936","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:19.923","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with shop manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"devitemsllc","product":"Recurio – Ultimate Subscription for WooCommerce","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.1.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:14:18.151346Z","id":"CVE-2026-12936","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/recurio/tags/1.1.2/includes/core/class-subscription-engine.php#L1095","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/recurio/tags/1.1.2/includes/core/class-subscription-engine.php#L301","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3593971%40recurio&new=3593971%40recurio","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/4b34ad23-246e-42ba-89de-5985043848be?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-14250","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:20.200","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handle_frontend_register() function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and validating it only against get_editable_roles() — which returns every defined editable site role, including 'editor' — before passing it to wp_insert_user(). This makes it possible for unauthenticated attackers, when public user registration is enabled, to create new accounts with the editor role."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"themehunk","product":"TH Login Registration","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T12:37:59.763190Z","id":"CVE-2026-14250","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L243","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L782","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L811","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L82","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?reponame=&old=3592690%40themehunk-login-registration&new=3592690%40themehunk-login-registration","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8eee3809-133e-4fd9-ad49-cc6fe3822457?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-3688","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:20.430","lastModified":"2026-07-08T16:16:28.610","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.10. This is due to the 'wcfmvm_membership_change' AJAX action not validating user permission to modify other users. This makes it possible for authenticated attackers, with vendor level access and above, to change any user's role to 'wcfm_vendor' by changing their membership plan."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wclovers","product":"WCFM Membership – WooCommerce Memberships for Multivendor Marketplace","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2.11.10","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:00:56.429002Z","id":"CVE-2026-3688","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3520777/wc-multivendor-membership","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8a934ccd-9330-4585-9994-838940d24980?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-41042","sourceIdentifier":"security@apache.org","published":"2026-07-08T12:17:20.550","lastModified":"2026-07-08T20:16:49.380","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino.\n\nThis issue affects Apache Gravitino: before 1.2.1.\n\nUsers are recommended to upgrade to version 1.2.1, which fixes the issue.\n\nThis issue only happens when using H2, and H2 is mainly used for testing and local development. Also, Gravitino is typically deployed in the internal environment, so the severity is low."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"Apache Software Foundation","product":"Apache Gravitino","defaultStatus":"unaffected","collectionURL":"https://repo.maven.apache.org/maven2","packageName":"org.apache.gravitino:gravitino-catalog-jdbc-common","versions":[{"version":"0","lessThan":"1.2.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:07:46.248529Z","id":"CVE-2026-41042","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"references":[{"url":"https://lists.apache.org/thread/vdh88wc6j5b38v65ncb111wbbnkf6bvm","source":"security@apache.org"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/5","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-6230","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:20.660","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Tainacan plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geoquery' parameter in all versions up to and including 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"tainacan","product":"Tainacan","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:59:54.333220Z","id":"CVE-2026-6230","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://github.com/tainacan/tainacan/commit/579d28d7752b27ed3407f5197abb6349b3efc3c9","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/241d9cd3-9331-49b2-8083-dc646070488e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6371","sourceIdentifier":"iletisim@usom.gov.tr","published":"2026-07-08T12:17:20.780","lastModified":"2026-07-08T14:57:28.893","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS.\n\nThis issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}],"affected":[{"source":"iletisim@usom.gov.tr","affectedData":[{"vendor":"Limatek System Inc.","product":"LimRAD NAC","defaultStatus":"unknown","versions":[{"version":"0","lessThanOrEqual":"08072026","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"iletisim@usom.gov.tr","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:23:51.555520Z","id":"CVE-2026-6371","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"iletisim@usom.gov.tr","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0517","source":"iletisim@usom.gov.tr"}]}},{"cve":{"id":"CVE-2026-6742","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:20.893","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"mdempfle","product":"Advanced iFrame","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"2026.