CWE-1286
Improper Validation of Syntactic Correctness of Input
The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
CVE-2025-8873 (GCVE-0-2025-8873)
Vulnerability from cvelistv5 – Published: 2026-06-04 23:04 – Updated: 2026-06-05 18:31
VLAI
Title
Arista EOS Dataplane Denial of Service via Malformed IPsec Packet
Summary
On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.arista.com/en/support/advisories-noti… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Arista Networks | EOS |
Affected:
4.33.0M , ≤ 4.33.4M
(custom)
Affected: 4.32.0M , ≤ 4.32.6.1M (custom) Affected: 4.31.0M , ≤ 4.31.7.1M (custom) Affected: 4.30.0M , ≤ 4.30.10M (custom) Affected: 4.29.0M , ≤ 4.29.10.1M (custom) |
Date Public
2026-06-04 22:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-05T18:31:22.291972Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T18:31:35.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"7020SRG Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.33.4M",
"status": "affected",
"version": "4.33.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.6.1M",
"status": "affected",
"version": "4.32.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.7.1M",
"status": "affected",
"version": "4.31.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.30.10M",
"status": "affected",
"version": "4.30.0M",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.29.10.1M",
"status": "affected",
"version": "4.29.0M",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-8873, the following condition must be met: IPsec must be configured:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eswitch\u0026gt;show ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel Source Dest Status Uptime Input Output Rekey Time\nTunnel8 10.0.0.1 10.0.0.2 Established 1 minute 0 bytes 0 bytes 54 minutes 30 pkts 30 pkts.\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eIf IPsec is not configured there is no exposure to this issue and the message will look like:\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003eswitch\u0026gt;show ip security connection\nLegend: (P) policy based VPN tunnel.\u003c/code\u003e\u003c/pre\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8873, the following condition must be met: IPsec must be configured:\n\n\n\n\nswitch\u003eshow ip security connection\nLegend: (P) policy based VPN tunnel\nTunnel Source Dest Status Uptime Input Output Rekey Time\nTunnel8 10.0.0.1 10.0.0.2 Established 1 minute 0 bytes 0 bytes 54 minutes 30 pkts 30 pkts.\n\n\n\n\nIf IPsec is not configured there is no exposure to this issue and the message will look like:\n\n\n\n\nswitch\u003eshow ip security connection\nLegend: (P) policy based VPN tunnel."
}
],
"datePublic": "2026-06-04T22:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer.\u003c/p\u003e"
}
],
"value": "On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer."
}
],
"impacts": [
{
"capecId": "CAPEC-125",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-125 Flooding"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T23:04:56.535Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22869-security-advisory-0127"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see\u0026nbsp;\u003ca href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-8873 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.7M and later releases in the 4.32.x train\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAfter upgrading to a remediated version of software, the system TCAM profile must be changed to ipsec-egress-padding-removal:\u0026nbsp;\u003ca href=\"https://www.arista.com/en/support/toi/tcam-profile?pn=ipsec-egress-padding-removal\" target=\"_blank\" rel=\"noopener noreferrer\"\u003ehttps://www.arista.com/en/support/toi/tcam-profile?pn=ipsec-egress-padding-removal\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eThis may momentarily impact traffic. Apply the configuration found at the url to create a TCAM profile and then apply the TCAM profile as shown below.\u003c/p\u003e\u003cpre\u003eswitch(config)#hardware tcam\nswitch(config-tcam)#system profile ipsec-egress-padding-removal\n!\nWARNING!\nChanging TCAM profile will cause forwarding agent(s) to exit and restart.\nAll traffic through the forwarding chip managed by the restarting\nforwarding agent will be dropped.