Common Weakness Enumeration

CWE-653

Allowed

Improper Isolation or Compartmentalization

Abstraction: Class · Status: Draft

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

101 vulnerabilities reference this CWE, most recent first.

CVE-2026-42782 (GCVE-0-2026-42782)

Vulnerability from cvelistv5 – Published: 2026-05-25 14:58 – Updated: 2026-05-27 20:31
VLAI
Title
Apache Syncope: Post-auth RCE via Groovy static
Summary
Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer. This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0. Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by forcing even the static initializer in Groovy code to run in a sandbox.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Syncope Affected: 3.0 , ≤ 3.0.16 (semver)
Affected: 4.0 , ≤ 4.0.5 (semver)
Affected: 4.1 , ≤ 4.1.0 (semver)
Create a notification for this product.
Credits
Trung Nguyen, CyStack
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-25T20:30:24.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/25/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-42782",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-27T20:31:28.625194Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T20:31:30.996Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.syncope.core:syncope-core-spring",
          "product": "Apache Syncope",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "3.0.16",
              "status": "affected",
              "version": "3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.0.5",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.1.0",
              "status": "affected",
              "version": "4.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Trung Nguyen, CyStack"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Isolation or Compartmentalization vulnerability in Apache Syncope.\u003c/p\u003e\u003cp\u003eAn administrator with adequate entitlements for Implementations can create a malicious Groovy class containing\u0026nbsp;untrusted code reaching a non-sandboxed execution path via the class static initializer.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by forcing even the static initializer in Groovy code to run in a sandbox.\u003c/p\u003e"
            }
          ],
          "value": "Improper Isolation or Compartmentalization vulnerability in Apache Syncope.\n\nAn administrator with adequate entitlements for Implementations can create a malicious Groovy class containing\u00a0untrusted code reaching a non-sandboxed execution path via the class static initializer.\n\nThis issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.\n\n\n\nUsers are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by forcing even the static initializer in Groovy code to run in a sandbox."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-25T14:58:59.152Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/b869ms0ofrd129f7tgsn9flxgv9ztg2r"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Syncope: Post-auth RCE via Groovy static",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-42782",
    "datePublished": "2026-05-25T14:58:59.152Z",
    "dateReserved": "2026-04-29T14:11:03.486Z",
    "dateUpdated": "2026-05-27T20:31:30.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41174 (GCVE-0-2026-41174)

Vulnerability from cvelistv5 – Published: 2026-04-30 20:20 – Updated: 2026-05-04 13:26
VLAI
Title
Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Summary
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same restriction to middleware references nested inside a Chain middleware's spec.chain.middlewares[]. An actor with permission to create or update Traefik CRDs in their own namespace can exploit this to cause Traefik to resolve and apply middleware objects from another namespace, bypassing the documented isolation boundary. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
Impacted products
Vendor Product Version
traefik traefik Affected: < 2.11.43
Affected: >= 3.7.0-ea.1, < 3.7.0-rc.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41174",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T13:25:25.541487Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T13:26:08.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "traefik",
          "vendor": "traefik",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.11.43"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.7.0-ea.1, \u003c 3.7.0-rc.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik\u0027s Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same restriction to middleware references nested inside a Chain middleware\u0027s spec.chain.middlewares[]. An actor with permission to create or update Traefik CRDs in their own namespace can exploit this to cause Traefik to resolve and apply middleware objects from another namespace, bypassing the documented isolation boundary. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653: Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T20:20:29.679Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/traefik/traefik/security/advisories/GHSA-xhjw-95fp-8vgq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/traefik/traefik/security/advisories/GHSA-xhjw-95fp-8vgq"
        },
        {
          "name": "https://github.com/traefik/traefik/commit/df00d82fc7f12e07199551832b54de6d0e55414d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/commit/df00d82fc7f12e07199551832b54de6d0e55414d"
        },
        {
          "name": "https://github.com/traefik/traefik/releases/tag/v2.11.43",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/releases/tag/v2.11.43"
        },
        {
          "name": "https://github.com/traefik/traefik/releases/tag/v3.6.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/releases/tag/v3.6.14"
        },
        {
          "name": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2"
        }
      ],
      "source": {
        "advisory": "GHSA-xhjw-95fp-8vgq",
        "discovery": "UNKNOWN"
      },
      "title": "Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-41174",
    "datePublished": "2026-04-30T20:20:29.679Z",
    "dateReserved": "2026-04-17T16:34:45.526Z",
    "dateUpdated": "2026-05-04T13:26:08.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41155 (GCVE-0-2026-41155)