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:21:32.811076Z","id":"CVE-2026-6742","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3558422/advanced-iframe","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9c4ca8-e5cd-4c4f-8d81-b06367c89fd7?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6818","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:21.017","lastModified":"2026-07-08T18:16:35.323","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'special_requests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"e4jvikwp","product":"VikBooking Hotel Booking Engine & PMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.8.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:30:44.708889Z","id":"CVE-2026-6818","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/vikbooking/tags/1.8.9/admin/helpers/widgets/booking_details.php#L684","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/vikbooking/tags/1.8.9/admin/views/editorder/tmpl/default.php#L2717","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/vikbooking/tags/1.8.9/admin/views/orders/tmpl/default.php#L769","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/13a96e78-c83c-4ff1-a751-3dbaeb683d9d?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6854","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T12:17:21.137","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'mc_auth' parameter in all versions up to, and including, 3.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"joedolson","product":"My Calendar – Accessible Event Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"3.7.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:11:40.613858Z","id":"CVE-2026-6854","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3515996/my-calendar","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/aa1ed81c-04cb-4ccd-8c30-b1d943730909?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-12002","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:28.380","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.11.1. This is due to missing or incorrect nonce validation on the maybe_connection_data function. This makes it possible for unauthenticated attackers to overwrite the site's Instagram and Facebook oEmbed access tokens via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"smub","product":"Smash Balloon Social Photo Feed – Easy Social Feeds Plugin","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.11.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:02:53.626151Z","id":"CVE-2026-12002","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3575933/instagram-feed/trunk/admin/SBI_oEmbeds.php?old=3289310&old_path=instagram-feed%2Ftrunk%2Fadmin%2FSBI_oEmbeds.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/abe6366a-3729-474f-8920-b5ed2eeab906?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-5356","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:56.767","lastModified":"2026-07-08T16:16:34.673","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it possible for unauthenticated attackers to pay an arbitrary amount by supplying a previously succeeded PaymentIntent token."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"latepoint","product":"LatePoint – Calendar Booking Plugin for Appointments and Events","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"5.4.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:02:04.174465Z","id":"CVE-2026-5356","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3509569/latepoint","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1b1338c4-36a8-47b0-b3cf-c5dc690f8c1c?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-5459","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:56.887","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.1 via the payment_page() function due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to activate a free subscription pack for any user on the site, overwriting their existing paid subscription and causing loss of paid features."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wedevs","product":"User Frontend: AI Powered Frontend Posting, User Directory, Profile Builder, Membership & User Registration","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.3.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:00:40.858181Z","id":"CVE-2026-5459","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3514258/wp-user-frontend","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/a02d9a01-1104-4935-8074-af4367c66278?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6459","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:57.380","lastModified":"2026-07-08T15:16:32.627","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on event titles sourced from The Events Calendar. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"wpdevteam","product":"Essential Addons for Elementor – Popular Elementor Templates & Widgets","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"6.6.2","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:11:15.978399Z","id":"CVE-2026-6459","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3519453/essential-addons-for-elementor-lite","source":"security@wordfence.com"},{"url":"https://research.cleantalk.org/cve-2026-6459","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3214a5-7044-4005-a200-c969d4487be2?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6740","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:57.653","lastModified":"2026-07-08T18:16:35.223","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"posimyththemes","product":"Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"4.7.4","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:16:29.266059Z","id":"CVE-2026-6740","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3512686/the-plus-addons-for-block-editor/trunk/classes/blocks/tp-post-meta/index.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5184598-b0bd-4026-971c-da36d79497df?