CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
CVE-2025-66416 (GCVE-0-2025-66416)
Vulnerability from cvelistv5 – Published: 2025-12-02 18:14 – Updated: 2025-12-02 18:45
VLAI
Title
DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost
Summary
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.23.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/modelcontextprotocol/python-sd… | x_refsource_CONFIRM |
| https://github.com/modelcontextprotocol/python-sd… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| modelcontextprotocol | python-sdk |
Affected:
< 1.23.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T18:42:19.561436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T18:45:53.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-sdk",
"vendor": "modelcontextprotocol",
"versions": [
{
"status": "affected",
"version": "\u003c 1.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.23.0, tThe Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using FastMCP with streamable HTTP or SSE transport, and has not configured TransportSecuritySettings, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the user in those limited circumstances. Note that running HTTP-based MCP servers locally without authentication is not recommended per MCP security best practices. This issue does not affect servers using stdio transport. This vulnerability is fixed in 1.23.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T18:14:28.310Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-9h52-p55h-vw2f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/modelcontextprotocol/python-sdk/security/advisories/GHSA-9h52-p55h-vw2f"
},
{
"name": "https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/modelcontextprotocol/python-sdk/commit/d3a184119e4479ea6a63590bc41f01dc06e3fa99"
}
],
"source": {
"advisory": "GHSA-9h52-p55h-vw2f",
"discovery": "UNKNOWN"
},
"title": "DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66416",
"datePublished": "2025-12-02T18:14:28.310Z",
"dateReserved": "2025-11-28T23:33:56.366Z",
"dateUpdated": "2025-12-02T18:45:53.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66482 (GCVE-0-2025-66482)
Vulnerability from cvelistv5 – Published: 2025-12-15 23:18 – Updated: 2025-12-16 15:09
VLAI
Title
Misskey has a login rate limit bypass via spoofed X-Forwarded-For header
Summary
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option (`trustProxy`) has been added in config file to prevent this from happening. However, it is initialized with an insecure default value before version 2025.12.0-alpha.2, making it still vulnerable if the configuration is not set correctly. This is patched in v2025.12.0-alpha.2 by flipping default value of `trustProxy` to `false`. Users of a trusted reverse proxy who are unsure if they manually overode this value should check their config for optimal behavior. Users are running Misskey with a trusted reverse proxy should not be affected by this vulnerability. From v2025.9.1 to v2025.11.1, workaround is available. Set `trustProxy: false` in config file.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/misskey-dev/misskey/security/a… | x_refsource_CONFIRM |
| https://github.com/misskey-dev/misskey/commit/551… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| misskey-dev | misskey |
Affected:
>= 2025.9.1, < 2025.12.0-alpha.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T14:37:27.348528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T15:09:19.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-wwrj-3hvj-prpm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "misskey",
"vendor": "misskey-dev",
"versions": [
{
"status": "affected",
"version": "\u003e= 2025.9.1, \u003c 2025.12.0-alpha.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option (`trustProxy`) has been added in config file to prevent this from happening. However, it is initialized with an insecure default value before version 2025.12.0-alpha.2, making it still vulnerable if the configuration is not set correctly. This is patched in v2025.12.0-alpha.2 by flipping default value of `trustProxy` to `false`. Users of a trusted reverse proxy who are unsure if they manually overode this value should check their config for optimal behavior. Users are running Misskey with a trusted reverse proxy should not be affected by this vulnerability. From v2025.9.1 to v2025.11.1, workaround is available. Set `trustProxy: false` in config file."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307: Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T23:18:53.415Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-wwrj-3hvj-prpm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-wwrj-3hvj-prpm"
},
{
"name": "https://github.com/misskey-dev/misskey/commit/5512898463fa8487b9e6488912f35102b91f25f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/misskey-dev/misskey/commit/5512898463fa8487b9e6488912f35102b91f25f7"
}
],
"source": {
"advisory": "GHSA-wwrj-3hvj-prpm",
"discovery": "UNKNOWN"
},
"title": "Misskey has a login rate limit bypass via spoofed X-Forwarded-For header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66482",
"datePublished": "2025-12-15T23:18:37.295Z",
