CWE-653
Improper Isolation or Compartmentalization
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
CVE-2025-53710 (GCVE-0-2025-53710)
Vulnerability from cvelistv5 – Published: 2025-12-18 21:05 – Updated: 2025-12-18 21:39
VLAI
Title
Network boundaries not respected in certain Foundry namespaces.
Summary
Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed user-controlled commands locally.
Severity
7.5 (High)
CWE
- CWE-653 - The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Palantir | com.palantir.compute:compute-service |
Unaffected:
0.1372.0 , < *
(semver)
|
|
| Palantir | com.palantir.codeassist2:code-assist-proxy |
Unaffected:
2.1289.0 , < *
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T21:39:40.921425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:39:48.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "com.palantir.compute:compute-service",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0.1372.0",
"versionType": "semver"
}
]
},
{
"product": "com.palantir.codeassist2:code-assist-proxy",
"vendor": "Palantir",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.1289.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in bypass of access control due to the presence of a vulnerable endpoint in Foundry Container Service that executed user-controlled commands locally."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. Sensitive functionality should always be protected with access controls. However configuring all but the most trivial access control systems can be very complicated and there are many opportunities for mistakes. If an attacker can learn of incorrectly configured access security settings, they may be able to exploit this in an attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:05:51.588Z",
"orgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"shortName": "Palantir"
},
"references": [
{
"url": "https://palantir.safebase.us/?tcuUid=4dbae101-79da-433c-8184-c70b78f4701b"
}
],
"source": {
"defect": [
"PLTRSEC-2025-50"
],
"discovery": "EXTERNAL"
},
"title": "Network boundaries not respected in certain Foundry namespaces."
}
},
"cveMetadata": {
"assignerOrgId": "bbcbe11d-db20-4bc2-8a6e-c79f87041fd4",
"assignerShortName": "Palantir",
"cveId": "CVE-2025-53710",
"datePublished": "2025-12-18T21:05:51.588Z",
"dateReserved": "2025-07-08T20:15:13.449Z",
"dateUpdated": "2025-12-18T21:39:48.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5476 (GCVE-0-2025-5476)
Vulnerability from cvelistv5 – Published: 2025-06-21 00:09 – Updated: 2025-06-23 14:47
VLAI
Title
Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability
Summary
Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.
Severity
6.3 (Medium)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.sony.com/electronics/support/mobile-c… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sony | XAV-AX8500 |
Affected:
2.00.01
|
Date Public
2025-06-11 17:41
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T14:47:05.798493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T14:47:12.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "XAV-AX8500",
"vendor": "Sony",
"versions": [
{
"status": "affected",
"version": "2.00.01"
}
]
}
],
"dateAssigned": "2025-06-02T19:14:36.638Z",
"datePublic": "2025-06-11T17:41:28.970Z",
"descriptions": [
{
"lang": "en",
"value": "Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-21T00:09:49.419Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-357",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-357/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax8500/software/00344092"
}
],
"source": {
"lang": "en",
"value": "Mikhail Evdokimov (@konatabrk) from PCAutomotive"
},
"title": "Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-5476",
"datePublished": "2025-06-21T00:09:49.419Z",
"dateReserved": "2025-06-02T19:14:36.601Z",
"dateUpdated": "2025-06-23T14:47:12.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57738 (GCVE-0-2025-57738)
Vulnerability from cvelistv5 – Published: 2025-10-20 14:43 – Updated: 2025-11-04 21:13
VLAI
Title
Apache Syncope: Remote Code Execution by delegated administrators
Summary
Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machinery is set for runtime reload.
Such a feature has been available for a while, but recently it was discovered that a malicious administrator can inject Groovy code that can be executed remotely by a running Apache Syncope Core instance.
Users are recommended to upgrade to version 3.0.14 / 4.0.2, which fix this issue by forcing the Groovy code to run in a sandbox.
Severity
No CVSS data available.
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/x7cv6xv7z76y49grd… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Syncope |
Affected:
2.1 , ≤ 2.1.14
(semver)
Affected: 3.0 , ≤ 3.0.13 (semver) Affected: 4.0 , ≤ 4.0.1 (semver) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-57738",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T15:13:38.012543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T15:15:48.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:13:18.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Syncope",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.1.14",
"status": "affected",
"version": "2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "3.0.13",
"status": "affected",
"version": "3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.1",
"status": "affected",
"version": "4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mike Cole (Mantel Group)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machinery is set for runtime reload.\u003cbr\u003eSuch a feature has been available for a while, but recently it was discovered that a malicious administrator can inject Groovy code that can be executed remotely by a running Apache Syncope Core instance.\u003cbr\u003eUsers are recommended to upgrade to version 3.0.14 / 4.0.2, which fix this issue by forcing the Groovy code to run in a sandbox."