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-6820","sourceIdentifier":"security@wordfence.com","published":"2026-07-08T13:16:57.780","lastModified":"2026-07-08T14:55:07.843","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"e4jvikwp","product":"VikBooking Hotel Booking Engine & PMS","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.8.8","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:10:17.505580Z","id":"CVE-2026-6820","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/vikbooking/tags/1.8.9/admin/controller.php#L11208","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/vikbooking/tags/1.8.9/site/controller.php#L307","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b4586a-f87d-4a51-8f4e-932d7254518e?source=cve","source":"security@wordfence.com"}]}},{"cve":{"id":"CVE-2026-15033","sourceIdentifier":"cna@vuldb.com","published":"2026-07-08T14:16:56.273","lastModified":"2026-07-08T18:16:32.257","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"christopherthielen","product":"check-peer-dependencies","cpes":["cpe:2.3:a:christopherthielen:check-peer-dependencies:*:*:*:*:*:*:*:*"],"modules":["peerDependencies"],"versions":[{"version":"4.3.0","status":"affected"},{"version":"4.3.1","status":"affected"},{"version":"4.3.2","status":"affected"},{"version":"4.3.3","status":"affected"},{"version":"4.3.4","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:15:23.390150Z","id":"CVE-2026-15033","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-77"},{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/christopherthielen/check-peer-dependencies/","source":"cna@vuldb.com"},{"url":"https://github.com/christopherthielen/check-peer-dependencies/issues/74","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15033","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850875","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376784","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376784/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-15034","sourceIdentifier":"cna@vuldb.com","published":"2026-07-08T14:16:56.460","lastModified":"2026-07-08T15:16:25.730","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"flask-dashboard","product":"Flask-MonitoringDashboard","cpes":["cpe:2.3:a:flask-dashboard:flask-monitoringdashboard:*:*:*:*:*:*:*:*"],"versions":[{"version":"5.0.0","status":"affected"},{"version":"5.0.1","status":"affected"},{"version":"5.0.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:21:09.096912Z","id":"CVE-2026-15034","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"},{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/flask-dashboard/Flask-MonitoringDashboard/","source":"cna@vuldb.com"},{"url":"https://github.com/flask-dashboard/Flask-MonitoringDashboard/issues/557","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-15034","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850877","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850878","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850879","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/850880","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376785","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/376785/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-41122","sourceIdentifier":"security_alert@emc.com","published":"2026-07-08T14:16:58.197","lastModified":"2026-07-08T20:09:50.337","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability. Exploitation may lead to information disclosure, session theft, or client-side request forgery."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:25:12.097052Z","id":"CVE-2026-41122","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndExcluding":"7.13.1.80","matchCriteriaId":"064F56BA-B974-4133-9DFA-B13D503766AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.14.0.0","versionEndExcluding":"8.3.1.40","matchCriteriaId":"EB4BB568-B169-4202-94E0-8D808419241B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndExcluding":"8.6.1.20","matchCriteriaId":"BA61361F-FED8-4936-A9F6-FFA35BE413F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.7.0.0","versionEndExcluding":"8.8.0.0","matchCriteriaId":"4BA45B0F-6A67-476D-9101-0DDC91B77D51"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities?msockid=3021cac2195069ed3194ddad186a68f9","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-53480","sourceIdentifier":"security_alert@emc.com","published":"2026-07-08T14:17:03.880","lastModified":"2026-07-08T20:09:53.847","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory ('path traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized file modification."}],"affected":[{"source":"security_alert@emc.com","affectedData":[{"vendor":"Dell","product":"PowerProtect Data Domain","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"8.8.0.0 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.6.1.20 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"8.3.1.40 or later","versionType":"semver","status":"affected"},{"version":"0","lessThan":"7.13.1.80 or later","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security_alert@emc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:29:20.663485Z","id":"CVE-2026-53480","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security_alert@emc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.1.0","versionEndExcluding":"7.13.1.80","matchCriteriaId":"064F56BA-B974-4133-9DFA-B13D503766AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"7.14.0.0","versionEndExcluding":"8.3.1.40","matchCriteriaId":"EB4BB568-B169-4202-94E0-8D808419241B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.4.0.0","versionEndExcluding":"8.6.1.20","matchCriteriaId":"BA61361F-FED8-4936-A9F6-FFA35BE413F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:data_domain_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"8.7.0.0","versionEndExcluding":"8.8.0.0","matchCriteriaId":"4BA45B0F-6A67-476D-9101-0DDC91B77D51"}]}]}],"references":[{"url":"https://www.dell.com/support/kbdoc/en-us/000481268/dsa-2026-278-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities?msockid=3021cac2195069ed3194ddad186a68f9","source":"security_alert@emc.com","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2026-54061","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T14:17:06.520","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port `:9080` without authentication or authorization. As a result, an unauthenticated network client can open `StreamExtSnapshot` and send Badger stream data to the target group’s store. In addition, the receiver calls `Prepare()` before processing the stream. This operation deletes and replaces the existing DB data. Version 25.3.5 patches the issue."