"dateReserved": "2025-12-02T17:09:52.016Z",
"dateUpdated": "2025-12-16T15:09:19.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7353 (GCVE-0-2025-7353)
Vulnerability from cvelistv5 – Published: 2025-08-14 13:23 – Updated: 2026-02-26 17:48
VLAI
Title
Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability
Summary
A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Rockwell Automation | 1756-EN2T/D |
Affected:
Version 11.004 or below
|
|
| Rockwell Automation | 1756-EN2F/C |
Affected:
Version 11.004 or below
|
|
| Rockwell Automation | 1756-EN2TR/C |
Affected:
Version 11.004 or below
|
|
| Rockwell Automation | 1756-EN3TR/B |
Affected:
Version 11.004 or below
|
|
| Rockwell Automation | 1756-EN2TP/A |
Affected:
Version 11.004 or below
|
Date Public
2025-08-14 13:11
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T03:55:59.205927Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:36.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "1756-EN2T/D",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 11.004 or below"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN2F/C",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 11.004 or below"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN2TR/C",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 11.004 or below"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN3TR/B",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 11.004 or below"
}
]
},
{
"defaultStatus": "unaffected",
"product": "1756-EN2TP/A",
"vendor": "Rockwell Automation",
"versions": [
{
"status": "affected",
"version": "Version 11.004 or below"
}
]
}
],
"datePublic": "2025-08-14T13:11:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix\u00ae Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow. \u0026nbsp;\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix\u00ae Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T13:49:37.413Z",
"orgId": "b73dd486-f505-4403-b634-40b078b177f0",
"shortName": "Rockwell"
},
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1732.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e12.001 and later\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "12.001 and later"
}
],
"source": {
"advisory": "SD1732",
"discovery": "INTERNAL"
},
"title": "Rockwell Automation ControlLogix\u00ae Ethernet Remote Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0",
"assignerShortName": "Rockwell",
"cveId": "CVE-2025-7353",
"datePublished": "2025-08-14T13:23:26.940Z",
"dateReserved": "2025-07-08T12:24:08.365Z",
"dateUpdated": "2026-02-26T17:48:36.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1675 (GCVE-0-2026-1675)
Vulnerability from cvelistv5 – Published: 2026-02-07 08:26 – Updated: 2026-04-08 16:44
VLAI
Title
Advanced Country Blocker <= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key
Summary
The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| brstefanovic | Advanced Country Blocker |
Affected:
0 , ≤ 2.3.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:41:21.639323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:46:18.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Advanced Country Blocker",
"vendor": "brstefanovic",
"versions": [
{
"lessThanOrEqual": "2.3.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hector Flores"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:44:50.385Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30747988-83f9-41f9-9bc5-1f533bc4cb94?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L278"
},
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L336"
},
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L420"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3455225/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-06T20:24:09.000Z",
"value": "Disclosed"
}
],
"title": "Advanced Country Blocker \u003c= 2.3.1 - Unauthenticated Authorization Bypass via Insecure Default Secret Key"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1675",
"datePublished": "2026-02-07T08:26:37.529Z",
"dateReserved": "2026-01-30T01:48:15.248Z",
"dateUpdated": "2026-04-08T16:44:50.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24148 (GCVE-0-2026-24148)
Vulnerability from cvelistv5 – Published: 2026-03-31 16:22 – Updated: 2026-04-02 03:55
VLAI
Summary
NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID.
Severity
8.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | Jetson Xavier Series and Jetson Orin Series |
Affected:
All versions prior to 35.6.4
|
|
| NVIDIA | Jetson Xavier Series and Jetson Orin Series |
Affected:
All versions prior to 36.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24148",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T03:55:59.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Jetson Linux(35)"
],
"product": "Jetson Xavier Series and Jetson Orin Series",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 35.6.4"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Jetson Linux(36)"
],
"product": "Jetson Xavier Series and Jetson Orin Series",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All versions prior to 36.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID."