\n \nProceed [y/n]y\nswitch(config-tcam)#\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eTo ensure the TCAM profile has been applied, run the following command and verify the Configuration and Status values match\u0026nbsp;\u003cb\u003eipsec-egress-padding-removal\u003c/b\u003e:\u003c/p\u003e\u003cpre\u003eswitch(config-tcam)#show hardware tcam profile\n\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;\u0026nbsp;Configuration\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Status\nFixedSystem\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; ipsec-egress-padding-removal \nipsec-egress-padding-removal\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003e\u2018\u003cb\u003eipsec-egress-padding-removal\u003c/b\u003e\u2019 differs from the \u2018\u003cb\u003eipsec\u003c/b\u003e\u2019 TCAM profile in two ways:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEgress IP ACLs are disabled\u003c/li\u003e\u003cli\u003eFixes for BUG603398 and BUG1246592 are applied\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see\u00a0 https://www.arista.com/en/support/toi/tcam-profile?pn=ipsec-egress-padding-removal .\n\n\n\nThis may momentarily impact traffic. Apply the configuration found at the url to create a TCAM profile and then apply the TCAM profile as shown below.\n\n\n\nswitch(config)#hardware tcam\nswitch(config-tcam)#system profile ipsec-egress-padding-removal\n!\nWARNING!\nChanging TCAM profile will cause forwarding agent(s) to exit and restart.\nAll traffic through the forwarding chip managed by the restarting\nforwarding agent will be dropped.\n \nProceed [y/n]y\nswitch(config-tcam)#\n\n\n\u00a0\n\n\n\nTo ensure the TCAM profile has been applied, run the following command and verify the Configuration and Status values match\u00a0ipsec-egress-padding-removal:\n\n\n\nswitch(config-tcam)#show hardware tcam profile\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Configuration\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Status\nFixedSystem\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ipsec-egress-padding-removal \nipsec-egress-padding-removal\n\n\n\u00a0\n\n\n\n\u2018ipsec-egress-padding-removal\u2019 differs from the \u2018ipsec\u2019 TCAM profile in two ways:\n\n * Egress IP ACLs are disabled\n * Fixes for BUG603398 and BUG1246592 are applied"
}
],
"source": {
"advisory": "127",
"defect": [
"BUG 1246592"
],
"discovery": "EXTERNAL"
},
"title": "Arista EOS Dataplane Denial of Service via Malformed IPsec Packet",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no mitigations for this vulnerability.\u003c/p\u003e"
}
],
"value": "There are no mitigations for this vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8873",
"datePublished": "2026-06-04T23:04:56.535Z",
"dateReserved": "2025-08-11T18:28:43.460Z",
"dateUpdated": "2026-06-05T18:31:35.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0663 (GCVE-0-2026-0663)
Vulnerability from cvelistv5 – Published: 2026-01-21 10:29 – Updated: 2026-02-23 10:39
VLAI
Title
Denial of Service condition in M-Files Server
Summary
Denial-of-service vulnerability in M-Files Server versions before 26.1.15632.3 allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://product.m-files.com/security-advisories/c… | vendor-advisory |
| https://empower.m-files.com/security-advisories/C… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| M-Files Corporation | M-Files Server |
Affected:
0 , < 26.1.15632.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T14:26:36.756911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T14:27:18.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "M-Files Server",
"vendor": "M-Files Corporation",
"versions": [
{
"lessThan": "26.1.15632.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial-of-service vulnerability in M-Files Server versions before\u0026nbsp;26.1.15632.3\u0026nbsp;allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint."
}
],
"value": "Denial-of-service vulnerability in M-Files Server versions before\u00a026.1.15632.3\u00a0allows an authenticated attacker with vault administrator privileges to crash the M-Files Server process by calling a vulnerable API endpoint."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:39:26.170Z",
"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"shortName": "M-Files Corporation"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://product.m-files.com/security-advisories/cve-2026-0663/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://empower.m-files.com/security-advisories/CVE-2026-0663"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update M-Files Server to unaffected version."
