Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1139 vulnerabilities by linuxfoundation
CVE-2026-53492 (GCVE-0-2026-53492)
Vulnerability from nvd – Published: 2026-07-01 17:59 – Updated: 2026-07-02 12:50
VLAI
Title
containerd CRI checkpoint restore CDI annotation smuggling
Summary
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 2.1.0, < 2.1.9
Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:50:36.308393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:50:43.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod\u0027s create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:59:12.552Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
}
],
"source": {
"advisory": "GHSA-33vj-92qq-66hc",
"discovery": "UNKNOWN"
},
"title": "containerd CRI checkpoint restore CDI annotation smuggling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53492",
"datePublished": "2026-07-01T17:59:12.552Z",
"dateReserved": "2026-06-09T17:05:25.059Z",
"dateUpdated": "2026-07-02T12:50:43.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53489 (GCVE-0-2026-53489)
Vulnerability from nvd – Published: 2026-07-01 18:10 – Updated: 2026-07-02 14:34
VLAI
Title
containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore
Summary
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 2.1.0, < 2.1.9
Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T14:34:14.152419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T14:34:50.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T18:10:41.802Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388"
}
],
"source": {
"advisory": "GHSA-rgh6-rfwx-v388",
"discovery": "UNKNOWN"
},
"title": "containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53489",
"datePublished": "2026-07-01T18:10:41.802Z",
"dateReserved": "2026-06-09T17:05:25.059Z",
"dateUpdated": "2026-07-02T14:34:50.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50195 (GCVE-0-2026-50195)
Vulnerability from nvd – Published: 2026-07-01 17:50 – Updated: 2026-07-01 18:32
VLAI
Title
containerd: CRI checkpoint import allows local image tag poisoning
Summary
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 2.1.0, < 2.1.9
Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T18:32:22.918998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T18:32:29.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image\u0027s configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node\u0027s local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker\u0027s malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod\u0027s identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:50:53.072Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574"
}
],
"source": {
"advisory": "GHSA-cvxm-645q-p574",
"discovery": "UNKNOWN"
},
"title": "containerd: CRI checkpoint import allows local image tag poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50195",
"datePublished": "2026-07-01T17:50:53.072Z",
"dateReserved": "2026-06-03T22:05:13.645Z",
"dateUpdated": "2026-07-01T18:32:29.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47262 (GCVE-0-2026-47262)
Vulnerability from nvd – Published: 2026-07-01 17:48 – Updated: 2026-07-01 18:34
VLAI
Title
containerd image-triggered runtime DoS via unbounded group parsing
Summary
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 1.7.0, < 1.7.33
Affected: >= 2.0.0, < 2.0.10 Affected: >= 2.1.0, < 2.1.9 Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T18:33:54.105358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T18:34:06.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.7.33"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.10"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:48:43.205Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq"
}
],
"source": {
"advisory": "GHSA-jpcc-p29g-p8mq",
"discovery": "UNKNOWN"
},
"title": "containerd image-triggered runtime DoS via unbounded group parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47262",
"datePublished": "2026-07-01T17:48:43.205Z",
"dateReserved": "2026-05-18T23:03:37.229Z",
"dateUpdated": "2026-07-01T18:34:06.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46680 (GCVE-0-2026-46680)
Vulnerability from nvd – Published: 2026-07-01 17:40 – Updated: 2026-07-03 03:56
VLAI
Title
containerd user ID handling bypass allows runAsNonRoot evasion
Summary
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue has been fixed in versions 1.7.32, 2.0.9, 2.2.4 and 2.3.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
< 1.7.32
Affected: >= 2.0.4, < 2.0.9 Affected: >= 2.0.10, < 2.2.4 Affected: >= 2.2.5, < 2.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T03:56:06.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.4, \u003c 2.0.9"
},
{
"status": "affected",
"version": "\u003e= 2.0.10, \u003c 2.2.4"
},
{
"status": "affected",
"version": "\u003e= 2.2.5, \u003c 2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue has been fixed in versions 1.7.32, 2.0.9, 2.2.4 and 2.3.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:40:25.499Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w"
}
],
"source": {
"advisory": "GHSA-fqw6-gf59-qr4w",
"discovery": "UNKNOWN"
},
"title": "containerd user ID handling bypass allows runAsNonRoot evasion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46680",
"datePublished": "2026-07-01T17:40:25.499Z",
"dateReserved": "2026-05-15T21:46:51.547Z",
"dateUpdated": "2026-07-03T03:56:06.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53488 (GCVE-0-2026-53488)
Vulnerability from nvd – Published: 2026-07-01 00:11 – Updated: 2026-07-03 03:56
VLAI
Title
containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
Summary
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
< 1.7.33
Affected: >= 2.0.0, < 2.0.10 Affected: >= 2.1.0, < 2.1.9 Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T03:56:07.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.33"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.10"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T00:11:20.610Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
}
],
"source": {
"advisory": "GHSA-xhf5-7wjv-pqxp",
"discovery": "UNKNOWN"
},
"title": "containerd CRI plugin: \u2014 image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53488",
"datePublished": "2026-07-01T00:11:20.610Z",
"dateReserved": "2026-06-09T17:05:25.059Z",
"dateUpdated": "2026-07-03T03:56:07.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41579 (GCVE-0-2026-41579)
Vulnerability from nvd – Published: 2026-07-01 00:02 – Updated: 2026-07-01 13:35
VLAI
Title
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
Summary
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names and targets in an arbitrary pre-existing host directory. This issue is not exploitable under Docker, because Docker creates a top-level read-only layer that masks any malicious /dev symlink present in the container image — unlike some other Linux container tooling, whose higher-level runtimes built on runc remain exposed to exploitation via a malicious image. This issue has been fixed in versions 1.3.6, 1.4.3 and 1.5.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/opencontainers/runc/security/a… | x_refsource_CONFIRM |
