CWE-201
AllowedInsertion of Sensitive Information Into Sent Data
Abstraction: Base · Status: Draft
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
673 vulnerabilities reference this CWE, most recent first.
CVE-2026-7184 (GCVE-0-2026-7184)
Vulnerability from cvelistv5 – Published: 2026-06-12 15:49 – Updated: 2026-06-12 17:19- CWE-201 - Insertion of Sensitive Information Into Sent Data
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.6.0 , ≤ 11.6.1
(semver)
Affected: 11.5.0 , ≤ 11.5.4 (semver) Affected: 10.11.0 , ≤ 10.11.15 (semver) Unaffected: 11.7.0 Unaffected: 11.6.2 Unaffected: 11.5.5 Unaffected: 10.11.17 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T17:19:06.393567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T17:19:11.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.6.1",
"status": "affected",
"version": "11.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "11.5.4",
"status": "affected",
"version": "11.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.15",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.7.0"
},
{
"status": "unaffected",
"version": "11.6.2"
},
{
"status": "unaffected",
"version": "11.5.5"
},
{
"status": "unaffected",
"version": "10.11.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "winfunc"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.6.x \u003c= 11.6.1, 11.5.x \u003c= 11.5.4, 10.11.x \u003c= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated users with the {{manage_secure_connections}} permission to obtain remote cluster authentication tokens via a PATCH request to the remote cluster endpoint.. Mattermost Advisory ID: MMSA-2026-00662"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:49:46.626Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"name": "MMSA-2026-00662",
"tags": [
"vendor-advisory"
],
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.7.0, 11.6.2, 11.5.5, 10.11.17 or higher."
}
],
"source": {
"advisory": "MMSA-2026-00662",
"defect": [
"https://mattermost.atlassian.net/browse/MM-68525"
],
"discovery": "EXTERNAL"
},
"title": "Mattermost Remote Cluster PATCH API Leaks Authentication Tokens",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2026-7184",
"datePublished": "2026-06-12T15:49:46.626Z",
"dateReserved": "2026-04-27T10:44:00.842Z",
"dateUpdated": "2026-06-12T17:19:11.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5512 (GCVE-0-2026-5512)
Vulnerability from cvelistv5 – Published: 2026-04-21 22:12 – Updated: 2026-04-22 17:39- CWE-201 - Insertion of sensitive information into sent data
| Vendor | Product | Version | |
|---|---|---|---|
| GitHub | Enterprise Server |
Affected:
3.14.0 , ≤ 3.14.25
(semver)
Affected: 3.15.0 , ≤ 3.15.20 (semver) Affected: 3.16.0 , ≤ 3.16.16 (semver) Affected: 3.17.0 , ≤ 3.17.13 (semver) Affected: 3.18.0 , ≤ 3.18.7 (semver) Affected: 3.19.0 , ≤ 3.19.4 (semver) Affected: 3.20.0 , < 3.20.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T17:38:49.635439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T17:39:01.520Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Server",
"vendor": "GitHub",
"versions": [
{
"changes": [
{
"at": "3.14.26",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.14.25",
"status": "affected",
"version": "3.14.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.15.21",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.15.20",
"status": "affected",
"version": "3.15.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.16.17",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.16.16",
"status": "affected",
"version": "3.16.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.17.14",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.17.13",
"status": "affected",
"version": "3.17.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.18.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.18.7",
"status": "affected",
"version": "3.18.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.19.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "3.19.4",
"status": "affected",
"version": "3.19.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.20.1",
"status": "unaffected"
}
],
"lessThan": "3.20.1",
"status": "affected",
"version": "3.20.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ahacker1"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messages included the full repository name for repositories the caller did not have access to. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e"
}
],
"value": "An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobile upload policy API endpoint did not perform an early authorization check, and validation error messages included the full repository name for repositories the caller did not have access to. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.21 and was fixed in versions 3.20.1, 3.19.5, 3.18.8, 3.17.14, 3.16.17, 3.15.21, and 3.14.26. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of sensitive information into sent data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T22:14:01.033Z",
"orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"shortName": "GitHub_P"
},
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.14/admin/release-notes#3.14.26"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.15/admin/release-notes#3.15.21"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.17"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.14"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.8"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.5"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