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"dgraph-io","product":"dgraph","versions":[{"version":"< 25.3.5","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:26:08.694479Z","id":"CVE-2026-54061","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://github.com/dgraph-io/dgraph/releases/tag/v25.3.5","source":"security-advisories@github.com"},{"url":"https://github.com/dgraph-io/dgraph/security/advisories/GHSA-rrwh-6jrq-wp5v","source":"security-advisories@github.com"},{"url":"https://github.com/dgraph-io/dgraph/security/advisories/GHSA-rrwh-6jrq-wp5v","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56217","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.107","lastModified":"2026-07-08T15:16:30.547","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a policy bypass vulnerability in app_versions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the app_versions table via PostgREST to clear session_key and key_id fields, bypassing organization-enforced encrypted-bundle policies and weakening OTA security controls."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:28:32.016164Z","id":"CVE-2026-56217","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-4qwf-mrgx-mvfx","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-encrypted-bundle-policy-bypass-via-direct-postgrest-update","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-4qwf-mrgx-mvfx","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56220","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.277","lastModified":"2026-07-08T18:16:33.370","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSERT policy that allows read-only org members to insert OTA manifest rows. Attackers with read-only org access can inject malicious manifest entries with arbitrary s3_path values that are served to devices via the unauthenticated /updates endpoint, enabling OTA metadata poisoning and potential malicious asset delivery."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:43:43.750779Z","id":"CVE-2026-56220","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vmgg-crr8-887p","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthorized-manifest-insertion-via-read-only-org-member","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vmgg-crr8-887p","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56226","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.413","lastModified":"2026-07-08T17:17:25.070","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase PostgREST RPC function public.get_orgs_v6(userid uuid), which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. Because the function accepts a caller-supplied user UUID without verifying it matches the authenticated user, an attacker using only the public publishable API key can query POST /rest/v1/rpc/get_orgs_v6 with an arbitrary user UUID to retrieve that user's organization membership, roles, subscription/trial metadata, and management_email (PII)."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:50:49.697618Z","id":"CVE-2026-56226","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-m7mm-35v3-82f4","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-organization-data-disclosure-via-get-orgs-v6-rpc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-m7mm-35v3-82f4","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56246","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.543","lastModified":"2026-07-08T15:16:30.667","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key (limited_to_orgs) inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mode API key restricted to one organization, that key can still perform destructive operations (e.g., DELETE /organization, DELETE /organization/members) against another organization. The root cause is route-level authorization (rbac_check_permission_direct) that evaluates the key owner's user privileges before enforcing the API key's limited_to_orgs scope."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:23:42.457115Z","id":"CVE-2026-56246","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ccm4-hf72-p28m","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-cross-organization-authorization-bypass-via-scoped-api-key-privilege-inheritance","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-ccm4-hf72-p28m","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56250","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.673","lastModified":"2026-07-08T15:16:30.780","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable app_versions.r2_path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2_path to point to victim objects, soft-delete the attacker-controlled version, and trigger the on_version_update cleanup function to delete the victim R2 object, causing denial of service and bundle availability disruption."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:23:06.122727Z","id":"CVE-2026-56250","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-pw8p-5jg6-cxj3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-arbitrary-r2-object-deletion-via-mutable-r2-path-in-app-versions","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-pw8p-5jg6-cxj3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56283","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:15.970","lastModified":"2026-07-08T15:16:30.887","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and reputational damage."