CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
CVE-2026-28389 (GCVE-0-2026-28389)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:09- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.6.0 , < 3.6.2
(semver)
Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) Affected: 1.1.1 , < 1.1.1zg (custom) Affected: 1.0.2 , < 1.0.2zp (custom) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:20:14.953384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:20:45.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:09:01.089Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nathan Sportsman (Praetorian)"
},
{
"lang": "en",
"type": "reporter",
"value": "Daniel Rhea"
},
{
"lang": "en",
"type": "reporter",
"value": "Jaeho Nam (Seoul National University)"
},
{
"lang": "en",
"type": "reporter",
"value": "Muhammad Daffa"
},
{
"lang": "en",
"type": "reporter",
"value": "Zhanpeng Liu (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guannan Wang (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Guancheng Li (Tencent Xuanwu Lab)"
},
{
"lang": "en",
"type": "reporter",
"value": "Joshua Rogers (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Neil Horman"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\u003cbr\u003ewith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\u003cbr\u003e\u003cbr\u003eImpact summary: Applications that process attacker-controlled CMS data may\u003cbr\u003ecrash before authentication or cryptographic operations occur resulting in\u003cbr\u003eDenial of Service.\u003cbr\u003e\u003cbr\u003eWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\u003cbr\u003eprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\u003cbr\u003eis examined without checking for its presence. This results in a NULL\u003cbr\u003epointer dereference if the field is missing.\u003cbr\u003e\u003cbr\u003eApplications and services that call CMS_decrypt() on untrusted input\u003cbr\u003e(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\u003cbr\u003eissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T07:28:13.700Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28389",
"datePublished": "2026-04-07T22:00:53.364Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:09:01.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28388 (GCVE-0-2026-28388)
Vulnerability from cvelistv5 – Published: 2026-04-07 22:00 – Updated: 2026-05-12 12:08- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| OpenSSL | OpenSSL |
Affected:
3.6.0 , < 3.6.2
(semver)
Affected: 3.5.0 , < 3.5.6 (semver) Affected: 3.4.0 , < 3.4.5 (semver) Affected: 3.3.0 , < 3.3.7 (semver) Affected: 3.0.0 , < 3.0.20 (semver) Affected: 1.1.1 , < 1.1.1zg (custom) Affected: 1.0.2 , < 1.0.2zp (custom) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
|
| Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux subsystem |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-28388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T20:18:04.195701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T20:18:43.095Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:59.931Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.6.2",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "3.5.6",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"lessThan": "3.4.5",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.0.20",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zg",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zp",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Igor Morgenstern (Aisle Research)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Igor Morgenstern (Aisle Research)"
}
],
"datePublic": "2026-04-07T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\u003cbr\u003eis processed a NULL pointer dereference might happen if the required CRL\u003cbr\u003eNumber extension is missing.\u003cbr\u003e\u003cbr\u003eImpact summary: A NULL pointer dereference can trigger a crash which\u003cbr\u003eleads to a Denial of Service for an application.\u003cbr\u003e\u003cbr\u003eWhen CRL processing and delta CRL processing is enabled during X.509\u003cbr\u003ecertificate verification, the delta CRL processing does not check\u003cbr\u003ewhether the CRL Number extension is NULL before dereferencing it.\u003cbr\u003eWhen a malformed delta CRL file is being processed, this parameter\u003cbr\u003ecan be NULL, causing a NULL pointer dereference.\u003cbr\u003e\u003cbr\u003eExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\u003cbr\u003ethe verification context, the certificate being verified to contain a\u003cbr\u003efreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\u003cbr\u003ean attacker to provide a malformed CRL to an application that processes it.\u003cbr\u003e\u003cbr\u003eThe vulnerability is limited to Denial of Service and cannot be escalated to\u003cbr\u003eachieve code execution or memory disclosure. For that reason the issue was\u003cbr\u003eassessed as Low severity according to our Security Policy.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\u003cbr\u003eas the affected code is outside the OpenSSL FIPS module boundary."