"assignerShortName": "GitHub_P",
"cveId": "CVE-2026-5512",
"datePublished": "2026-04-21T22:12:58.344Z",
"dateReserved": "2026-04-03T18:21:52.907Z",
"dateUpdated": "2026-04-22T17:39:01.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5483 (GCVE-0-2026-5483)
Vulnerability from cvelistv5 – Published: 2026-04-10 17:33 – Updated: 2026-07-15 00:43- CWE-201 - Insertion of Sensitive Information Into Sent Data
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:7397 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7398 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7403 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:7404 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-5483 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2454764 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat OpenShift AI 2.16 |
Unaffected:
1775230902 , < *
(rpm)
cpe:/a:redhat:openshift_ai:2.16::el8 |
|
| Red Hat | Red Hat OpenShift AI 2.25 |
Unaffected:
1775234711 , < *
(rpm)
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift AI 3.2 |
Unaffected:
1775523049 , < *
(rpm)
cpe:/a:redhat:openshift_ai:3.2::el9 |
|
| Red Hat | Red Hat OpenShift AI 3.3 |
Unaffected:
1775239958 , < *
(rpm)
cpe:/a:redhat:openshift_ai:3.3::el9 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T18:33:58.848733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T18:34:06.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:2.16::el8"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-dashboard-rhel8",
"product": "Red Hat OpenShift AI 2.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1775230902",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-dashboard-rhel9",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1775234711",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:3.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-dashboard-rhel9",
"product": "Red Hat OpenShift AI 3.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1775523049",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-dashboard-rhel9",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1775239958",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-mod-arch-gen-ai-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-mod-arch-maas-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-mod-arch-model-registry-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-10T17:16:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T00:43:11.545Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-5483"
},
{
"name": "RHBZ#2454764",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454764"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5483.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7397"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7398"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7404"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7403"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7397: Red Hat OpenShift AI 2.16"
},
{
"lang": "en",
"value": "RHSA-2026:7398: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:7404: Red Hat OpenShift AI 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:7403: Red Hat OpenShift AI 3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-03T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-10T17:16:00.000Z",
"value": "Made public."
}
],
"title": "odh-dashboard: ODH Dashboard Kubernetes Service Account Exposure",
"workarounds": [
{
"lang": "en",
"value": "If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:2.16::el8"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-dashboard-rhel8",
"product": "Red Hat OpenShift AI 2.16",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1775230902",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-dashboard-rhel9",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1775234711",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:3.2::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-dashboard-rhel9",
"product": "Red Hat OpenShift AI 3.2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1775523049",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_ai:3.3::el9"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-dashboard-rhel9",
"product": "Red Hat OpenShift AI 3.3",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1775239958",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-mod-arch-gen-ai-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-mod-arch-maas-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-mod-arch-model-registry-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-10T17:16:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubernetes resources."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T05:20:59.210Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:7397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7397"
},
{
"name": "RHSA-2026:7398",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7398"
},
{
"name": "RHSA-2026:7403",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7403"
},
{
"name": "RHSA-2026:7404",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7404"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-5483"
},
{
"name": "RHBZ#2454764",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454764"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-03T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-10T17:16:00.000Z",
"value": "Made public."