}
],
"value": "Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machinery is set for runtime reload.\nSuch a feature has been available for a while, but recently it was discovered that a malicious administrator can inject Groovy code that can be executed remotely by a running Apache Syncope Core instance.\nUsers are recommended to upgrade to version 3.0.14 / 4.0.2, which fix this issue by forcing the Groovy code to run in a sandbox."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T14:43:39.985Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/x7cv6xv7z76y49grdr1hgj1pzw5zbby6"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Syncope: Remote Code Execution by delegated administrators",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-57738",
"datePublished": "2025-10-20T14:43:39.985Z",
"dateReserved": "2025-08-19T06:32:04.510Z",
"dateUpdated": "2025-11-04T21:13:18.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6705 (GCVE-0-2025-6705)
Vulnerability from cvelistv5 – Published: 2025-06-27 14:57 – Updated: 2025-07-02 06:58
VLAI
Summary
A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry.
The issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future.
Severity
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://open-vsx.org | product |
| https://github.com/EclipseFdn/publish-extensions/… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse Open VSX Registry |
Affected:
date < 20250624
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T15:52:03.859232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T15:52:29.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://open-vsx.org",
"defaultStatus": "unaffected",
"product": "Eclipse Open VSX Registry",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "date \u003c 20250624",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Oren Yomtov (Koi Security)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the Eclipse Open VSX Registry\u2019s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system\u2019s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry.\u003cbr\u003e\u003cbr\u003eThe issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A vulnerability in the Eclipse Open VSX Registry\u2019s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system\u2019s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new extension versions under any namespace, including those not controlled by an attacker. However, it did not permit deletion of existing extensions, overwriting of published versions, or access to administrative features of the registry.\n\nThe issue was reported on May 4, 2025, fully resolved by June 24, and followed by a comprehensive audit. No evidence of compromise was found, though 81 extensions were proactively deactivated as a precaution. The standard publishing process remained unaffected. Recommendations have been issued to mitigate similar risks in the future."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T06:58:28.586Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"product"
],
"url": "https://open-vsx.org"
},
{
"tags": [
"patch"
],
"url": "https://github.com/EclipseFdn/publish-extensions/pull/881"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2025-6705",
"datePublished": "2025-06-27T14:57:06.595Z",
"dateReserved": "2025-06-26T10:19:23.466Z",
"dateUpdated": "2025-07-02T06:58:28.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-0542 (GCVE-0-2026-0542)
Vulnerability from cvelistv5 – Published: 2026-02-25 20:35 – Updated: 2026-02-26 15:53
VLAI
Title
Remote Code Execution in ServiceNow AI Platform
Summary
ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.
ServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and hot fixes. While we are not currently aware of exploitation against customer instances, we recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ServiceNow | ServiceNow AI Platform |
Affected:
0 , < Australia
(custom)
Affected: 0 , < Zurich Patch 5 (custom) Affected: 0 , < Zurich Patch 4 Hot Fix 3b (custom) Affected: 0 , < Yokohama Patch 12 (custom) Affected: 0 , < Yokohama Patch 10 Hot Fix 1b (custom) Affected: 0 , < Xanadu Patch 11 Hot Fix 1a (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T15:52:51.206570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:53:05.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ServiceNow AI Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Australia",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Zurich Patch 5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Zurich Patch 4 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Yokohama Patch 12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Yokohama Patch 10 Hot Fix 1b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Xanadu Patch 11 Hot Fix 1a",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lockheed Martin - Red Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.\u0026nbsp;\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and hot fixes. While we are not currently aware of exploitation against customer instances, we recommend customers promptly apply appropriate updates or upgrade if they have not already done so. \u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to execute code within the ServiceNow Sandbox.\u00a0\u00a0\u00a0\n\n\n\n\n\nServiceNow addressed this vulnerability by deploying a security update to hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers and partners. Further, the vulnerability is addressed in the listed patches and hot fixes. While we are not currently aware of exploitation against customer instances, we recommend customers promptly apply appropriate updates or upgrade if they have not already done so."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:35:27.303Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB2693566"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution in ServiceNow AI Platform",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2026-0542",
"datePublished": "2026-02-25T20:35:27.303Z",
"dateReserved": "2025-12-30T14:27:44.742Z",
"dateUpdated": "2026-02-26T15:53:05.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25905 (GCVE-0-2026-25905)
Vulnerability from cvelistv5 – Published: 2026-02-09 09:01 – Updated: 2026-02-09 12:55
VLAI
Title
Lack of isolation in mcp-run-python leads to MCP server takeover
Summary
The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the "mcp-run-python" project is archived and unlikely to receive a fix.