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"ACTIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:27:33.680973Z","id":"CVE-2026-56283","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vhvc-gxfh-m85g","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-html-injection-leading-to-open-redirection-in-organization-settings","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-vhvc-gxfh-m85g","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56284","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:16.100","lastModified":"2026-07-08T18:16:33.487","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.get_total_metrics(org_id), which is callable by the anon role using only the public sb_publishable_* key. An unauthenticated attacker can probe organization existence and leak sensitive usage metrics including MAU, bandwidth, and install counts by sending POST requests to /rest/v1/rpc/get_total_metrics with valid organization UUIDs."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Cap-go","product":"capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:42:24.225760Z","id":"CVE-2026-56284","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-h5jf-xgvh-hgjw","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-unauthenticated-metrics-disclosure-via-get-total-metrics-rpc","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-h5jf-xgvh-hgjw","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56293","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:16.230","lastModified":"2026-07-08T17:17:25.180","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 contains an authorization flaw in transfer_app() that fails to update deploy_history.owner_org when transferring applications between organizations. Attackers can exploit this omission to retain unauthorized access to deployment history records in the source organization or cause the destination organization to lose access to transferred application deployment records."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:48:09.723503Z","id":"CVE-2026-56293","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-854w-xj7g-prv3","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-stale-cross-organization-authorization-via-incomplete-deploy-history-update-in-transfer-app","source":"disclosure@vulncheck.com"},{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-854w-xj7g-prv3","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-56298","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:16.493","lastModified":"2026-07-08T15:16:31.110","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Capgo","product":"Capgo","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"12.128.2","versionType":"semver","status":"affected"},{"version":"12.128.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:30:45.448910Z","id":"CVE-2026-56298","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://github.com/Cap-go/capgo/security/advisories/GHSA-62jm-xp28-x4xw","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/capgo-exif-metadata-exposure-in-app-information-image-upload","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-56360","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:16.757","lastModified":"2026-07-08T19:32:49.430","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhooks in the ZendeskTrigger node. Attackers who know the webhook URL can send unsigned POST requests to trigger workflows with arbitrary malicious data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.18","versionType":"semver","status":"affected"},{"version":"1.123.18","versionType":"semver","status":"unaffected"},{"version":"2.0.0","lessThan":"2.6.2","versionType":"semver","status":"affected"},{"version":"2.6.2","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:26:12.814964Z","id":"CVE-2026-56360","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.123.18","matchCriteriaId":"C1A36047-7403-4520-87D8-2E595FB23EE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.6.2","matchCriteriaId":"9D868ACF-A987-40C2-B38C-E9CE01E5C0F2"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-38c7-23hj-2wgq","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-webhook-forgery-via-unsigned-post-requests-in-zendesktrigger","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56775","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:17.420","lastModified":"2026-07-08T19:31:35.683","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutating evaluation test-run endpoints that authorize state-changing actions using the workflow:read scope instead of the action-appropriate workflow:execute scope. On instances using Advanced Permissions (Enterprise/Cloud) with projects and viewer roles, an authenticated user with the project:viewer role can start new evaluation test runs, cancel in-flight runs, and delete run records for workflows they only have read access to."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"1.123.55","versionType":"semver","status":"affected"},{"version":"1.123.55","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.26.2","versionType":"semver","status":"affected"},{"version":"2.26.2","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.25.7","versionType":"semver","status":"affected"},{"version":"2.25.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:31:14.368940Z","id":"CVE-2026-56775","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionEndExcluding":"1.123.55","matchCriteriaId":"7CADF213-D8B6-4DFD-B965-502CD52B5390"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.25.7","matchCriteriaId":"A445DCA9-BBF0-4807-808E-B12335B73DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:enterprise:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"BC63FA56-62B7-4F7C-A218-C13F83ABA86C"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-664h-gpgq-h6xx","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-incorrect-oauth-scope-validation-in-evaluation-test-runs-endpoints","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-56778","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:17.683","lastModified":"2026-07-08T19:26:35.280","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to retry executions of that workflow, bypassing the intended permission boundary between read and execute access. This affects instances where workflows are shared with other users or across projects."