}
],
"title": "Odh-dashboard: odh dashboard kubernetes service account exposure",
"workarounds": [
{
"lang": "en",
"value": "If applying the update is not immediately possible, the vulnerability can be mitigated by disabling or removing the NIM (NVIDIA Inference Microservice) integration from the Red Hat OpenShift AI (RHOAI) environment."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-201: Insertion of Sensitive Information Into Sent Data"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-5483",
"datePublished": "2026-04-10T17:33:25.055Z",
"dateReserved": "2026-04-03T12:27:18.589Z",
"dateUpdated": "2026-07-15T00:43:11.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4927 (GCVE-0-2026-4927)
Vulnerability from cvelistv5 – Published: 2026-04-01 14:54 – Updated: 2026-04-01 19:26- CWE-201 - Insertion of sensitive information into sent data
| Vendor | Product | Version | |
|---|---|---|---|
| Devolutions | Server |
Affected:
2026.1.6 , ≤ 2026.1.11
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T19:26:40.599076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:26:56.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Server",
"vendor": "Devolutions",
"versions": [
{
"lessThanOrEqual": "2026.1.11",
"status": "affected",
"version": "2026.1.6",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eExposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request.\u003c/div\u003e\u003c/div\u003e\u003cp\u003eThis issue affects Server: from 2026.1.6 through 2026.1.11.\u003c/p\u003e"
}
],
"value": "Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request.\n\n\n\nThis issue affects Server: from 2026.1.6 through 2026.1.11."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of sensitive information into sent data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T14:54:45.806Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2026-0010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2026-4927",
"datePublished": "2026-04-01T14:54:45.806Z",
"dateReserved": "2026-03-26T18:39:49.096Z",
"dateUpdated": "2026-04-01T19:26:56.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4525 (GCVE-0-2026-4525)
Vulnerability from cvelistv5 – Published: 2026-04-17 03:00 – Updated: 2026-07-15 00:52- CWE-201 - Insertion of Sensitive Information Into Sent Data
| URL | Tags |
|---|---|
| https://discuss.hashicorp.com/t/hcsec-2026-07-vau… | |
| https://access.redhat.com/security/cve/CVE-2026-4525 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2459107 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| HashiCorp | Vault |
Affected:
0.11.2 , < 2.0.0
(semver)
|
|
| HashiCorp | Vault Enterprise |
Affected:
0.11.2 , < 2.0.0
(semver)
|
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T13:19:26.452614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T13:19:32.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "openshift4/ose-baremetal-installer-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"packageName": "openshift4/ose-installer-rhel9",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"packageName": "cephcsi-rhel8",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"packageName": "cephcsi-rhel9",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"packageName": "mcg-cli-rhel9",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"packageName": "mcg-rhel8-operator",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"packageName": "mcg-rhel9-operator",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"packageName": "ocs4/cephcsi-rhel8",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"packageName": "odf4/cephcsi-rhel8",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "unaffected",
"packageName": "odf4/cephcsi-rhel9",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-cli-rhel9",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-rhel8-operator",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"packageName": "odf4/mcg-rhel9-operator",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-17T03:00:47.561Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Vault. When a Vault authentication mount is configured to pass through the \"Authorization\" header, and this header is used for authentication, Vault incorrectly forwards the sensitive Vault token to the authentication plugin backend. This can lead to the disclosure of authentication tokens to potentially untrusted or compromised backend plugins, enabling unauthorized access or further system compromise."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T00:52:47.241Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-4525"
},
{
"name": "RHBZ#2459107",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459107"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4525.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-17T04:01:24.934Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-17T03:00:47.561Z",
"value": "Made public."
}
],
"title": "Vault: Vault: Information disclosure of authentication tokens via incorrect header handling",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "0.11.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"product": "Vault Enterprise",
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"versions": [
{
"changes": [
{
"at": "1.19.16",
"status": "unaffected"
},
{
"at": "1.20.10",
"status": "unaffected"
},
{
"at": "1.21.5",
"status": "unaffected"
}
],
"lessThan": "2.0.0",
"status": "affected",
"version": "0.11.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was identified and reported by Oleh Konko of 1seal."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIf a Vault auth mount is configured to pass through the \"Authorization\" header, and the \"Authorization\" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16.\u003c/p\u003e\u003cbr/\u003e"
}
],
"value": "If a Vault auth mount is configured to pass through the \"Authorization\" header, and the \"Authorization\" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16."