}
],
"value": "Update M-Files Server to unaffected version."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial of Service condition in M-Files Server",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"assignerShortName": "M-Files Corporation",
"cveId": "CVE-2026-0663",
"datePublished": "2026-01-21T10:29:57.786Z",
"dateReserved": "2026-01-07T09:47:06.520Z",
"dateUpdated": "2026-02-23T10:39:26.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0983 (GCVE-0-2026-0983)
Vulnerability from cvelistv5 – Published: 2026-05-18 11:05 – Updated: 2026-05-18 12:40
VLAI
Title
Denial of service vulnerability in M-Files Server
Summary
Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper validation of syntactic correctness of input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://empower.m-files.com/security-advisories/C… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| M-Files Corporation | M-Files Server |
Affected:
0 , < 26.5.16015.0
(custom)
Affected: LTS 25.8.15085.13 , < LTS 25.8.15085.24 (custom) Affected: LTS 26.2.15718.8 , < LTS 26.2.15718.10 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-18T12:40:10.820876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T12:40:39.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "M-Files Server",
"vendor": "M-Files Corporation",
"versions": [
{
"lessThan": "26.5.16015.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "LTS 25.8.15085.24",
"status": "affected",
"version": "LTS 25.8.15085.13",
"versionType": "custom"
},
{
"lessThan": "LTS 26.2.15718.10",
"status": "affected",
"version": "LTS 26.2.15718.8",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:m-files_corporation:m-files_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "26.5.16015.0",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:m-files_corporation:m-files_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "lts_25.8.15085.24",
"versionStartIncluding": "lts_25.8.15085.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:m-files_corporation:m-files_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "lts_26.2.15718.10",
"versionStartIncluding": "lts_26.2.15718.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash"
}
],
"value": "Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper validation of syntactic correctness of input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-18T11:05:29.691Z",
"orgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"shortName": "M-Files Corporation"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://empower.m-files.com/security-advisories/CVE-2026-0983"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Denial of service vulnerability in M-Files Server",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "bcf7a16e-bfdc-46e4-9e42-4187da3f4410",
"assignerShortName": "M-Files Corporation",
"cveId": "CVE-2026-0983",
"datePublished": "2026-05-18T11:05:29.691Z",
"dateReserved": "2026-01-15T10:18:50.486Z",
"dateUpdated": "2026-05-18T12:40:39.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10099 (GCVE-0-2026-10099)
Vulnerability from cvelistv5 – Published: 2026-05-29 15:58 – Updated: 2026-06-01 15:24
VLAI
Title
XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py
Summary
XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of whether the MASK bit is set in the frame header, causing the first 4 bytes of payload to be consumed as a mask key and the remaining payload to be incorrectly XOR-decoded, resulting in data corruption alongside missing RSV bit, opcode, and FIN fragmentation validations.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - – Improper Validation of Syntactic Correctness of Input
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/XX-net/XX-Net/issues/14169 | issue-tracking |
| https://github.com/XX-net/XX-Net/pull/14170 | technical-description |
| https://github.com/XX-net/XX-Net/commit/a68b972a8… | patch |
| https://www.vulncheck.com/advisories/xx-net-webso… | third-party-advisory |
Impacted products
Date Public
2026-05-29 15:55
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T15:24:05.941612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T15:24:15.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "XX-Net",
"vendor": "XX-net",
"versions": [
{
"lessThanOrEqual": "5.16.6",
"status": "affected",
"version": "0",
"versionType": "git"
},
{
"lessThanOrEqual": "43aec6f",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "YU SUN"
}
],
"datePublic": "2026-05-29T15:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eXX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of whether the MASK bit is set in the frame header, causing the first 4 bytes of payload to be consumed as a mask key and the remaining payload to be incorrectly XOR-decoded, resulting in data corruption alongside missing RSV bit, opcode, and FIN fragmentation validations.\u003c/p\u003e"
}
],
"value": "XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of whether the MASK bit is set in the frame header, causing the first 4 bytes of payload to be consumed as a mask key and the remaining payload to be incorrectly XOR-decoded, resulting in data corruption alongside missing RSV bit, opcode, and FIN fragmentation validations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 \u2013 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T15:58:24.062Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/XX-net/XX-Net/issues/14169"
},
{
"tags": [
"technical-description"
],
"url": "https://github.com/XX-net/XX-Net/pull/14170"
},
{
"tags": [
"patch"
],
"url": "https://github.com/XX-net/XX-Net/commit/a68b972a84ed6e52df9f30237cf47493b9231b53"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/xx-net-websocket-frame-parsing-data-corruption-via-simple-http-server-py"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XX-Net V5.16.6 WebSocket Frame Parsing Data Corruption via simple_http_server.py"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-10099",
"datePublished": "2026-05-29T15:58:24.062Z",
"dateReserved": "2026-05-29T15:03:52.130Z",
"dateUpdated": "2026-06-01T15:24:15.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20114 (GCVE-0-2026-20114)
Vulnerability from cvelistv5 – Published: 2026-03-25 16:08 – Updated: 2026-03-25 17:34
VLAI
Summary
A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users.