}
],
"value": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T22:00:52.382Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20260407.txt"
},
{
"name": "3.6.2 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3"
},
{
"name": "3.5.6 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726"
},
{
"name": "3.4.5 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8"
},
{
"name": "3.3.7 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139"
},
{
"name": "3.0.20 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "NULL Pointer Dereference When Processing a Delta CRL",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2026-28388",
"datePublished": "2026-04-07T22:00:52.382Z",
"dateReserved": "2026-02-27T13:45:02.161Z",
"dateUpdated": "2026-05-12T12:08:59.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28224 (GCVE-0-2026-28224)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:38 – Updated: 2026-04-17 19:31- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/FirebirdSQL/firebird/security/… | x_refsource_CONFIRM |
| https://github.com/FirebirdSQL/firebird/releases/… | x_refsource_MISC |
| https://github.com/FirebirdSQL/firebird/releases/… | x_refsource_MISC |
| https://github.com/FirebirdSQL/firebird/releases/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
>= 3.0.0, < 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T19:31:35.290539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T19:31:38.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, the port_server_crypt_callback handler is not initialized, resulting in a null pointer dereference and server crash. An unauthenticated attacker who knows only the server\u0027s IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:38:58.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-xrcw-wpjx-pr95"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-xrcw-wpjx-pr95",
"discovery": "UNKNOWN"
},
"title": "Firebird Null Pointer Dereference via CryptCallback causes DOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28224",
"datePublished": "2026-04-17T18:38:58.138Z",
"dateReserved": "2026-02-25T15:28:40.650Z",
"dateUpdated": "2026-04-17T19:31:38.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28212 (GCVE-0-2026-28212)
Vulnerability from cvelistv5 – Published: 2026-04-17 18:05 – Updated: 2026-04-20 13:46- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/FirebirdSQL/firebird/security/… | x_refsource_CONFIRM |
| https://github.com/FirebirdSQL/firebird/releases/… | x_refsource_MISC |
| https://github.com/FirebirdSQL/firebird/releases/… | x_refsource_MISC |
| https://github.com/FirebirdSQL/firebird/releases/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| FirebirdSQL | firebird |
Affected:
< 3.0.14
Affected: >= 4.0.0, < 4.0.7 Affected: >= 5.0.0, < 5.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28212",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:44:29.423772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:46:08.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.7"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:10:29.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-9884-9qm3-hqch"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v3.0.14"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.7"
},
{
"name": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FirebirdSQL/firebird/releases/tag/v5.0.4"
}
],
"source": {
"advisory": "GHSA-9884-9qm3-hqch",
"discovery": "UNKNOWN"
},
"title": "Firebird has potential server crash via null pointer dereference when processing op_slice packet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28212",
"datePublished": "2026-04-17T18:05:25.854Z",
"dateReserved": "2026-02-25T15:28:40.649Z",
"dateUpdated": "2026-04-20T13:46:08.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27651 (GCVE-0-2026-27651)
Vulnerability from cvelistv5 – Published: 2026-03-24 14:13 – Updated: 2026-07-15 01:13- CWE-476 - NULL Pointer Dereference
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | NGINX Open Source |
Affected:
1.29.0 , < 1.29.7
(semver)
Affected: 0.5.15 , < 1.28.3 (semver) |
|
| F5 | NGINX Plus |
Affected:
R36 , < R36 P3
(custom)
Affected: R35 , < R35 P2 (custom) Affected: R34 , < * (custom) Affected: R33 , < * (custom) Affected: R32 , < R32 P5 (custom) |
|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
2:1.26.3-2.el10_1.1 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
|
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support |
Unaffected:
2:1.26.3-1.el10_0.8 , < *
(rpm)
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8100020260401080144.489197e6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
9070020260331134728.9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
2:1.20.1-24.el9_7.2 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
9070020260407080353.9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
1:1.20.1-10.el9_0.3 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0 |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
1:1.20.1-14.el9_2.5 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2 |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
1:1.20.1-16.el9_4.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4 |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
9040020260504195322.9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4 |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
2:1.20.1-22.el9_6.5 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6 |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
9060020260504194843.9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6 |
|
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support |
Unaffected:
9060020260504154614.9 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.6 |
|
| Red Hat | Red Hat Hardened Images |
Unaffected:
1.30.0-1.hum1 , < *
(rpm)
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1776868774 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
|
| Red Hat | Red Hat Update Infrastructure 5 |