}
],
"impacts": [
{
"capecId": "CAPEC-118",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-118: Collect and Analyze Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T17:22:41.255Z",
"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"shortName": "HashiCorp"
},
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2026-07-vault-may-expose-tokens-to-auth-plugins-due-to-incorrect-header-sanitization/77344"
}
],
"source": {
"advisory": "HCSEC-2026-08",
"discovery": "EXTERNAL"
},
"title": "Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header"
}
},
"cveMetadata": {
"assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
"assignerShortName": "HashiCorp",
"cveId": "CVE-2026-4525",
"datePublished": "2026-04-17T03:00:47.561Z",
"dateReserved": "2026-03-20T17:47:40.835Z",
"dateUpdated": "2026-07-15T00:52:47.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4035 (GCVE-0-2026-4035)
Vulnerability from cvelistv5 – Published: 2026-06-03 07:18 – Updated: 2026-07-15 01:01- CWE-201 - Insertion of Sensitive Information Into Sent Data
| URL | Tags |
|---|---|
| https://huntr.com/bounties/f8e591a0-0f19-4910-b82… | |
| https://github.com/mlflow/mlflow/commit/4a3f2f720… | |
| https://access.redhat.com/security/cve/CVE-2026-4035 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2484318 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| mlflow | mlflow/mlflow |
Affected:
unspecified , < 3.11.0
(custom)
|
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4035",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T13:10:20.303201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T13:10:24.407Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/f8e591a0-0f19-4910-b82e-16c9956f2233"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-mlflow-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-th06-cpu-torch210-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-th06-cuda130-torch210-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-th06-rocm64-torch291-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"packageName": "rhoai/odh-training-cuda128-torch29-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"packageName": "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-03T07:18:08.512Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in MLflow. This vulnerability allows an attacker to exfiltrate sensitive server-side environment credentials. It occurs because the AI Gateway secrets can resolve environment variables, which are then sent to an attacker-controlled endpoint. This could lead to unauthorized access to cloud resources and potentially enable cross-boundary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:01:04.906Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-4035"
},
{
"name": "RHBZ#2484318",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484318"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4035.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-03T09:00:55.993Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-03T07:18:08.512Z",
"value": "Made public."
}
],
"title": "python-mlflow: MLflow: Sensitive credential exfiltration via environment variable resolution in AI Gateway secrets",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, restrict network access to the MLflow server to trusted clients only. Additionally, ensure that authentication mechanisms, such as basic-auth, are properly configured and enabled for MLflow deployments to prevent unauthenticated or low-privileged access to the AI Gateway. Consult MLflow documentation for specific configuration steps related to network access control and authentication. A restart or reload of the MLflow service may be required for changes to take effect."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "mlflow/mlflow",
"vendor": "mlflow",
"versions": [
{
"lessThan": "3.11.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the `api_key` field in gateway secrets can accept `$ENV_VAR` references, which are resolved against the MLflow server\u0027s environment during runtime. The resolved secrets are then sent in provider authentication headers to the configured upstream `api_base`. This vulnerability can be exploited by low-privileged authenticated users in basic-auth deployments or by unauthenticated users in default deployments without `basic-auth`. The impact includes potential leakage of sensitive credentials such as cloud artifact credentials (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`), which could lead to artifact poisoning and cross-boundary code execution in downstream environments. The issue is fixed in version 3.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T07:18:08.512Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/f8e591a0-0f19-4910-b82e-16c9956f2233"
},
{
"url": "https://github.com/mlflow/mlflow/commit/4a3f2f720cb4f058c9e0c5b883e0acc9ab64a7f3"
}
],
"source": {
"advisory": "f8e591a0-0f19-4910-b82e-16c9956f2233",
"discovery": "EXTERNAL"
},
"title": "Environment Variable Resolution Vulnerability in mlflow/mlflow"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2026-4035",
"datePublished": "2026-06-03T07:18:08.512Z",
"dateReserved": "2026-03-12T02:17:42.523Z",
"dateUpdated": "2026-07-15T01:01:04.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2578 (GCVE-0-2026-2578)
Vulnerability from cvelistv5 – Published: 2026-03-16 11:58 – Updated: 2026-03-16 13:49- CWE-201 - Insertion of Sensitive Information Into Sent Data
| URL | Tags |
|---|---|
| https://mattermost.com/security-updates | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.3.0 , ≤ 11.3.0
(semver)
Unaffected: 11.4.0 Unaffected: 11.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T13:42:18.043453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T13:49:55.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.3.0",
"status": "affected",
"version": "11.3.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.4.0"
},
{
"status": "unaffected",
"version": "11.3.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Rogers"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 11.3.x \u003c= 11.3.0 fail to preserve the redacted state of burn-on-read posts during deletion which allows channel members to access unrevealed burn-on-read message contents via the WebSocket post deletion event.. Mattermost Advisory ID: MMSA-2026-00579"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T11:58:09.834Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"name": "MMSA-2026-00579",
"tags": [
"vendor-advisory"
],
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.4.0, 11.3.1 or higher."