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.26.2","versionType":"semver","status":"affected"},{"version":"2.26.2","versionType":"semver","status":"unaffected"}]},{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.25.7","versionType":"semver","status":"affected"},{"version":"2.25.7","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:24:00.966635Z","id":"CVE-2026-56778","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.25.7","matchCriteriaId":"BF3AA8D6-D35E-4D7B-B4E5-819275C0C91B"},{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionStartIncluding":"2.26.0","versionEndExcluding":"2.26.2","matchCriteriaId":"970A6AA3-03FF-4B9D-85C1-462C5C7F7171"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-h3jj-5f3v-3685","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-authorization-bypass-in-public-api-execution-retry-endpoint","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-58480","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:19.977","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Blocksy Companion Pro plugin for WordPress before 2.1.47 contains an unauthenticated arbitrary file upload vulnerability that allows attackers to upload executable files by bypassing extension validation in the save_attachments function exposed through the Advanced Reviews feature. Attackers can exploit the Custom Fonts extension's flawed strpos() substring check by uploading double-extension filenames such as shell.woff2.php, causing the validation to pass on the substring match while the web server executes the file as PHP, achieving remote code execution."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Creative Themes","product":"Blocksy Companion","defaultStatus":"affected","repo":"https://wordpress.org/plugins/blocksy-companion/","versions":[{"version":"0","lessThanOrEqual":"2.1.46","versionType":"semver","status":"affected"},{"version":"2.1.47","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.2,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T13:42:42.783542Z","id":"CVE-2026-58480","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://patchstack.com/database/wordpress/plugin/blocksy-companion/vulnerability/wordpress-blocksy-companion-plugin-2-1-46-unauthenticated-arbitrary-file-upload-vulnerability","source":"disclosure@vulncheck.com"},{"url":"https://wordpress.org/plugins/blocksy-companion/","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/blocksy-companion-pro-unauthenticated-file-upload-via-save-attachments","source":"disclosure@vulncheck.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/blocksy-companion/blocksy-companion-2146-unauthenticated-arbitrary-file-upload-via-blc-review-images-parameter","source":"disclosure@vulncheck.com"}]}},{"cve":{"id":"CVE-2026-58654","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:20.153","lastModified":"2026-07-08T18:16:33.873","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint (/api/v1/users/user/avatar). The endpoint validates only the client-declared MIME type (getClientMediaType) beginning with 'image/' and does not inspect the actual file content or restrict the resulting extension, allowing an authenticated user to store arbitrary content — including PHP code, SVG with embedded JavaScript, and polyglot payloads — under user/accounts/avatars/ with predictable filenames. Direct HTTP access to the stored files is blocked by .htaccess (returns 403), but the files persist on disk and could lead to remote code execution or stored XSS in the presence of a path traversal flaw or server misconfiguration. Fixed in 1.0.1."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Grav","product":"Grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"1.0.1","versionType":"semver","status":"affected"},{"version":"1.0.1","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:38:21.980163Z","id":"CVE-2026-58654","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-xc64-vh46-vph6","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-arbitrary-file-upload-via-avatar-endpoint","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-xc64-vh46-vph6","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58656","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:20.297","lastModified":"2026-07-08T17:17:25.530","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and responds with Access-Control-Allow-Origin: *, allowing unauthenticated attackers to make fully authenticated cross-origin API requests from any malicious website. Attackers who obtain a leaked JWT token from access logs, proxy logs, browser history, or Referrer headers can create persistent backdoor super-admin accounts and exfiltrate sensitive configuration and user data."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"getgrav","product":"grav","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.0.0-rc.15","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:44:29.470827Z","id":"CVE-2026-58656","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-598"}]}],"references":[{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-hqm9-5xxw-4qxp","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-api-plugin-cross-origin-admin-account-takeover-via-cors-wildcard-and-jwt-query-parameter","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-hqm9-5xxw-4qxp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-58657","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:20.440","lastModified":"2026-07-08T15:28:15.630","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection vulnerability in the Markdown image resize() media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute() fallbacks, but the resize() action in Excerpts::processMediaActions() writes caller-controlled values directly into the image's styleAttributes. A lower-privileged content editor who can edit page Markdown can store a crafted image URL with semicolon-delimited CSS declarations in the resize parameters, which are rendered into the final <img style=...