Vulnerability from cvelistv5 – Published: 2026-06-12 21:48 – Updated: 2026-06-15 19:27
VLAI
Title
GPU DDK - SharedSecMem mapped into all GPU virtual address spaces
Summary
An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recovery. Sharing secure memory allocations among various GPU secure processes allows an attacker to corrupt shared resource affecting other users.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
Impacted products
Vendor Product Version
Imagination Technologies Graphics DDK Affected: 1.18 RTM (custom)
Affected: 23.2 RTM (custom)
Affected: 24.2 RTM (custom)
Affected: 25.1 RTM , ≤ 25.3 RTM (custom)
Affected: 26.1 RTM (custom)
Unaffected: 26.2 RTM (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-41155",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T18:49:41.429587Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T19:27:04.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Linux",
            "Android"
          ],
          "product": "Graphics DDK",
          "vendor": "Imagination Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "1.18 RTM",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "23.2 RTM",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "24.2 RTM",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "25.3 RTM",
              "status": "affected",
              "version": "25.1 RTM",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "26.1 RTM",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "26.2 RTM",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recovery.\n\u003cbr\u003e\n\u003cbr\u003eSharing secure memory allocations among various GPU secure processes allows an attacker to corrupt shared resource affecting other users."
            }
          ],
          "value": "An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recovery.\n\n\n\nSharing secure memory allocations among various GPU secure processes allows an attacker to corrupt shared resource affecting other users."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-124",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-124: Shared Resource Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653: Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T21:48:56.570Z",
        "orgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
        "shortName": "imaginationtech"
      },
      "references": [
        {
          "url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "GPU DDK - SharedSecMem mapped into all GPU virtual address spaces",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
    "assignerShortName": "imaginationtech",
    "cveId": "CVE-2026-41155",
    "datePublished": "2026-06-12T21:48:56.570Z",
    "dateReserved": "2026-04-17T16:26:03.731Z",
    "dateUpdated": "2026-06-15T19:27:04.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40968 (GCVE-0-2026-40968)

Vulnerability from cvelistv5 – Published: 2026-04-28 13:42 – Updated: 2026-04-28 14:36
VLAI
Title
Spring gRPC SecurityContext leaks across requests on authorization failure
Summary
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
Vendor Product Version
Spring Spring gRPC Affected: 1.0.0 , < 1.0.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T14:36:11.607363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T14:36:35.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring gRPC",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "1.0.3",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.\u003cbr\u003e\u003cbr\u003eAffected versions:\u003cbr\u003eSpring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected."
            }
          ],
          "value": "When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.\n\nAffected versions:\nSpring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "A subsequent request on the same gRPC worker thread may inherit a prior user\u2019s authenticated identity after an authorization failure, enabling privilege escalation (CVSS v3.1: low confidentiality and integrity impact)."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653: Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T13:42:35.525Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40968"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Spring gRPC SecurityContext leaks across requests on authorization failure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40968",
    "datePublished": "2026-04-28T13:42:35.525Z",
    "dateReserved": "2026-04-16T02:18:56.133Z",
    "dateUpdated": "2026-04-28T14:36:35.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34775 (GCVE-0-2026-34775)

Vulnerability from cvelistv5 – Published: 2026-04-03 23:55 – Updated: 2026-04-08 03:55
VLAI
Title
Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
Vendor Product Version
electron electron Affected: < 38.8.6
Affected: >= 39.0.0-alpha.1, < 39.8.4
Affected: >= 40.0.0-alpha.1, < 40.8.4
Affected: >= 41.0.0-alpha.1, < 41.0.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34775",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T03:55:39.764Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "electron",
          "vendor": "electron",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 38.8.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 39.0.0-alpha.1, \u003c 39.8.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 40.0.0-alpha.1, \u003c 40.8.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 41.0.0-alpha.1, \u003c 41.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653: Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-03T23:55:20.950Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr"
        }
      ],
      "source": {
        "advisory": "GHSA-xwr5-m59h-vwqr",
        "discovery": "UNKNOWN"
      },
      "title": "Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-34775",
    "datePublished": "2026-04-03T23:55:20.950Z",
    "dateReserved": "2026-03-30T19:54:55.555Z",
    "dateUpdated": "2026-04-08T03:55:39.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25905 (GCVE-0-2026-25905)

Vulnerability from cvelistv5 – Published: 2026-02-09 09:01 – Updated: 2026-02-09 12:55
VLAI
Title
Lack of isolation in mcp-run-python leads to MCP server takeover
Summary
The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the "mcp-run-python" project is archived and unlikely to receive a fix.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
Vendor Product Version
Affected: 0 (python)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25905",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T12:55:11.621045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T12:55:24.415Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/pip",
          "packageName": "mcp-run-python",
          "versions": [
            {
              "status": "affected",
              "version": "0",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe Python code being run by \u0027runPython\u0027 or \u0027runPythonAsync\u0027 is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the \"mcp-run-python\" project is archived and unlikely to receive a fix.\u003c/p\u003e"
            }
          ],
          "value": "The Python code being run by \u0027runPython\u0027 or \u0027runPythonAsync\u0027 is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the \"mcp-run-python\" project is archived and unlikely to receive a fix."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T09:01:16.728Z",
        "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "shortName": "JFROG"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Lack of isolation in mcp-run-python leads to MCP server takeover"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
    "assignerShortName": "JFROG",
    "cveId": "CVE-2026-25905",
    "datePublished": "2026-02-09T09:01:16.728Z",
    "dateReserved": "2026-02-08T11:19:42.865Z",
    "dateUpdated": "2026-02-09T12:55:24.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-15738 (GCVE-0-2026-15738)