}
],
"source": {
"advisory": "MMSA-2026-00579",
"defect": [
"https://mattermost.atlassian.net/browse/MM-67127"
],
"discovery": "EXTERNAL"
},
"title": "Information Disclosure via WebSocket Event When Deleting Unrevealed Burn on Read Posts",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2026-2578",
"datePublished": "2026-03-16T11:58:09.834Z",
"dateReserved": "2026-02-16T10:09:16.281Z",
"dateUpdated": "2026-03-16T13:49:55.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1694 (GCVE-0-2026-1694)
Vulnerability from cvelistv5 – Published: 2026-02-26 07:56 – Updated: 2026-03-26 08:22- CWE-201 - Insertion of Sensitive Information into Sent Data
| URL | Tags |
|---|---|
| https://www.pcvue.com/security/#SB2026-2 | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T14:22:01.724842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:22:11.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"WebVue",
"WebScheduler",
"TouchVue",
"SnapVue",
"Web services"
],
"product": "PcVue",
"vendor": "arcinfo",
"versions": [
{
"lessThanOrEqual": "16.3.3",
"status": "affected",
"version": "16.0.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "15.2.13",
"status": "affected",
"version": "15.0.0",
"versionType": "cpe"
},
{
"status": "affected",
"version": "12.0.0",
"versionType": "cpe"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
"versionEndIncluding": "16.3.3",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
"versionEndIncluding": "15.2.13",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:12.0.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2026-02-25T23:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration.\u003cbr\u003e"
}
],
"value": "HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No POC available."
}
],
"value": "No POC available."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Not known to be exploited"
}
],
"value": "Not known to be exploited"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/R:U/RE:M/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"other": {
"content": {
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CNA",
"version": "2.0.3"
},
"type": "ssvc"
},
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T08:22:30.221Z",
"orgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"shortName": "arcinfo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.pcvue.com/security/#SB2026-2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003c/b\u003e\n\n\u003cb\u003eHarden the configuration\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users\u003cbr\u003e\n\nTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\n\n\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from insecure networks.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003eUninstall the Web Server\u003c/b\u003e \u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users \u003cb\u003enot \u003c/b\u003eusing the affected component \u003cbr\u003e\u003cbr\u003eIf your system does not require the use of the Web \u0026amp; Mobile features, you should make sure not to install them. If your system requires the use of the Web \u0026amp; Mobile features, they should be installed only on the Web Server.\u003cbr\u003eSee the product help related to the installation for more information.\n\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eUpdate IIS configuration \u2013 manually update HTTP headers\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e \n\nAll users running affected components.\n\n\u003cbr\u003e\u003cbr\u003eAs a quick mitigation for the unnecessary and missing HTTP headers, you can disable default headers and add secure HTTP headers for all requests. Those options can be set via the web.config file located on the IIS by following those steps:\u003cbr\u003e\u003col\u003e\u003cli\u003eOpen the file \u003ci\u003eC:\\inetpub\\\u0026lt;SV Website\u0026gt;\\web.config\u003c/i\u003e\u003c/li\u003e\u003cli\u003eAdd the following entries to the section \u003ci\u003ecustomHeaders\u003c/i\u003e, which are the recommendations from the official OWASP site:\u003cbr\u003e\u0026lt;remove name=\"X-Powered-By\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"X-Frame-Options\" value=\"DENY\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"X-XSS-Protection\" value=\"0\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"X-Content-Type-Options\" value=\"nosniff\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"X-DNS-Prefetch-Control\" value=\"off\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"Cross-Origin-Opener-Policy\" value=\"same-origin\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"Cross-Origin-Embedder-Policy\" value=\"require-corp\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"Cross-Origin-Resource-Policy\" value=\"same-site\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"Referrer-Policy\" value=\"strict-origin-when-cross-origin\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"Strict-Transport-Security\" value=\"max-age=63072000; includeSubDomains; preload\" /\u0026gt;\u003cbr\u003e\u0026lt;add