CWE-489
Active Debug Code
The product is released with debugging code still enabled or active.
CVE-2025-54660 (GCVE-0-2025-54660)
Vulnerability from cvelistv5 – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:19
VLAI
Summary
An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password
Severity
CWE
- CWE-489 - Information disclosure
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientWindows |
Affected:
7.4.0 , ≤ 7.4.3
(semver)
Affected: 7.2.0 , ≤ 7.2.10 (semver) Affected: 7.0.0 , ≤ 7.0.14 (semver) cpe:2.3:a:fortinet:forticlientwindows:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T19:23:59.798097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T19:24:07.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientwindows:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.14",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:19:45.280Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-844",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-844"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientWindows version 7.4.4 or above\nUpgrade to FortiClientWindows version 7.2.11 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-54660",
"datePublished": "2025-11-18T17:01:18.577Z",
"dateReserved": "2025-07-28T09:23:38.063Z",
"dateUpdated": "2026-01-14T09:19:45.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64983 (GCVE-0-2025-64983)
Vulnerability from cvelistv5 – Published: 2025-11-26 04:32 – Updated: 2025-11-26 14:15
VLAI
Summary
Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device.
Severity
CWE
- CWE-489 - Active debug code
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SwitchBot | Smart Video Doorbell |
Affected:
prior to 2.01.078
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T14:14:06.819939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T14:15:03.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Smart Video Doorbell",
"vendor": "SwitchBot",
"versions": [
{
"status": "affected",
"version": "prior to 2.01.078"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "Active debug code",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T04:32:55.896Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.switch-bot.com/products/switchbot-video-doorbell?srsltid=AfmBOooGEZArqUag9p59qB8ti2fDP0vCOzxX33NGlpJ8yDlZnzC3vJ_f"
},
{
"url": "https://jvn.jp/en/jp/JVN67185535"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-64983",
"datePublished": "2025-11-26T04:32:55.896Z",
"dateReserved": "2025-11-11T23:17:00.512Z",
"dateUpdated": "2025-11-26T14:15:03.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7705 (GCVE-0-2025-7705)
Vulnerability from cvelistv5 – Published: 2025-07-22 11:49 – Updated: 2025-07-22 13:57
VLAI
Title
Authentication bypass due to compatibility mode enabled by default
Summary
: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions.
Severity
CWE
- CWE-489 - Active Debug Code
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | Switch Actuator 4 DU-83330 |
Affected:
All Versions
|
|
| ABB | Switch actuator, door/light 4 DU -83330-500 |
Affected:
All Versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T13:55:25.610400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T13:57:30.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Switch Actuator 4 DU-83330",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Switch actuator, door/light 4 DU -83330-500",
"vendor": "ABB",
"versions": [
{
"status": "affected",
"version": "All Versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.\u003cp\u003eThis issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions.\u003c/p\u003e"
}
],
"value": ": Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T12:02:25.322Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A4556\u0026LanguageCode=en\u0026DocumentPartId=pdf\u0026Action=Launch\u0026_gl=1*1sgofnl*_gcl_au*MjA0NTI4OTE1Mi4xNzUzMTgxNTA2*_ga*MTIxMTUxMzg5MS4xNzUzMTgxNTA3*_ga_46ZFBRSZNM*czE3NTMxODE1MDckbzEkZzEkdDE3NTMxODE2MDIkajYwJGwwJGgw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication bypass due to compatibility mode enabled by default",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2025-7705",
"datePublished": "2025-07-22T11:49:00.964Z",
"dateReserved": "2025-07-16T11:31:40.651Z",
"dateUpdated": "2025-07-22T13:57:30.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-27131 (GCVE-0-2026-27131)
Vulnerability from cvelistv5 – Published: 2026-03-23 19:04 – Updated: 2026-03-24 14:09
VLAI
Title
Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground
Summary
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the `hashData()` signing function. This issue was mitigated in versions 3.15.2 and 2.15.2 by disabling access to the Sprig Playground entirely when `devMode` is disabled, by default. It is possible to override this behavior using a new `enablePlaygroundWhenDevModeDisabled` that defaults to `false`.