}
],
"value": "NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted data, data tampering, and partial denial of service across devices sharing the same machine ID."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Data tampering, information disclosure, denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T16:22:51.128Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24148"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24148"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5797"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2026-24148",
"datePublished": "2026-03-31T16:22:51.128Z",
"dateReserved": "2026-01-21T19:09:27.438Z",
"dateUpdated": "2026-04-02T03:55:59.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24197 (GCVE-0-2026-24197)
Vulnerability from cvelistv5 – Published: 2026-05-26 17:19 – Updated: 2026-05-27 15:44
VLAI
Summary
NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | GeForce |
Affected:
All driver versions prior to 595.71.05
|
|
| NVIDIA | GeForce |
Affected:
All driver versions prior to 580.159.03
|
|
| NVIDIA | GeForce |
Affected:
All driver versions prior to 535.309.01
|
|
| NVIDIA | NVIDIA RTX, Quadro, NVS |
Affected:
All driver versions prior to 595.71.05
|
|
| NVIDIA | NVIDIA RTX, Quadro, NVS |
Affected:
All driver versions prior to 580.159.03
|
|
| NVIDIA | NVIDIA RTX, Quadro, NVS |
Affected:
All driver versions prior to 535.309.01
|
|
| NVIDIA | Tesla |
Affected:
All driver versions prior to 595.71.05
|
|
| NVIDIA | Tesla |
Affected:
All driver versions prior to 580.159.03
|
|
| NVIDIA | Tesla |
Affected:
All driver versions prior to 535.309.01
|
|
| NVIDIA | Virtual GPU Manager |
Affected:
595.58.02(All versions prior to and including vGPU 20.0)
|
|
| NVIDIA | Virtual GPU Manager |
Affected:
580.126.08(All versions prior to and including vGPU 19.4)
|
|
| NVIDIA | Virtual GPU Manager |
Affected:
595.94(All versions prior to and including vGPU 20.0)
|
|
| NVIDIA | Virtual GPU Manager |
Affected:
582.16(All versions prior to and including vGPU 19.4)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T18:53:48.535083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T18:54:00.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R595)"
],
"product": "GeForce",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 595.71.05"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R580)"
],
"product": "GeForce",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 580.159.03"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R535)"
],
"product": "GeForce",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 535.309.01"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R595)"
],
"product": "NVIDIA RTX, Quadro, NVS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 595.71.05"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R580)"
],
"product": "NVIDIA RTX, Quadro, NVS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 580.159.03"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R535)"
],
"product": "NVIDIA RTX, Quadro, NVS",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 535.309.01"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R595)"
],
"product": "Tesla",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 595.71.05"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R580)"
],
"product": "Tesla",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 580.159.03"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux(R535)"
],
"product": "Tesla",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "All driver versions prior to 535.309.01"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"XenServer",
"VMware vSphere",
"Red Hat Enterprise Linux KVM",
"Ubuntu(R595 vGPU 20)"
],
"product": "Virtual GPU Manager",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "595.58.02(All versions prior to and including vGPU 20.0)"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"XenServer",
"VMware vSphere",
"Red Hat Enterprise Linux KVM",
"Ubuntu(R580 vGPU 19)"
],
"product": "Virtual GPU Manager",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "580.126.08(All versions prior to and including vGPU 19.4)"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Azure Local",
"Windows Server(R595 vGPU 20)"
],
"product": "Virtual GPU Manager",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "595.94(All versions prior to and including vGPU 20.0)"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Azure Local",
"Windows Server(R580 vGPU 19)"
],
"product": "Virtual GPU Manager",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "582.16(All versions prior to and including vGPU 19.4)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": true,
"type": "text/html",
"value": "NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service."
}
],
"value": "NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T15:44:16.401Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24197"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24197"
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "NVIDIA PSIRT"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2026-24197",
"datePublished": "2026-05-26T17:19:40.408Z",
"dateReserved": "2026-01-21T19:09:34.079Z",
"dateUpdated": "2026-05-27T15:44:16.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25499 (GCVE-0-2026-25499)
Vulnerability from cvelistv5 – Published: 2026-02-04 20:31 – Updated: 2026-02-05 21:05
VLAI
Title
terraform-provider-proxmox has insecure sudo recommendation in the documentation
Summary
Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/bpg/terraform-provider-proxmox… | x_refsource_CONFIRM |
| https://github.com/bpg/terraform-provider-proxmox… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bpg | terraform-provider-proxmox |
Affected:
< 0.93.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25499",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T21:05:26.324039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T21:05:30.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "terraform-provider-proxmox",
"vendor": "bpg",
"versions": [
{
"status": "affected",
"version": "\u003c 0.93.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in escaping the folder using ../, allowing any files on the system to be edited. This issue has been patched in version 0.93.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:31:17.316Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bpg/terraform-provider-proxmox/security/advisories/GHSA-gwch-7m8v-7544"