name=\"Permissions-Policy\" value=\"geolocation=(), camera=(), microphone=()\" /\u0026gt;\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eUpdate the Web Deployment Console (WDC) and re deploy the Web Server\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e \n\nAll users running affected components.\n\n\u003cbr\u003e\u003cbr\u003eInstall a patched release of the Web Deployment Console (WDC) on the IIS Web server and use it to re-deploy the Web Site. Some settings might need to be updated if third-party web apps or services depend on the OAuth ROPC flow.\u003cbr\u003e\u003cbr\u003eIn a patched release of the WDC, new settings are available for each authorized Client to enable or disable:\u003cbr\u003e\u003cul\u003e\u003cli\u003eThe Authorization Code flow\u003c/li\u003e\u003cli\u003eThe Authorization Code flow with PKCE\u003c/li\u003e\u003cli\u003eThe Resource Owner Password Credentials (ROPC) flow\u003c/li\u003e\u003c/ul\u003eBy default, all the OAuth flows are now disabled for third-party web apps and need to be manually enabled before deployment if required.\u003cbr\u003e\u003cbr\u003eTo verify that the patch is applied correctly, you must check that:\u003cbr\u003e\u003cul\u003e\u003cli\u003eThe \u003ci\u003eFile version\u003c/i\u003e property of the file \u003ci\u003e./bin/Modules/WebDeployment/WebDeploymentConsole.exe\u003c/i\u003e matches the deployed release or later, and ensure that any earlier release is no longer used;\u003c/li\u003e\u003cli\u003eWeb Sites have been redeployed;\u003c/li\u003e\u003cli\u003eOAuth flow are correctly set for each authorized Client.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\n\n\u003cb\u003e\u003c/b\u003e\n\n\u003cb\u003eAvailable patches:\u003c/b\u003e\u003cbr\u003ePatch provided in:\u003cbr\u003e\u003cul\u003e\u003cli\u003ePcVue 16.3.4 (16.3.4902.3112)\u003c/li\u003e\u003cli\u003ePcVue 15.2.14 (15.2.14900.37147)\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Harden the configuration\nWho should apply this recommendation: All users\n\n\nTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from insecure networks.\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\n\n\nUninstall the Web Server \nWho should apply this recommendation: All users not using the affected component \n\nIf your system does not require the use of the Web \u0026 Mobile features, you should make sure not to install them. If your system requires the use of the Web \u0026 Mobile features, they should be installed only on the Web Server.\nSee the product help related to the installation for more information.\n\n\n\n\nUpdate IIS configuration \u2013 manually update HTTP headers\nWho should apply this recommendation: \n\nAll users running affected components.\n\n\n\nAs a quick mitigation for the unnecessary and missing HTTP headers, you can disable default headers and add secure HTTP headers for all requests. Those options can be set via the web.config file located on the IIS by following those steps:\n * Open the file C:\\inetpub\\\u003cSV Website\u003e\\web.config\n * Add the following entries to the section customHeaders, which are the recommendations from the official OWASP site:\n\u003cremove name=\"X-Powered-By\" /\u003e\n\u003cadd name=\"X-Frame-Options\" value=\"DENY\" /\u003e\n\u003cadd name=\"X-XSS-Protection\" value=\"0\" /\u003e\n\u003cadd name=\"X-Content-Type-Options\" value=\"nosniff\" /\u003e\n\u003cadd name=\"X-DNS-Prefetch-Control\" value=\"off\" /\u003e\n\u003cadd name=\"Cross-Origin-Opener-Policy\" value=\"same-origin\" /\u003e\n\u003cadd name=\"Cross-Origin-Embedder-Policy\" value=\"require-corp\" /\u003e\n\u003cadd name=\"Cross-Origin-Resource-Policy\" value=\"same-site\" /\u003e\n\u003cadd name=\"Referrer-Policy\" value=\"strict-origin-when-cross-origin\" /\u003e\n\u003cadd name=\"Strict-Transport-Security\" value=\"max-age=63072000; includeSubDomains; preload\" /\u003e\n\u003cadd name=\"Permissions-Policy\" value=\"geolocation=(), camera=(), microphone=()\" /\u003e\n\n\nUpdate the Web Deployment Console (WDC) and re deploy the Web Server\nWho should apply this recommendation: \n\nAll users running affected components.\n\n\n\nInstall a patched release of the Web Deployment Console (WDC) on the IIS Web server and use it to re-deploy the Web Site. Some settings might need to be updated if third-party web apps or services depend on the OAuth ROPC flow.