Severity
5.5 (Medium)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/putyourlightson/craft-sprig/se… | x_refsource_CONFIRM |
| https://github.com/putyourlightson/craft-sprig/co… | x_refsource_MISC |
| https://github.com/putyourlightson/craft-sprig/co… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| putyourlightson | craft-sprig |
Affected:
>= 3.0.0, < 3.15.2
Affected: >= 2.0.0, < 2.15.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T14:08:58.187517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T14:09:08.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "craft-sprig",
"vendor": "putyourlightson",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.15.2"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key, credentials, and other sensitive configuration data, in addition to running the `hashData()` signing function. This issue was mitigated in versions 3.15.2 and 2.15.2 by disabling access to the Sprig Playground entirely when `devMode` is disabled, by default. It is possible to override this behavior using a new `enablePlaygroundWhenDevModeDisabled` that defaults to `false`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T19:04:37.417Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/putyourlightson/craft-sprig/security/advisories/GHSA-m59h-42jf-cphr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/putyourlightson/craft-sprig/security/advisories/GHSA-m59h-42jf-cphr"
},
{
"name": "https://github.com/putyourlightson/craft-sprig/commit/09c9da2ffb45a8857829f3390ae2578e26cfe03b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/putyourlightson/craft-sprig/commit/09c9da2ffb45a8857829f3390ae2578e26cfe03b"
},
{
"name": "https://github.com/putyourlightson/craft-sprig/commit/db18c46f6dc5603828aa321a3a615adbd677d475",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/putyourlightson/craft-sprig/commit/db18c46f6dc5603828aa321a3a615adbd677d475"
}
],
"source": {
"advisory": "GHSA-m59h-42jf-cphr",
"discovery": "UNKNOWN"
},
"title": "Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27131",
"datePublished": "2026-03-23T19:04:37.417Z",
"dateReserved": "2026-02-17T18:42:27.044Z",
"dateUpdated": "2026-03-24T14:09:08.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32662 (GCVE-0-2026-32662)
Vulnerability from cvelistv5 – Published: 2026-04-03 20:11 – Updated: 2026-04-06 14:51
VLAI
Title
Gardyn Cloud API Active Debug Code
Summary
Development and test API endpoints are present that mirror production functionality.
Severity
5.3 (Medium)
CWE
Assigner
References
Impacted products
Date Public
2026-04-02 17:24
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:50:24.844565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:51:59.384Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud API",
"vendor": "Gardyn",
"versions": [
{
"lessThan": "2.12.2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Groberman reported these vulnerabilities to CISA."
}
],
"datePublic": "2026-04-02T17:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Development and test API endpoints are present that mirror production functionality."
}
],
"value": "Development and test API endpoints are present that mirror production functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T20:11:56.176Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-03"
},
{
"url": "https://mygardyn.com/security/"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-055-03.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\u003cbr\u003e\n\u003cbr\u003eThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\u003cbr\u003e\n\u003cbr\u003eFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"value": "Gardyn states that the relevant fixes are included in the latest version of the Gardyn mobile application. Users are required to run a supported version of the Gardyn App on their phone in order to access Gardyn services and devices.\n\n\n\nThe current versions of the Gardyn App and the Gardyn Home firmware can be checked in the Gardyn App.\n\n\n\nFor all vulnerabilities, Gardyn recommends users ensure their home kit and studio devices are upgraded to firmware master.622 or later. Gardyn also recommends that users update their mobile application to the most recent version. Gardyn requests that users ensure their devices have network connectivity in order to automatically download needed firmware updates. Unconnected devices will automatically update when configured with a working Internet connection."
}
],
"source": {
"advisory": "ICSA-26-055-03",
"discovery": "EXTERNAL"
},
"title": "Gardyn Cloud API Active Debug Code",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-32662",
"datePublished": "2026-04-03T20:11:56.176Z",
"dateReserved": "2026-03-17T20:12:55.193Z",
"dateUpdated": "2026-04-06T14:51:59.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33201 (GCVE-0-2026-33201)
Vulnerability from cvelistv5 – Published: 2026-03-26 04:18 – Updated: 2026-03-26 13:55
VLAI
Summary
Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges.
Severity
CWE
- CWE-489 - Active debug code
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GREEN HOUSE CO., LTD. | Digital Photo Frame GH-WDF10A |
Affected:
all versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T13:55:13.143693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T13:55:23.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Digital Photo Frame GH-WDF10A",
"vendor": "GREEN HOUSE CO., LTD.",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "Active debug code",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T04:18:57.635Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.green-house.co.jp/note/info_gh-wdf10a/"
},
{
"url": "https://jvn.jp/en/jp/JVN18035227/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2026-33201",
"datePublished": "2026-03-26T04:18:57.635Z",
"dateReserved": "2026-03-17T23:23:26.571Z",
"dateUpdated": "2026-03-26T13:55:23.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40035 (GCVE-0-2026-40035)
Vulnerability from cvelistv5 – Published: 2026-04-08 21:35 – Updated: 2026-05-08 14:07
VLAI
Title
Unfurl - Werkzeug Debugger Exposure via String Config Parsing
Summary
Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.
Severity
9.1 (Critical)
CWE
- CWE-489 - Active Debug Code
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/obsidianforensics/unfurl/secur… | vendor-advisory |
| https://www.vulncheck.com/advisories/dfir-unfurl-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| obsidianforensics | unfurl |
Affected:
0 , ≤ 2025.08
(custom)
|
Date Public
2026-01-28 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40035",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-09T13:19:52.114076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T13:19:56.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/obsidianforensics/unfurl/security/advisories/GHSA-vg9h-jx4v-cwx2"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "dfir-unfurl",
"product": "unfurl",
"vendor": "obsidianforensics",
"versions": [
{
"lessThanOrEqual": "2025.08",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mobasi Security Team"
}
],
"datePublic": "2026-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T14:07:04.785Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GHSA Advisory GHSA-vg9h-jx4v-cwx2",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/obsidianforensics/unfurl/security/advisories/GHSA-vg9h-jx4v-cwx2"
},
{
"name": "VulnCheck Advisory: dfir-unfurl - Werkzeug Debugger Exposure via String Config Parsing",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dfir-unfurl-werkzeug-debugger-exposure-via-string-config-parsing"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unfurl - Werkzeug Debugger Exposure via String Config Parsing",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-40035",
"datePublished": "2026-04-08T21:35:27.703Z",
"dateReserved": "2026-04-08T13:36:58.277Z",
"dateUpdated": "2026-05-08T14:07:04.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45728 (GCVE-0-2026-45728)
Vulnerability from cvelistv5 – Published: 2026-05-26 16:38 – Updated: 2026-05-26 17:31
VLAI
Title
Algernon: Single-file mode unconditionally enables debug mode
Summary
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error response dumps the absolute path of the file that errored, complete byte contents of that file, and exception or parser error text. This response is served with HTTP 200 OK to whoever sent the request that triggered the error. Any client able to reach the server and able to provoke a runtime error in the served script obtains the full server-side source of that script and of any sibling Lua data file consulted during the request. This vulnerability is fixed in 1.17.7.