Vulnerability from cvelistv5 – Published: 2026-07-14 20:19 – Updated: 2026-07-14 20:19
VLAI
Title
Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller
Summary
Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this issue, users should upgrade to version 3.4.2.
CWE
  • CWE-653 - Improper isolation or compartmentalization
Assigner
Impacted products
Vendor Product Version
Amazon aws-load-balancer-controller Affected: 0 , < 3.4.2 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "aws-load-balancer-controller",
          "vendor": "Amazon",
          "versions": [
            {
              "lessThan": "3.4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:amazon:aws-load-balancer-controller:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.4.2",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIncorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace\u0027s gRPC traffic on a shared Gateway via a crafted HTTPRoute resource.\u003c/p\u003e\u003cp\u003eTo mitigate this issue, users should upgrade to version 3.4.2.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace\u0027s gRPC traffic on a shared Gateway via a crafted HTTPRoute resource.\n\n\n\nTo mitigate this issue, users should upgrade to version 3.4.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-154",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-154 Resource Location Spoofing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper isolation or compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T20:19:23.721Z",
        "orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "shortName": "AMZN"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/kubernetes-sigs/aws-load-balancer-controller/releases/tag/v3.4.2"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://aws.amazon.com/security/security-bulletins/2026-055-aws/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
    "assignerShortName": "AMZN",
    "cveId": "CVE-2026-15738",
    "datePublished": "2026-07-14T20:19:23.721Z",
    "dateReserved": "2026-07-14T14:02:30.277Z",
    "dateUpdated": "2026-07-14T20:19:23.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5600 (GCVE-0-2026-5600)

Vulnerability from cvelistv5 – Published: 2026-04-08 12:24 – Updated: 2026-04-08 16:03
VLAI
Summary
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those they should not have access to. These records contain information on the time and result of every ticket scan as well as the ID of the matched ticket. Example: { "id": 123, "successful": true, "error_reason": null, "error_explanation": null, "position": 321, "datetime": "2020-08-23T09:00:00+02:00", "list": 456, "created": "2020-08-23T09:00:00+02:00", "auto_checked_in": false, "gate": null, "device": 1, "device_id": 1, "type": "entry" } An unauthorized user usually has no way to match these IDs (position) back to individual people.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper isolation or compartmentalization
Assigner
Impacted products
Vendor Product Version
pretix pretix Affected: 2025.10.0 , < 2026.1.2 (python)
Affected: 2026.2.0 , < 2026.2.1 (python)
Affected: 2026.3.0 , < 2026.3.1 (python)
Create a notification for this product.
Credits
Pratik Karan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T16:02:54.453740Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T16:03:07.473Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "pretix",
          "product": "pretix",
          "vendor": "pretix",
          "versions": [
            {
              "lessThan": "2026.1.2",
              "status": "affected",
              "version": "2025.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "2026.2.1",
              "status": "affected",
              "version": "2026.2.0",
              "versionType": "python"
            },
            {
              "lessThan": "2026.3.1",
              "status": "affected",
              "version": "2026.3.0",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pratik Karan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA new API endpoint introduced in pretix 2025 that is supposed to \nreturn all check-in events of a specific event in fact returns all \ncheck-in events belonging to the respective organizer. This allows an \nAPI consumer to access information for all other events under the same \norganizer, even those they should not have access to.\u003c/p\u003e\n\u003cp\u003eThese records contain information on the time and result of every ticket scan as well as the ID of the matched ticket. Example:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003e{\n  \"id\": 123,\n  \"successful\": true,\n  \"error_reason\": null,\n  \"error_explanation\": null,\n  \"position\": 321,\n  \"datetime\": \"2020-08-23T09:00:00+02:00\",\n  \"list\": 456,\n  \"created\": \"2020-08-23T09:00:00+02:00\",\n  \"auto_checked_in\": false,\n  \"gate\": null,\n  \"device\": 1,\n  \"device_id\": 1,\n  \"type\": \"entry\"\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAn unauthorized user usually has no way to match these IDs (\u003ccode\u003eposition\u003c/code\u003e) back to individual people.\u003c/p\u003e"
            }
          ],
          "value": "A new API endpoint introduced in pretix 2025 that is supposed to \nreturn all check-in events of a specific event in fact returns all \ncheck-in events belonging to the respective organizer. This allows an \nAPI consumer to access information for all other events under the same \norganizer, even those they should not have access to.\n\n\nThese records contain information on the time and result of every ticket scan as well as the ID of the matched ticket. Example:\n\n\n{\n  \"id\": 123,\n  \"successful\": true,\n  \"error_reason\": null,\n  \"error_explanation\": null,\n  \"position\": 321,\n  \"datetime\": \"2020-08-23T09:00:00+02:00\",\n  \"list\": 456,\n  \"created\": \"2020-08-23T09:00:00+02:00\",\n  \"auto_checked_in\": false,\n  \"gate\": null,\n  \"device\": 1,\n  \"device_id\": 1,\n  \"type\": \"entry\"\n}\n\n\n\nAn unauthorized user usually has no way to match these IDs (position) back to individual people."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "auth"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper isolation or compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T12:24:51.602Z",
        "orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
        "shortName": "rami.io"
      },
      "references": [
        {
          "url": "https://pretix.eu/about/en/blog/20260408-release-2026-3-1/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
    "assignerShortName": "rami.io",
    "cveId": "CVE-2026-5600",
    "datePublished": "2026-04-08T12:24:51.602Z",
    "dateReserved": "2026-04-05T12:25:54.058Z",
    "dateUpdated": "2026-04-08T16:03:07.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5599 (GCVE-0-2026-5599)