Severity
5.8 (Medium)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://research.jfrog.com/vulnerabilities/mcp-ru… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25905",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T12:55:11.621045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T12:55:24.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/pip",
"packageName": "mcp-run-python",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe Python code being run by \u0027runPython\u0027 or \u0027runPythonAsync\u0027 is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the \"mcp-run-python\" project is archived and unlikely to receive a fix.\u003c/p\u003e"
}
],
"value": "The Python code being run by \u0027runPython\u0027 or \u0027runPythonAsync\u0027 is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing. Note - the \"mcp-run-python\" project is archived and unlikely to receive a fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T09:01:16.728Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://research.jfrog.com/vulnerabilities/mcp-run-python-lack-of-isolation-mcp-takeover-jfsa-2026-001653030/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Lack of isolation in mcp-run-python leads to MCP server takeover"
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2026-25905",
"datePublished": "2026-02-09T09:01:16.728Z",
"dateReserved": "2026-02-08T11:19:42.865Z",
"dateUpdated": "2026-02-09T12:55:24.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34775 (GCVE-0-2026-34775)
Vulnerability from cvelistv5 – Published: 2026-04-03 23:55 – Updated: 2026-04-08 03:55
VLAI
Title
Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
Summary
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0.
Severity
6.8 (Medium)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/electron/electron/security/adv… | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T03:55:39.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "electron",
"vendor": "electron",
"versions": [
{
"status": "affected",
"version": "\u003c 38.8.6"
},
{
"status": "affected",
"version": "\u003e= 39.0.0-alpha.1, \u003c 39.8.4"
},
{
"status": "affected",
"version": "\u003e= 40.0.0-alpha.1, \u003c 40.8.4"
},
{
"status": "affected",
"version": "\u003e= 41.0.0-alpha.1, \u003c 41.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable nodeIntegrationInWorker. Apps that do not use nodeIntegrationInWorker are not affected. This issue has been patched in versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T23:55:20.950Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/electron/electron/security/advisories/GHSA-xwr5-m59h-vwqr"
}
],
"source": {
"advisory": "GHSA-xwr5-m59h-vwqr",
"discovery": "UNKNOWN"
},
"title": "Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34775",
"datePublished": "2026-04-03T23:55:20.950Z",
"dateReserved": "2026-03-30T19:54:55.555Z",
"dateUpdated": "2026-04-08T03:55:39.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40968 (GCVE-0-2026-40968)
Vulnerability from cvelistv5 – Published: 2026-04-28 13:42 – Updated: 2026-04-28 14:36
VLAI
Title
Spring gRPC SecurityContext leaks across requests on authorization failure
Summary
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.
Affected versions:
Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.
Severity
4.3 (Medium)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring gRPC |
Affected:
1.0.0 , < 1.0.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-28T14:36:11.607363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T14:36:35.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring gRPC",
"vendor": "Spring",
"versions": [
{
"lessThan": "1.0.3",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.\u003cbr\u003e\u003cbr\u003eAffected versions:\u003cbr\u003eSpring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected."
}
],
"value": "When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions.\n\nAffected versions:\nSpring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A subsequent request on the same gRPC worker thread may inherit a prior user\u2019s authenticated identity after an authorization failure, enabling privilege escalation (CVSS v3.1: low confidentiality and integrity impact)."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T13:42:35.525Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-40968"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring gRPC SecurityContext leaks across requests on authorization failure"
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-40968",
"datePublished": "2026-04-28T13:42:35.525Z",
"dateReserved": "2026-04-16T02:18:56.133Z",
"dateUpdated": "2026-04-28T14:36:35.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41174 (GCVE-0-2026-41174)
Vulnerability from cvelistv5 – Published: 2026-04-30 20:20 – Updated: 2026-05-04 13:26
VLAI
Title
Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Summary
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same restriction to middleware references nested inside a Chain middleware's spec.chain.middlewares[]. An actor with permission to create or update Traefik CRDs in their own namespace can exploit this to cause Traefik to resolve and apply middleware objects from another namespace, bypassing the documented isolation boundary. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.