This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
16.11.1
Affected: 16.11.1a Affected: 16.11.1b Affected: 16.11.2 Affected: 16.11.1s Affected: 16.12.1 Affected: 16.12.1s Affected: 16.12.1a Affected: 16.12.1c Affected: 16.12.1w Affected: 16.12.2 Affected: 16.12.1y Affected: 16.12.2a Affected: 16.12.3 Affected: 16.12.8 Affected: 16.12.2s Affected: 16.12.1x Affected: 16.12.1t Affected: 16.12.4 Affected: 16.12.3s Affected: 16.12.3a Affected: 16.12.4a Affected: 16.12.5 Affected: 16.12.6 Affected: 16.12.1z1 Affected: 16.12.5a Affected: 16.12.5b Affected: 16.12.1z2 Affected: 16.12.6a Affected: 16.12.7 Affected: 16.12.9 Affected: 16.12.10 Affected: 16.12.10a Affected: 16.12.11 Affected: 16.12.12 Affected: 16.12.13 Affected: 16.12.14 Affected: 17.1.1 Affected: 17.1.1a Affected: 17.1.1s Affected: 17.1.1t Affected: 17.1.3 Affected: 17.2.1 Affected: 17.2.1r Affected: 17.2.1a Affected: 17.2.1v Affected: 17.2.2 Affected: 17.2.3 Affected: 17.3.1 Affected: 17.3.2 Affected: 17.3.3 Affected: 17.3.1a Affected: 17.3.1w Affected: 17.3.2a Affected: 17.3.1x Affected: 17.3.1z Affected: 17.3.4 Affected: 17.3.5 Affected: 17.3.4a Affected: 17.3.6 Affected: 17.3.4b Affected: 17.3.4c Affected: 17.3.5a Affected: 17.3.5b Affected: 17.3.7 Affected: 17.3.8 Affected: 17.3.8a Affected: 17.4.1 Affected: 17.4.2 Affected: 17.4.1a Affected: 17.4.1b Affected: 17.4.2a Affected: 17.5.1 Affected: 17.5.1a Affected: 17.6.1 Affected: 17.6.2 Affected: 17.6.1w Affected: 17.6.1a Affected: 17.6.1x Affected: 17.6.3 Affected: 17.6.1y Affected: 17.6.1z Affected: 17.6.3a Affected: 17.6.4 Affected: 17.6.1z1 Affected: 17.6.5 Affected: 17.6.6 Affected: 17.6.6a Affected: 17.6.5a Affected: 17.6.7 Affected: 17.6.8 Affected: 17.6.8a Affected: 17.7.1 Affected: 17.7.1a Affected: 17.7.1b Affected: 17.7.2 Affected: 17.10.1 Affected: 17.10.1a Affected: 17.10.1b Affected: 17.8.1 Affected: 17.8.1a Affected: 17.9.1 Affected: 17.9.1w Affected: 17.9.2 Affected: 17.9.1a Affected: 17.9.1x Affected: 17.9.1y Affected: 17.9.3 Affected: 17.9.2a Affected: 17.9.1x1 Affected: 17.9.3a Affected: 17.9.4 Affected: 17.9.1y1 Affected: 17.9.5 Affected: 17.9.4a Affected: 17.9.5a Affected: 17.9.5b Affected: 17.9.6 Affected: 17.9.6a Affected: 17.9.7 Affected: 17.9.5e Affected: 17.9.5f Affected: 17.9.8 Affected: 17.9.7a Affected: 17.9.7b Affected: 17.11.1 Affected: 17.11.1a Affected: 17.12.1 Affected: 17.12.1w Affected: 17.12.1a Affected: 17.12.1x Affected: 17.12.2 Affected: 17.12.3 Affected: 17.12.2a Affected: 17.12.1y Affected: 17.12.1z Affected: 17.12.4 Affected: 17.12.3a Affected: 17.12.1z1 Affected: 17.12.1z2 Affected: 17.12.4a Affected: 17.12.5 Affected: 17.12.4b Affected: 17.12.1z3 Affected: 17.12.5a Affected: 17.12.1z4 Affected: 17.12.5b Affected: 17.12.5c Affected: 17.12.5d Affected: 17.13.1 Affected: 17.13.1a Affected: 17.14.1 Affected: 17.14.1a Affected: 17.15.1 Affected: 17.15.1w Affected: 17.15.1a Affected: 17.15.2 Affected: 17.15.1b Affected: 17.15.1x Affected: 17.15.1z Affected: 17.15.3 Affected: 17.15.2c Affected: 17.15.2a Affected: 17.15.1y Affected: 17.15.2b Affected: 17.15.3a Affected: 17.15.4 Affected: 17.15.3b Affected: 17.15.4d Affected: 17.15.4e Affected: 17.16.1 Affected: 17.16.1a Affected: 17.17.1 Affected: 17.18.1 Affected: 17.18.1w Affected: 17.18.1a |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T17:33:47.412777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T17:34:18.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.1w"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.1y"
},
{
"status": "affected",