\n\nIn a patched release of the WDC, new settings are available for each authorized Client to enable or disable:\n * The Authorization Code flow\n * The Authorization Code flow with PKCE\n * The Resource Owner Password Credentials (ROPC) flow\n\n\nBy default, all the OAuth flows are now disabled for third-party web apps and need to be manually enabled before deployment if required.\n\nTo verify that the patch is applied correctly, you must check that:\n * The File version property of the file ./bin/Modules/WebDeployment/WebDeploymentConsole.exe matches the deployed release or later, and ensure that any earlier release is no longer used;\n * Web Sites have been redeployed;\n * OAuth flow are correctly set for each authorized Client.\n\n\n\n\n\n\n\nAvailable patches:\nPatch provided in:\n * PcVue 16.3.4 (16.3.4902.3112)\n * PcVue 15.2.14 (15.2.14900.37147)"
}
],
"source": {
"advisory": "SB2026-2",
"discovery": "EXTERNAL"
},
"title": "Server configuration details in HTTP headers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"assignerShortName": "arcinfo",
"cveId": "CVE-2026-1694",
"datePublished": "2026-02-26T07:56:57.048Z",
"dateReserved": "2026-01-30T08:37:56.659Z",
"dateUpdated": "2026-03-26T08:22:30.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1539 (GCVE-0-2026-1539)
Vulnerability from cvelistv5 – Published: 2026-01-28 15:15 – Updated: 2026-03-25 14:12- CWE-201 - Insertion of Sensitive Information Into Sent Data
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-1539 | vdb-entryx_refsource_REDHAT |
| https://gitlab.gnome.org/GNOME/libsoup/-/issues/489 |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1539",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T16:09:01.060307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T16:09:13.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"packageName": "libsoup3",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Codean Labs for reporting this issue."
}
],
"datePublic": "2026-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:12:27.065Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-1539"
},
{
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/489"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-28T13:41:13.574Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-28T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libsoup: libsoup: credential leakage via http redirects",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-201: Insertion of Sensitive Information Into Sent Data"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-1539",
"datePublished": "2026-01-28T15:15:48.725Z",
"dateReserved": "2026-01-28T14:27:02.614Z",
"dateUpdated": "2026-03-25T14:12:27.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1365 (GCVE-0-2026-1365)
Vulnerability from cvelistv5 – Published: 2026-07-09 08:45 – Updated: 2026-07-09 12:35- CWE-201 - Insertion of sensitive information into sent data
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| Sayax Energy Technologies Inc. | OSOS |
Affected:
0 , ≤ 09072026
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T12:34:42.440841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:35:01.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "OSOS",
"vendor": "Sayax Energy Technologies Inc.",
"versions": [
{
"lessThanOrEqual": "09072026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u0130remnur YILMAZ"
}
],
"datePublic": "2026-07-09T08:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass.\u003cp\u003eThis issue affects OSOS: through 09072026.\u0026nbsp;\u003cspan\u003eNOTE: The vendor was contacted early about this disclosure but did not respond in any way.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc. OSOS allows Authentication Bypass.\n\nThis issue affects OSOS: through 09072026.\u00a0NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of sensitive information into sent data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T08:45:20.971Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0520"
}
],
"source": {
"advisory": "TR-26-0520",
"defect": [
"TR-26-0520"
],
"discovery": "UNKNOWN"
},
"title": "Information Disclosure in Sayax\u0027s OSOS",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-1365",
"datePublished": "2026-07-09T08:45:20.971Z",
"dateReserved": "2026-01-23T08:12:17.605Z",
"dateUpdated": "2026-07-09T12:35:01.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Specify which data in the software should be regarded as sensitive. Consider which types of users should have access to which types of data.