Vulnerability from cvelistv5 – Published: 2026-04-05 12:36 – Updated: 2026-04-06 14:33
VLAI
Title
API allows deletion of users of other instance
Summary
A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper isolation or compartmentalization
Assigner
Impacted products
Vendor Product Version
pretix Venueless Affected: 0.0.0 , < 02b9cbe5 (custom)
Create a notification for this product.
Credits
Pratik Karan
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5599",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-06T14:32:27.722668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-06T14:33:34.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Venueless",
          "repo": "https://github.com/venueless/venueless",
          "vendor": "pretix",
          "versions": [
            {
              "lessThan": "02b9cbe5",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pratik Karan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A user with API access and \"manage users\" permission in any venueless \nworld is able to trigger deletion of user accounts in other worlds."
            }
          ],
          "value": "A user with API access and \"manage users\" permission in any venueless \nworld is able to trigger deletion of user accounts in other worlds."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "CWE-653 Improper isolation or compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-05T12:36:27.278Z",
        "orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
        "shortName": "rami.io"
      },
      "references": [
        {
          "url": "https://github.com/venueless/venueless/security/advisories/GHSA-gwjc-33fv-2gh4"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "API allows deletion of users of other instance",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
    "assignerShortName": "rami.io",
    "cveId": "CVE-2026-5599",
    "datePublished": "2026-04-05T12:36:27.278Z",
    "dateReserved": "2026-04-05T12:25:52.821Z",
    "dateUpdated": "2026-04-06T14:33:34.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4325 (GCVE-0-2026-4325)

Vulnerability from cvelistv5 – Published: 2026-04-02 12:44 – Updated: 2026-04-07 11:27
VLAI
Title
Keycloak: keycloak: replay of action tokens via improper handling of single-use entries
Summary
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2026:6475 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6476 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6477 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6478 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-4325 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2448351 issue-trackingx_refsource_REDHAT
Impacted products
Vendor Product Version
Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2.15-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.2 Unaffected: 26.2-18 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.2::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.2.15     cpe:/a:redhat:build_keycloak:26.2::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4.11-1 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4 Unaffected: 26.4-14 , < * (rpm)
    cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Red Hat Red Hat build of Keycloak 26.4.11     cpe:/a:redhat:build_keycloak:26.4::el9
Create a notification for this product.
Date Public
2026-04-02 12:30
Credits
Red Hat would like to thank chungkn (OneMount Group) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4325",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T13:17:04.550488Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T13:17:48.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.15-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2.15",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.11-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.11",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank chungkn (OneMount Group) for reporting this issue."
        }
      ],
      "datePublic": "2026-04-02T12:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-653",
              "description": "Improper Isolation or Compartmentalization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T11:27:36.605Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:6475",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:6475"
        },
        {
          "name": "RHSA-2026:6476",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:6476"
        },
        {
          "name": "RHSA-2026:6477",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:6477"
        },
        {
          "name": "RHSA-2026:6478",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:6478"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4325"
        },
        {
          "name": "RHBZ#2448351",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448351"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-17T12:43:09.194Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-02T12:30:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: replay of action tokens via improper handling of single-use entries",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-653: Improper Isolation or Compartmentalization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4325",
    "datePublished": "2026-04-02T12:44:52.997Z",
    "dateReserved": "2026-03-17T12:43:33.403Z",
    "dateUpdated": "2026-04-07T11:27:36.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design

Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.

No CAPEC attack patterns related to this CWE.