"version": "16.12.2a"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1x"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.3a"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.1z1"
},
{
"status": "affected",
"version": "16.12.5a"
},
{
"status": "affected",
"version": "16.12.5b"
},
{
"status": "affected",
"version": "16.12.1z2"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.9"
},
{
"status": "affected",
"version": "16.12.10"
},
{
"status": "affected",
"version": "16.12.10a"
},
{
"status": "affected",
"version": "16.12.11"
},
{
"status": "affected",
"version": "16.12.12"
},
{
"status": "affected",
"version": "16.12.13"
},
{
"status": "affected",
"version": "16.12.14"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.6.7"
},
{
"status": "affected",
"version": "17.6.8"
},
{
"status": "affected",
"version": "17.6.8a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.9.6"
},
{
"status": "affected",
"version": "17.9.6a"
},
{
"status": "affected",
"version": "17.9.7"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.9.5f"
},
{
"status": "affected",
"version": "17.9.8"
},
{
"status": "affected",
"version": "17.9.7a"
},
{
"status": "affected",
"version": "17.9.7b"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1w"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.1x"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.12.1y"
},
{
"status": "affected",
"version": "17.12.1z"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.12.1z1"
},
{
"status": "affected",
"version": "17.12.1z2"
},
{
"status": "affected",
"version": "17.12.4a"
},
{
"status": "affected",
"version": "17.12.5"
},
{
"status": "affected",
"version": "17.12.4b"
},
{
"status": "affected",
"version": "17.12.1z3"
},
{
"status": "affected",
"version": "17.12.5a"
},
{
"status": "affected",
"version": "17.12.1z4"
},
{
"status": "affected",
"version": "17.12.5b"
},
{
"status": "affected",
"version": "17.12.5c"
},
{
"status": "affected",
"version": "17.12.5d"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.14.1"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.15.1"
},
{
"status": "affected",
"version": "17.15.1w"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.15.2"
},
{
"status": "affected",
"version": "17.15.1b"
},
{
"status": "affected",
"version": "17.15.1x"
},
{
"status": "affected",
"version": "17.15.1z"
},
{
"status": "affected",
"version": "17.15.3"
},
{
"status": "affected",
"version": "17.15.2c"
},
{
"status": "affected",
"version": "17.15.2a"
},
{
"status": "affected",
"version": "17.15.1y"
},
{
"status": "affected",
"version": "17.15.2b"
},
{
"status": "affected",
"version": "17.15.3a"
},
{
"status": "affected",
"version": "17.15.4"
},
{
"status": "affected",
"version": "17.15.3b"
},
{
"status": "affected",
"version": "17.15.4d"
},
{
"status": "affected",
"version": "17.15.4e"
},
{
"status": "affected",
"version": "17.16.1"
},
{
"status": "affected",
"version": "17.16.1a"
},
{
"status": "affected",
"version": "17.17.1"
},
{
"status": "affected",
"version": "17.18.1"
},
{
"status": "affected",
"version": "17.18.1w"
},
{
"status": "affected",
"version": "17.18.1a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. \r\n\r This vulnerability exists because parameters that are received by an API endpoint are not sufficiently validated. An attacker could exploit this vulnerability by authenticating as a Lobby Ambassador user and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to create a new user with privilege level 1 access to the web-based management API. The attacker would then be able to access the device with these new credentials and privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that a public announcement is available for the vulnerability that is described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:08:17.586Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxe-lobby-privesc-KwxBqJy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-lobby-privesc-KwxBqJy"