> attribute when a higher-privileged reviewer/admin views the page or preview. This does not require JavaScript execution but enables UI redress/overlay and content-manipulation attacks (e.g., a full-viewport fixed overlay). Fixed in 2.0.0."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Grav","product":"Grav","defaultStatus":"unaffected","versions":[{"version":"2.0.0-rc.9","lessThan":"2.0.0","versionType":"semver","status":"affected"},{"version":"2.0.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:21:29.168366Z","id":"CVE-2026-58657","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://github.com/getgrav/grav/commit/6582166173bb8eb5869d96aea384e0e73777c94c","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/commit/e03d29aa0d3ece16d73c1ffccfa78df8bf5f28b8","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-ffmg-hfvg-jhg9","source":"disclosure@vulncheck.com"},{"url":"https://www.vulncheck.com/advisories/grav-stored-css-injection-via-markdown-image-resize-action","source":"disclosure@vulncheck.com"},{"url":"https://github.com/getgrav/grav/security/advisories/GHSA-ffmg-hfvg-jhg9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-59253","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T14:17:20.683","lastModified":"2026-07-08T19:25:45.483","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical integrity violations in target project folder structures."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"n8n","product":"n8n","defaultStatus":"unaffected","packageURL":"pkg:npm/n8n","versions":[{"version":"0","lessThan":"2.28.0","versionType":"semver","status":"affected"},{"version":"2.28.0","versionType":"semver","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T14:31:38.587009Z","id":"CVE-2026-59253","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:n8n:n8n:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.28.0","matchCriteriaId":"A8C6F90E-219B-4C79-8482-CC919C4AF1CC"}]}]}],"references":[{"url":"https://github.com/n8n-io/n8n/security/advisories/GHSA-2xgm-wc4g-5jvg","source":"disclosure@vulncheck.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.vulncheck.com/advisories/n8n-improper-authorization-in-workflow-assignment-to-folders","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2026-49145","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-08T15:16:27.563","lastModified":"2026-07-08T20:16:50.347","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc.\n\nack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include --files-from, so a project .ackrc can set it to a path whose listed files ack then reads and searches. Version 3.10.0 added --follow to the blocklist; --files-from remains accepted.\n\nA project .ackrc committed to an untrusted repository can make ack read files outside the project and print their matching lines."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"PETDANCE","product":"App::Ack","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"ack","programFiles":["lib/App/Ack/ConfigFinder.pm","lib/App/Ack/ConfigLoader.pm"],"programRoutines":[{"name":"App::Ack::ConfigFinder::find_config_files"},{"name":"App::Ack::ConfigLoader::_process_other"}],"repo":"https://github.com/beyondgrep/ack3","versions":[{"version":"0","lessThanOrEqual":"3.10.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:21:08.032707Z","id":"CVE-2026-49145","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-73"},{"lang":"en","value":"CWE-426"}]}],"references":[{"url":"https://metacpan.org/release/PETDANCE/ack-v3.10.0/source/Changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/7","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-49146","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-08T15:16:27.673","lastModified":"2026-07-08T20:16:50.503","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc.\n\nack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack sized the before-context buffer to that value, so a project .ackrc setting --before-context=100000000 made ack allocate a buffer of 100 million elements.\n\nA project .ackrc committed to an untrusted repository can abort ack with an out-of-memory condition."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"PETDANCE","product":"App::Ack","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"ack","programFiles":["lib/App/Ack/ConfigLoader.pm","ack"],"programRoutines":[{"name":"App::Ack::ConfigLoader::_context_value"}],"repo":"https://github.com/beyondgrep/ack3","versions":[{"version":"0","lessThan":"3.10.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:22:07.691262Z","id":"CVE-2026-49146","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://github.com/beyondgrep/ack3/commit/45ff5fe77dbd96f7332f31943102291f878f30b8.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/PETDANCE/ack-v3.10.0/source/Changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/8","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-49147","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-07-08T15:16:27.787","lastModified":"2026-07-08T20:16:50.650","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes.\n\nWhen ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a _safe_filename helper that sanitises the filenames printed by -f, -g, the colored match heading, and per-match lines, but the --show-types, -l/-L, and -c paths still emit the raw filename.\n\nA file whose name embeds cursor-movement or color escapes can overwrite or recolor earlier terminal output, or be passed unchanged to a downstream consumer."