Unaffected:
1776868842 , < *
(rpm)
cpe:/a:redhat:rhui:5::el9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T15:02:03.137056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T15:14:13.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.26.3-2.el10_1.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.26.3-1.el10_0.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "nginx:1.24",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020260401080144.489197e6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nginx:1.24",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9070020260331134728.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.20.1-24.el9_7.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "nginx:1.26",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9070020260407080353.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:1.20.1-10.el9_0.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:1.20.1-14.el9_2.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:1.20.1-16.el9_4.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4"
],
"defaultStatus": "affected",
"packageName": "nginx:1.24",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9040020260504195322.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6"
],
"defaultStatus": "affected",
"packageName": "nginx",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2:1.20.1-22.el9_6.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6"
],
"defaultStatus": "affected",
"packageName": "nginx:1.24",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9060020260504194843.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6"
],
"defaultStatus": "affected",
"packageName": "nginx:1.26",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "9060020260504154614.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"packageName": "nginx-main",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1.30.0-1.hum1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/cds-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776868774",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:rhui:5::el9"
],
"defaultStatus": "affected",
"packageName": "rhui5/rhua-rhel9",
"product": "Red Hat Update Infrastructure 5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776868842",
"versionType": "rpm"
}
]
}
],
"datePublic": "2026-03-24T14:13:27.295Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in NGINX, specifically within the ngx_mail_auth_http_module. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of Service (DoS), making the affected NGINX instance unavailable to legitimate users."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:13:39.490Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-27651"
},
{
"name": "RHBZ#2450791",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450791"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27651.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6906"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6907"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15942"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14836"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13839"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15943"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15945"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13680"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15966"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6923"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7002"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7343"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10065"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:13634: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:6906: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:6907: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:15942: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:14836: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:13839: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:15943: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:15945: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:13680: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:15966: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:6923: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7002: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7343: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:8346: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:10065: Red Hat Update Infrastructure 5"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-24T15:02:32.414Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-24T14:13:27.295Z",
"value": "Made public."
}
],
"title": "NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ngx_mail_auth_http_module"
],
"product": "NGINX Open Source",
"vendor": "F5",
"versions": [
{
"lessThan": "1.29.7",
"status": "affected",
"version": "1.29.0",
"versionType": "semver"
},
{
"lessThan": "1.28.3",
"status": "affected",
"version": "0.5.15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"ngx_mail_auth_http_module"
],
"product": "NGINX Plus",
"vendor": "F5",
"versions": [
{
"lessThan": "R36 P3",
"status": "affected",
"version": "R36",
"versionType": "custom"
},
{
"lessThan": "R35 P2",
"status": "affected",
"version": "R35",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "R34",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "R33",
"versionType": "custom"
},
{
"lessThan": "R32 P5",
"status": "affected",