}
],
"source": {
"advisory": "cisco-sa-iosxe-lobby-privesc-KwxBqJy",
"defects": [
"CSCwq16757"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20114",
"datePublished": "2026-03-25T16:08:17.586Z",
"dateReserved": "2025-10-08T11:59:15.375Z",
"dateUpdated": "2026-03-25T17:34:18.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21527 (GCVE-0-2026-21527)
Vulnerability from cvelistv5 – Published: 2026-02-10 17:51 – Updated: 2026-05-11 21:25
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Affected:
15.01.0.0 , < 15.01.2507.066
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 14 |
Affected:
15.02.0.0 , < 15.02.1544.039
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 15 |
Affected:
15.02.0.0 , < 15.02.1748.043
(custom)
|
|
| Microsoft | Microsoft Exchange Server Subscription Edition RTM |
Affected:
15.02.0.0 , < 15.02.2562.037
(custom)
|
Date Public
2026-02-10 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T15:32:37.141565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T15:33:25.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.066",
"status": "affected",
"version": "15.01.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 14",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1544.039",
"status": "affected",
"version": "15.02.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 15",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1748.043",
"status": "affected",
"version": "15.02.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server Subscription Edition RTM",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.2562.037",
"status": "affected",
"version": "15.02.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server_se:*:RTM:*:*:*:*:*:*",
"versionEndExcluding": "15.02.2562.037",
"versionStartIncluding": "15.02.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server_2016:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.066",
"versionStartIncluding": "15.01.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server_2019:*:cumulative_update_15:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1748.043",
"versionStartIncluding": "15.02.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server_2019:*:cumulative_update_14:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1544.039",
"versionStartIncluding": "15.02.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-02-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en-US",
"type": "CWE"
},
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T21:25:31.614Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21527"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-21527",
"datePublished": "2026-02-10T17:51:30.280Z",
"dateReserved": "2025-12-30T18:10:54.846Z",
"dateUpdated": "2026-05-11T21:25:31.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21917 (GCVE-0-2026-21917)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:27 – Updated: 2026-01-15 21:12
VLAI
Title
Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.
This issue affects Junos OS on SRX Series:
* 23.2 versions from 23.2R2-S2 before 23.2R2-S5,
* 23.4 versions from 23.4R2-S1 before 23.4R2-S5,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R1-S3, 24.4R2.