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"PETDANCE","product":"App::Ack","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"ack","programFiles":["lib/App/Ack.pm","ack"],"programRoutines":[{"name":"App::Ack::show_types"},{"name":"file_loop_lL"},{"name":"file_loop_c"}],"repo":"https://github.com/beyondgrep/ack3","versions":[{"version":"0","lessThanOrEqual":"3.10.0","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:22:36.769783Z","id":"CVE-2026-49147","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-150"}]}],"references":[{"url":"https://metacpan.org/release/PETDANCE/ack-v3.10.0/source/Changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/08/9","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-54652","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T15:16:29.390","lastModified":"2026-07-08T16:16:30.903","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and enabling viewer-to-admin privilege escalation. A fixed release has not been identified."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"blakeblackshear","product":"frigate","versions":[{"version":"<= 0.17.1","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:20:07.339673Z","id":"CVE-2026-54652","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-269"},{"lang":"en","value":"CWE-532"},{"lang":"en","value":"CWE-598"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/blakeblackshear/frigate/commit/68e8afd35c76f05f68de47ee9588d2c91796de4b","source":"security-advisories@github.com"},{"url":"https://github.com/blakeblackshear/frigate/commit/bd1fc1cc72cd4fa371464a087cbf3d7f3142edc6","source":"security-advisories@github.com"},{"url":"https://github.com/blakeblackshear/frigate/security/advisories/GHSA-c4qf-xxq4-vf55","source":"security-advisories@github.com"},{"url":"https://github.com/blakeblackshear/frigate/security/advisories/GHSA-c4qf-xxq4-vf55","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55668","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T15:16:30.057","lastModified":"2026-07-08T17:17:24.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create attacker-controlled files outside the user's scope. This issue is fixed in version 2.63.16."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"filebrowser","product":"filebrowser","versions":[{"version":"< 2.63.16","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:11:24.928801Z","id":"CVE-2026-55668","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-59"}]}],"references":[{"url":"https://github.com/filebrowser/filebrowser/commit/64511ce45e3be379e965f7f4fb0929a068d5bb81","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/releases/tag/v2.63.16","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-8wc8-hf36-mjh9","source":"security-advisories@github.com"},{"url":"https://github.com/filebrowser/filebrowser/security/advisories/GHSA-8wc8-hf36-mjh9","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}},{"cve":{"id":"CVE-2026-55873","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T15:16:30.190","lastModified":"2026-07-08T16:16:31.177","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with SigV4 service s3tables are routed to the S3Tables management API where authorization collapses account-less S3 identities into the shared admin account and fails open, allowing an authenticated low-privileged S3 user to enumerate administrator-owned table bucket names and ARNs. This issue is fixed in version 4.34."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"seaweedfs","product":"seaweedfs","versions":[{"version":">= 4.08, < 4.34","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:33:28.325392Z","id":"CVE-2026-55873","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/seaweedfs/seaweedfs/commit/b13463880c1fa62e255c058a9228b63cc95b4b36","source":"security-advisories@github.com"},{"url":"https://github.com/seaweedfs/seaweedfs/pull/9961","source":"security-advisories@github.com"},{"url":"https://github.com/seaweedfs/seaweedfs/releases/tag/4.34","source":"security-advisories@github.com"},{"url":"https://github.com/seaweedfs/seaweedfs/security/advisories/GHSA-hgpf-8634-g44c","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-55874","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T15:16:30.320","lastModified":"2026-07-08T18:16:33.270","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot-dot path segments in the X-Amz-Copy-Source header used by CopyObject and UploadPartCopy, allowing an authenticated identity scoped to one bucket to read objects from other buckets through server-side copy. This issue is fixed in version 4.34."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"seaweedfs","product":"seaweedfs","versions":[{"version":"< 4.34","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T16:52:14.324777Z","id":"CVE-2026-55874","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/seaweedfs/seaweedfs/commit/b44cf51fe931bd75aa4d37ae766bea90d7f85ccd","source":"security-advisories@github.com"},{"url":"https://github.com/seaweedfs/seaweedfs/pull/9929","source":"security-advisories@github.com"},{"url":"https://github.com/seaweedfs/seaweedfs/releases/tag/4.34","source":"security-advisories@github.com"},{"url":"https://github.com/seaweedfs/seaweedfs/security/advisories/GHSA-56wq-x3wv-3ff4","source":"security-advisories@github.com"}]}},{"cve":{"id":"CVE-2026-49944","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T16:16:30.447","lastModified":"2026-07-08T16:16:30.447","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-49945","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T16:16:30.520","lastModified":"2026-07-08T16:16:30.520","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-49946","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-07-08T16:16:30.570","lastModified":"2026-07-08T16:16:30.570","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."}],"metrics":{},"references":[]}},{"cve":{"id":"CVE-2026-58212","sourceIdentifier":"security-advisories@github.com","published":"2026-07-08T20:16:54.100","lastModified":"2026-07-08T20:16:54.100","vulnStatus":"Rejected","cveTags":[],"descriptions":[{"lang":"en","value":"Rejected reason: Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of updating Product dependencies MUST NOT be determined to be a Vulnerability, regardless of whether the dependencies have Vulnerabilities."}],"metrics":{},"references":[]}}]}