"version": "R32",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "F5 acknowledges Arkadi Vainbrand for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2026-03-24T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen the \u003c/span\u003e\u003cstrong\u003engx_mail_auth_http_module\u003c/strong\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header.\u003c/span\u003e Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "When the ngx_mail_auth_http_module\u00a0module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP authentication is enabled, and (2) the authentication server permits retry by returning the Auth-Wait response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T14:22:35.756Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000160383"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "NGINX ngx_mail_auth_http_module vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2026-27651",
"datePublished": "2026-03-24T14:13:27.295Z",
"dateReserved": "2026-03-18T16:06:38.454Z",
"dateUpdated": "2026-07-15T01:13:39.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27218 (GCVE-0-2026-27218)
Vulnerability from cvelistv5 – Published: 2026-03-10 18:47 – Updated: 2026-03-10 19:12- CWE-476 - NULL Pointer Dereference (CWE-476)
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/substan… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Substance3D - Painter |
Affected:
0 , ≤ 11.1.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:03:29.221088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:12:06.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Painter",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:47:42.311Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Painter | NULL Pointer Dereference (CWE-476)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-27218",
"datePublished": "2026-03-10T18:47:42.311Z",
"dateReserved": "2026-02-18T22:02:41.380Z",
"dateUpdated": "2026-03-10T19:12:06.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27217 (GCVE-0-2026-27217)
Vulnerability from cvelistv5 – Published: 2026-03-10 18:47 – Updated: 2026-03-10 19:12- CWE-476 - NULL Pointer Dereference (CWE-476)
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/substan… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Substance3D - Painter |
Affected:
0 , ≤ 11.1.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:02:38.864312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:12:06.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Painter",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:47:38.493Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Painter | NULL Pointer Dereference (CWE-476)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-27217",
"datePublished": "2026-03-10T18:47:38.493Z",
"dateReserved": "2026-02-18T22:02:41.379Z",
"dateUpdated": "2026-03-10T19:12:06.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27215 (GCVE-0-2026-27215)
Vulnerability from cvelistv5 – Published: 2026-03-10 18:47 – Updated: 2026-03-10 19:12- CWE-476 - NULL Pointer Dereference (CWE-476)
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/substan… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Substance3D - Painter |
Affected:
0 , ≤ 11.1.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:02:08.440639Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:12:07.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Painter",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:47:36.166Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Painter | NULL Pointer Dereference (CWE-476)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-27215",
"datePublished": "2026-03-10T18:47:36.166Z",
"dateReserved": "2026-02-18T22:02:41.379Z",
"dateUpdated": "2026-03-10T19:12:07.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27214 (GCVE-0-2026-27214)
Vulnerability from cvelistv5 – Published: 2026-03-10 18:47 – Updated: 2026-03-10 19:12- CWE-476 - NULL Pointer Dereference (CWE-476)
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/substan… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Substance3D - Painter |
Affected:
0 , ≤ 11.1.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T19:03:09.349196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T19:12:06.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Substance3D - Painter",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "11.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-03-10T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "NONE",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "NONE",
"modifiedIntegrityImpact": "NONE",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "UNCHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference (CWE-476)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T18:47:40.764Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Substance3D - Painter | NULL Pointer Dereference (CWE-476)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-27214",
"datePublished": "2026-03-10T18:47:40.764Z",
"dateReserved": "2026-02-18T22:02:41.379Z",
"dateUpdated": "2026-03-10T19:12:06.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26983 (GCVE-0-2026-26983)
Vulnerability from cvelistv5 – Published: 2026-02-24 02:01 – Updated: 2026-02-28 02:09- CWE-476 - NULL Pointer Dereference
| URL | Tags |
|---|---|
| https://github.com/ImageMagick/ImageMagick/securi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| ImageMagick | ImageMagick |
Affected:
>= 7.0.0, < 7.1.2-15
Affected: < 6.9.13-40 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-28T02:09:37.257277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-28T02:09:53.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "ImageMagick",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.2-15"
},
{
"status": "affected",
"version": "\u003c 6.9.13-40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `\u003cmap\u003e` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T02:01:20.113Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-w8mw-frc6-r7m8"
}
],
"source": {
"advisory": "GHSA-w8mw-frc6-r7m8",
"discovery": "UNKNOWN"
},
"title": "ImageMagick: Invalid MSL \u003cmap\u003e can result in a use after free"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26983",
"datePublished": "2026-02-24T02:01:20.113Z",
"dateReserved": "2026-02-17T01:41:24.605Z",
"dateUpdated": "2026-02-28T02:09:53.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.