Severity
7.5 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/xyproto/algernon/security/advi… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45728",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T17:31:16.231606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:31:40.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xyproto/algernon/security/advisories/GHSA-fwqx-8365-9983"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "algernon",
"vendor": "xyproto",
"versions": [
{
"status": "affected",
"version": "\u003c 1.17.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error response dumps the absolute path of the file that errored, complete byte contents of that file, and exception or parser error text. This response is served with HTTP 200 OK to whoever sent the request that triggered the error. Any client able to reach the server and able to provoke a runtime error in the served script obtains the full server-side source of that script and of any sibling Lua data file consulted during the request. This vulnerability is fixed in 1.17.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "CWE-540: Inclusion of Sensitive Information in Source Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T16:38:50.435Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xyproto/algernon/security/advisories/GHSA-fwqx-8365-9983",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xyproto/algernon/security/advisories/GHSA-fwqx-8365-9983"
}
],
"source": {
"advisory": "GHSA-fwqx-8365-9983",
"discovery": "UNKNOWN"
},
"title": "Algernon: Single-file mode unconditionally enables debug mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45728",
"datePublished": "2026-05-26T16:38:50.435Z",
"dateReserved": "2026-05-13T05:51:48.667Z",
"dateUpdated": "2026-05-26T17:31:40.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9133 (GCVE-0-2026-9133)
Vulnerability from cvelistv5 – Published: 2026-05-20 19:38 – Updated: 2026-05-21 12:50
VLAI
Title
Arbitrary file read in rabbitmq-aws plugin
Summary
Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process.
To remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys.
Severity
CWE
- CWE-489 - Active debug code
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/amazon-mq/rabbitmq-aws/release… | patch |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/amazon-mq/rabbitmq-aws/securit… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AWS | RabbitMQ AWS |
Affected:
0.1.0 , ≤ 0.2.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T12:49:05.835135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T12:50:24.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RabbitMQ AWS",
"vendor": "AWS",
"versions": [
{
"lessThanOrEqual": "0.2.0",
"status": "affected",
"version": "0.1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aws:rabbitmq_aws:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.2.0",
"versionStartIncluding": "0.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eActive debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT \u003ccode\u003e/api/aws/arn/validate\u003c/code\u003e validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. \u003c/p\u003e\u003cp\u003eTo remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys.\u003c/p\u003e"
}
],
"value": "Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might allow remote authenticated users to perform arbitrary file reads on any file accessible to the RabbitMQ process. \n\n\n\nTo remediate this issue, customers should upgrade to version 0.2.1 of rabbitmq-aws. If RabbitMQ is configured to use TLS for connections, we also recommend rotating any associated private certificate keys."
}
],
"impacts": [
{
"capecId": "CAPEC-121",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-121 Exploit Non-Production Interfaces"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active debug code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T19:40:41.991Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/amazon-mq/rabbitmq-aws/releases/tag/0.2.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-034-aws/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/amazon-mq/rabbitmq-aws/security/advisories/GHSA-8554-wg4r-7hxm"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary file read in rabbitmq-aws plugin",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-9133",
"datePublished": "2026-05-20T19:38:11.897Z",
"dateReserved": "2026-05-20T18:21:53.557Z",
"dateUpdated": "2026-05-21T12:50:24.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Build and Compilation, Distribution
Description:
- Remove debug code before deploying the application.
CAPEC-121: Exploit Non-Production Interfaces
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.
CAPEC-661: Root/Jailbreak Detection Evasion via Debugging
An adversary inserts a debugger into the program entry point of a mobile application to modify the application binary, with the goal of evading Root/Jailbreak detection. Mobile device users often Root/Jailbreak their devices in order to gain administrative control over the mobile operating system and/or to install third-party mobile applications that are not provided by authorized application stores (e.g. Google Play Store and Apple App Store). Rooting/Jailbreaking a mobile device also provides users with access to system debuggers and disassemblers, which can be leveraged to exploit applications by dumping the application's memory at runtime in order to remove or bypass signature verification methods. This further allows the adversary to evade Root/Jailbreak detection mechanisms, which can result in execution of administrative commands, obtaining confidential data, impersonating legitimate users of the application, and more.