Severity
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/traefik/traefik/security/advis… | x_refsource_CONFIRM |
| https://github.com/traefik/traefik/commit/df00d82… | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v… | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v3.6.14 | x_refsource_MISC |
| https://github.com/traefik/traefik/releases/tag/v… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T13:25:25.541487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T13:26:08.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "traefik",
"vendor": "traefik",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.43"
},
{
"status": "affected",
"version": "\u003e= 3.7.0-ea.1, \u003c 3.7.0-rc.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik\u0027s Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same restriction to middleware references nested inside a Chain middleware\u0027s spec.chain.middlewares[]. An actor with permission to create or update Traefik CRDs in their own namespace can exploit this to cause Traefik to resolve and apply middleware objects from another namespace, bypassing the documented isolation boundary. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T20:20:29.679Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/traefik/traefik/security/advisories/GHSA-xhjw-95fp-8vgq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-xhjw-95fp-8vgq"
},
{
"name": "https://github.com/traefik/traefik/commit/df00d82fc7f12e07199551832b54de6d0e55414d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/commit/df00d82fc7f12e07199551832b54de6d0e55414d"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v2.11.43",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.43"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.6.14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.6.14"
},
{
"name": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2"
}
],
"source": {
"advisory": "GHSA-xhjw-95fp-8vgq",
"discovery": "UNKNOWN"
},
"title": "Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41174",
"datePublished": "2026-04-30T20:20:29.679Z",
"dateReserved": "2026-04-17T16:34:45.526Z",
"dateUpdated": "2026-05-04T13:26:08.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42782 (GCVE-0-2026-42782)
Vulnerability from cvelistv5 – Published: 2026-05-25 14:58 – Updated: 2026-05-25 20:30
VLAI
Title
Apache Syncope: Post-auth RCE via Groovy static
Summary
Improper Isolation or Compartmentalization vulnerability in Apache Syncope.
An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted code reaching a non-sandboxed execution path via the class static initializer.
This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.
Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by forcing even the static initializer in Groovy code to run in a sandbox.
Severity
No CVSS data available.
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/b869ms0ofrd129f7t… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Syncope |
Affected:
3.0 , ≤ 3.0.16
(semver)
Affected: 4.0 , ≤ 4.0.5 (semver) Affected: 4.1 , ≤ 4.1.0 (semver) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-25T20:30:24.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/25/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.syncope.core:syncope-core-spring",
"product": "Apache Syncope",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "3.0.16",
"status": "affected",
"version": "3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.0.5",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.0",
"status": "affected",
"version": "4.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Trung Nguyen, CyStack"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Isolation or Compartmentalization vulnerability in Apache Syncope.\u003c/p\u003e\u003cp\u003eAn administrator with adequate entitlements for Implementations can create a malicious Groovy class containing\u0026nbsp;untrusted code reaching a non-sandboxed execution path via the class static initializer.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by forcing even the static initializer in Groovy code to run in a sandbox.\u003c/p\u003e"
}
],
"value": "Improper Isolation or Compartmentalization vulnerability in Apache Syncope.\n\nAn administrator with adequate entitlements for Implementations can create a malicious Groovy class containing\u00a0untrusted code reaching a non-sandboxed execution path via the class static initializer.\n\nThis issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0.\n\n\n\nUsers are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by forcing even the static initializer in Groovy code to run in a sandbox."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T14:58:59.152Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/b869ms0ofrd129f7tgsn9flxgv9ztg2r"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Syncope: Post-auth RCE via Groovy static",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-42782",
"datePublished": "2026-05-25T14:58:59.152Z",
"dateReserved": "2026-04-29T14:11:03.486Z",
"dateUpdated": "2026-05-25T20:30:24.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Break up privileges between different modules, objects, or entities. Minimize the interfaces between modules and require strong access control between them.
No CAPEC attack patterns related to this CWE.