Mitigation
Ensure that any possibly sensitive data specified in the requirements is verified with designers to ensure that it is either a calculated risk or mitigated elsewhere. Any information that is not necessary to the functionality should be removed in order to lower both the overhead and the possibility of security sensitive data being sent.
Mitigation
Setup default error messages so that unexpected errors do not disclose sensitive information.
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-12: Choosing Message Identifier
This pattern of attack is defined by the selection of messages distributed via multicast or public information channels that are intended for another client by determining the parameter value assigned to that client. This attack allows the adversary to gain access to potentially privileged information, and to possibly perpetrate other attacks through the distribution means by impersonation. If the channel/message being manipulated is an input rather than output mechanism for the system, (such as a command bus), this style of attack could be used to change the adversary's identifier to more a privileged one.
CAPEC-217: Exploiting Incorrectly Configured SSL/TLS
An adversary takes advantage of incorrectly configured SSL/TLS communications that enables access to data intended to be encrypted. The adversary may also use this type of attack to inject commands or other traffic into the encrypted stream to cause compromise of either the client or server.
CAPEC-612: WiFi MAC Address Tracking
In this attack scenario, the attacker passively listens for WiFi messages and logs the associated Media Access Control (MAC) addresses. These addresses are intended to be unique to each wireless device (although they can be configured and changed by software). Once the attacker is able to associate a MAC address with a particular user or set of users (for example, when attending a public event), the attacker can then scan for that MAC address to track that user in the future.
CAPEC-613: WiFi SSID Tracking
In this attack scenario, the attacker passively listens for WiFi management frame messages containing the Service Set Identifier (SSID) for the WiFi network. These messages are frequently transmitted by WiFi access points (e.g., the retransmission device) as well as by clients that are accessing the network (e.g., the handset/mobile device). Once the attacker is able to associate an SSID with a particular user or set of users (for example, when attending a public event), the attacker can then scan for this SSID to track that user in the future.
CAPEC-618: Cellular Broadcast Message Request
In this attack scenario, the attacker uses knowledge of the target’s mobile phone number (i.e., the number associated with the SIM used in the retransmission device) to cause the cellular network to send broadcast messages to alert the mobile device. Since the network knows which cell tower the target’s mobile device is attached to, the broadcast messages are only sent in the Location Area Code (LAC) where the target is currently located. By triggering the cellular broadcast message and then listening for the presence or absence of that message, an attacker could verify that the target is in (or not in) a given location.
CAPEC-619: Signal Strength Tracking
In this attack scenario, the attacker passively monitors the signal strength of the target’s cellular RF signal or WiFi RF signal and uses the strength of the signal (with directional antennas and/or from multiple listening points at once) to identify the source location of the signal. Obtaining the signal of the target can be accomplished through multiple techniques such as through Cellular Broadcast Message Request or through the use of IMSI Tracking or WiFi MAC Address Tracking.
CAPEC-621: Analysis of Packet Timing and Sizes
An attacker may intercept and log encrypted transmissions for the purpose of analyzing metadata such as packet timing and sizes. Although the actual data may be encrypted, this metadata may reveal valuable information to an attacker. Note that this attack is applicable to VOIP data as well as application data, especially for interactive apps that require precise timing and low-latency (e.g. thin-clients).
CAPEC-622: Electromagnetic Side-Channel Attack
In this attack scenario, the attacker passively monitors electromagnetic emanations that are produced by the targeted electronic device as an unintentional side-effect of its processing. From these emanations, the attacker derives information about the data that is being processed (e.g. the attacker can recover cryptographic keys by monitoring emanations associated with cryptographic processing). This style of attack requires proximal access to the device, however attacks have been demonstrated at public conferences that work at distances of up to 10-15 feet. There have not been any significant studies to determine the maximum practical distance for such attacks. Since the attack is passive, it is nearly impossible to detect and the targeted device will continue to operate as normal after a successful attack.
CAPEC-623: Compromising Emanations Attack
Compromising Emanations (CE) are defined as unintentional signals which an attacker may intercept and analyze to disclose the information processed by the targeted equipment. Commercial mobile devices and retransmission devices have displays, buttons, microchips, and radios that emit mechanical emissions in the form of sound or vibrations. Capturing these emissions can help an adversary understand what the device is doing.