},
{
"name": "https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bpg/terraform-provider-proxmox/commit/bd604c41a31e2a55dd6acc01b0608be3ea49c023"
}
],
"source": {
"advisory": "GHSA-gwch-7m8v-7544",
"discovery": "UNKNOWN"
},
"title": "terraform-provider-proxmox has insecure sudo recommendation in the documentation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25499",
"datePublished": "2026-02-04T20:31:17.316Z",
"dateReserved": "2026-02-02T18:21:42.485Z",
"dateUpdated": "2026-02-05T21:05:30.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25894 (GCVE-0-2026-25894)
Vulnerability from cvelistv5 – Published: 2026-02-09 22:28 – Updated: 2026-02-11 21:25
VLAI
Title
FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration
Summary
FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/frangoteam/FUXA/security/advis… | x_refsource_CONFIRM |
| https://github.com/frangoteam/FUXA/commit/ea7b3df… | x_refsource_MISC |
| https://github.com/frangoteam/FUXA/releases/tag/v1.2.10 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| frangoteam | FUXA |
Affected:
< 1.2.10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:25:11.880678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:25:17.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FUXA",
"vendor": "frangoteam",
"versions": [
{
"status": "affected",
"version": "\u003c 1.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on the server. This affects FUXA through version 1.2.9 when authentication is enabled, but the administrator JWT secret is not configured. This issue has been patched in FUXA version 1.2.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T22:28:46.316Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/frangoteam/FUXA/security/advisories/GHSA-32cc-x95p-fxcg"
},
{
"name": "https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/frangoteam/FUXA/commit/ea7b3df066f9fdef8ecdce318398ae40546bc50d"
},
{
"name": "https://github.com/frangoteam/FUXA/releases/tag/v1.2.10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/frangoteam/FUXA/releases/tag/v1.2.10"
}
],
"source": {
"advisory": "GHSA-32cc-x95p-fxcg",
"discovery": "UNKNOWN"
},
"title": "FUXA Unauthenticated Remote Code Execution via Hardcoded JWT Secret in Default Configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25894",
"datePublished": "2026-02-09T22:28:46.316Z",
"dateReserved": "2026-02-06T21:08:39.130Z",
"dateUpdated": "2026-02-11T21:25:17.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26122 (GCVE-0-2026-26122)
Vulnerability from cvelistv5 – Published: 2026-03-05 22:18 – Updated: 2026-04-14 16:36 Exclusively Hosted Service
VLAI
Title
Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Summary
Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft ACI Confidential Containers |
Affected:
-
|
Date Public
2026-03-05 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:26:58.642440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T20:27:09.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft ACI Confidential Containers",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:microsoft_aci_confidential_containers:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-05T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:36:21.875Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ACI Confidential Containers Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26122"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Microsoft ACI Confidential Containers Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26122",
"datePublished": "2026-03-05T22:18:22.492Z",
"dateReserved": "2026-02-11T15:52:13.911Z",
"dateUpdated": "2026-04-14T16:36:21.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2617 (GCVE-0-2026-2617)
Vulnerability from cvelistv5 – Published: 2026-02-17 15:32 – Updated: 2026-02-23 10:13
VLAI
Title
Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource
Summary
A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.346267 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346267 | signaturepermissions-required |
| https://vuldb.com/?submit.751436 | third-party-advisory |
| https://vuldb.com/?submit.751568 | third-party-advisory |
| https://gist.github.com/raghav20232023/39e3d88d1b… | related |
| https://gist.github.com/raghav20232023/39e3d88d1b… | exploit |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2617",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T15:45:30.572454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T15:46:49.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Telnet Service/SSH Service"
],
"product": "777VR1",
"vendor": "Beetel",
"versions": [
{
"status": "affected",
"version": "01.00.09"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "raghav_2026 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization of resource. The attack can only be performed from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:13:48.851Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346267 | Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346267"
},
{
"name": "VDB-346267 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346267"
},
{
"name": "Submit #751436 | Beetel 777VR1 Firmware Versions: V01.00.09 / V01.00.09_55 Unauthorized Telnet Service Activation - CWE-1188",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.751436"
},
{
"name": "Submit #751568 | Beetel 777VR1 Firmware Versions: V01.00.09 / V01.00.09_55 Unauthorized SSH Service Activation - CWE-284 (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.751568"
},
{
"tags": [
"related"
],
"url": "https://gist.github.com/raghav20232023/39e3d88d1bc2bcef89bb0f3b5fbb73e0"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/raghav20232023/39e3d88d1bc2bcef89bb0f3b5fbb73e0#proofsteps-to-reproduce"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-17T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-21T13:48:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Beetel 777VR1 Telnet Service/SSH Service insecure default initialization of resource"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2617",
"datePublished": "2026-02-17T15:32:06.089Z",
"dateReserved": "2026-02-17T07:00:47.891Z",
"dateUpdated": "2026-02-23T10:13:48.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.