Earlier versions of Junos are also affected, but no fix is available.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA105996 | vendor-advisory |
| https://kb.juniper.net/JSA105996 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
23.2R2-S2 , < 23.2R2-S5
(semver)
Affected: 23.4R2-S1 , < 23.4R2-S5 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R1-S3, 24.4R2 (semver) |
Date Public
2026-01-14 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:12:30.579909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:12:37.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2R2-S2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S5",
"status": "affected",
"version": "23.4R2-S1",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R1-S3, 24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue web-filtering needs to be configured as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security utm utm-policy \u0026lt;utm policy name\u0026gt; web-filtering\u0026nbsp;http-profile \u0026lt;name\u0026gt; ]\u003cbr\u003e[\u0026nbsp;security policies ... policy \u0026lt;security policy name\u0026gt; then permit application-services utm-policy \u0026lt;utm policy name\u0026gt; ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue web-filtering needs to be configured as follows:\n\n[ security utm utm-policy \u003cutm policy name\u003e web-filtering\u00a0http-profile \u003cname\u003e ]\n[\u00a0security policies ... policy \u003csecurity policy name\u003e then permit application-services utm-policy \u003cutm policy name\u003e ]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.2 versions from 23.2R2-S2 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4 versions from 23.4R2-S1 before 23.4R2-S5,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3, 24.4R2.\u003c/li\u003e\u003c/ul\u003eEarlier versions of Junos are also affected, but no fix is available."
}
],
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,\u00a0\n * 23.4 versions from 23.4R2-S1 before 23.4R2-S5,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R1-S3, 24.4R2.\n\n\nEarlier versions of Junos are also affected, but no fix is available."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:27:11.214Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA105996"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA105996"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S5, 23.4R2-S5, 24.2R2-S2, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S5, 23.4R2-S5, 24.2R2-S2, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA105996",
"defect": [
"1876037"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21917",
"datePublished": "2026-01-15T20:27:11.214Z",
"dateReserved": "2026-01-05T17:32:48.711Z",
"dateUpdated": "2026-01-15T21:12:37.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24087 (GCVE-0-2026-24087)
Vulnerability from cvelistv5 – Published: 2026-06-01 22:05 – Updated: 2026-06-02 12:13
VLAI
Title
Improper Validation of Syntactic Correctness of Input in Kernel
Summary
Memory corruption while processing fastboot OEM commands.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:08:06.530295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:13:24.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while processing fastboot OEM commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T22:05:36.129Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html"
}
],
"title": "Improper Validation of Syntactic Correctness of Input in Kernel"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2026-24087",
"datePublished": "2026-06-01T22:05:36.129Z",
"dateReserved": "2026-01-21T12:51:13.996Z",
"dateUpdated": "2026-06-02T12:13:24.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24089 (GCVE-0-2026-24089)
Vulnerability from cvelistv5 – Published: 2026-06-01 22:05 – Updated: 2026-06-02 12:12
VLAI
Title
Improper Validation of Syntactic Correctness of Input in Kernel
Summary
Memory corruption while processing fastboot commands with invalid input.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24089",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:08:23.019160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:12:55.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while processing fastboot commands with invalid input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T22:05:38.322Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html"
}
],
"title": "Improper Validation of Syntactic Correctness of Input in Kernel"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2026-24089",
"datePublished": "2026-06-01T22:05:38.322Z",
"dateReserved": "2026-01-21T12:51:13.996Z",
"dateUpdated": "2026-06-02T12:12:55.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24091 (GCVE-0-2026-24091)
Vulnerability from cvelistv5 – Published: 2026-06-01 22:05 – Updated: 2026-06-02 12:12
VLAI
Title
Improper Validation of Syntactic Correctness of Input in Display
Summary
Memory corruption while processing fastboot commands with improperly formatted input.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T12:07:12.515624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T12:12:40.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while processing fastboot commands with improperly formatted input."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T22:05:40.458Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html"
}
],
"title": "Improper Validation of Syntactic Correctness of Input in Display"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2026-24091",
"datePublished": "2026-06-01T22:05:40.458Z",
"dateReserved": "2026-01-21T12:51:13.996Z",
"dateUpdated": "2026-06-02T12:12:40.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
CAPEC-66: SQL Injection
This attack exploits target software that constructs SQL statements based on user input. An attacker crafts input strings so that when the target software constructs SQL statements based on the input, the resulting SQL statement performs actions other than those the application intended. SQL Injection results from failure of the application to appropriately validate input.
CAPEC-676: NoSQL Injection
An adversary targets software that constructs NoSQL statements based on user input or with parameters vulnerable to operator replacement in order to achieve a variety of technical impacts such as escalating privileges, bypassing authentication, and/or executing code.