| https://github.com/opencontainers/runc/commit/864… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| opencontainers | runc |
Affected:
< 1.3.6
Affected: >= 1.4.0-rc.1, < 1.4.3 Affected: >= 1.5.0-rc.1, < 1.5.0-rc.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:34:05.348945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T13:35:41.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "runc",
"vendor": "opencontainers",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.6"
},
{
"status": "affected",
"version": "\u003e= 1.4.0-rc.1, \u003c 1.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.5.0-rc.1, \u003c 1.5.0-rc.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names and targets in an arbitrary pre-existing host directory. This issue is not exploitable under Docker, because Docker creates a top-level read-only layer that masks any malicious /dev\u00a0symlink present in the container image \u2014 unlike some other Linux container tooling, whose higher-level runtimes built on runc remain exposed to exploitation via a malicious image. This issue has been fixed in versions 1.3.6, 1.4.3 and 1.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T00:02:08.639Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-xjvp-4fhw-gc47",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-xjvp-4fhw-gc47"
},
{
"name": "https://github.com/opencontainers/runc/commit/864db8042dbb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/864db8042dbb"
}
],
"source": {
"advisory": "GHSA-xjvp-4fhw-gc47",
"discovery": "UNKNOWN"
},
"title": "runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41579",
"datePublished": "2026-07-01T00:02:08.639Z",
"dateReserved": "2026-04-21T14:15:21.958Z",
"dateUpdated": "2026-07-01T13:35:41.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3840 (GCVE-0-2026-3840)
Vulnerability from nvd – Published: 2026-06-12 15:45 – Updated: 2026-06-12 17:20
VLAI
Title
Path Traversal in kedro-org/kedro
Summary
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to escape the intended versioned dataset directory and access files outside the expected path. The issue is also reachable through the CLI via the `--load-versions` parameter, as `_split_load_versions()` in `kedro/framework/cli/utils.py` does not validate the version string. This vulnerability can lead to unauthorized file reads, data poisoning, cross-project or cross-tenant data access, and broader downstream impacts in environments where Kedro is used with automation or orchestration layers.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kedro-org | kedro-org/kedro |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3840",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T17:20:38.188127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T17:20:41.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/156dead0-1ad5-487f-b7f5-84e707277f76"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kedro-org/kedro",
"vendor": "kedro-org",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to escape the intended versioned dataset directory and access files outside the expected path. The issue is also reachable through the CLI via the `--load-versions` parameter, as `_split_load_versions()` in `kedro/framework/cli/utils.py` does not validate the version string. This vulnerability can lead to unauthorized file reads, data poisoning, cross-project or cross-tenant data access, and broader downstream impacts in environments where Kedro is used with automation or orchestration layers."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:45:39.873Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/156dead0-1ad5-487f-b7f5-84e707277f76"
}
],
"source": {
"advisory": "156dead0-1ad5-487f-b7f5-84e707277f76",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in kedro-org/kedro"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2026-3840",
"datePublished": "2026-06-12T15:45:39.873Z",
"dateReserved": "2026-03-09T16:04:48.887Z",
"dateUpdated": "2026-06-12T17:20:41.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44477 (GCVE-0-2026-44477)
Vulnerability from nvd – Published: 2026-05-28 15:46 – Updated: 2026-07-03 12:05
VLAI
Title
CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE
Summary
CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/cloudnative-pg/cloudnative-pg/… | x_refsource_CONFIRM |
| https://github.com/cloudnative-pg/cloudnative-pg/… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-44477 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2482763 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudnative-pg | cloudnative-pg |
Affected:
< 1.28.3
Affected: >= 1.29.0, < 1.29.1 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T17:28:36.663338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:28:44.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-28T15:46:12.241Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in CloudNativePG\u0027s metrics exporter. The issue arises because the metrics exporter connected to PostgreSQL using a highly privileged account and did not properly restrict privileges during monitoring operations. A low-privileged database user could exploit this behavior through crafted monitoring queries or PostgreSQL object resolution manipulation to regain PostgreSQL superuser privileges and potentially execute arbitrary operating system commands as the postgres user inside the affected database pod."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:05:13.014Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-44477"
},
{
"name": "RHBZ#2482763",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482763"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44477.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T17:01:09.448Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-28T15:46:12.241Z",
"value": "Made public."
}
],
"title": "github.com/cloudnative-pg/cloudnative-pg: CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE",
"workarounds": [
{
"lang": "en",
"value": "- Avoid using unqualified identifiers in custom monitoring queries\n- Restrict ownership of user-controlled schemas and database objects\n- Avoid unnecessary exposure of monitoring query configuration to untrusted users\n- Avoid using broad monitoring configurations such as: ``` target_databases: \u0027*\u0027 ``` unless all databases and users are trusted."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "cloudnative-pg",
"vendor": "cloudnative-pg",
"versions": [
{
"status": "affected",
"version": "\u003c 1.28.3"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271: Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T15:46:12.241Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cloudnative-pg/cloudnative-pg/security/advisories/GHSA-423p-g724-fr39",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudnative-pg/cloudnative-pg/security/advisories/GHSA-423p-g724-fr39"
},
{
"name": "https://github.com/cloudnative-pg/cloudnative-pg/pull/10576",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cloudnative-pg/cloudnative-pg/pull/10576"
}
],
"source": {
"advisory": "GHSA-423p-g724-fr39",
"discovery": "UNKNOWN"
},
"title": "CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44477",
"datePublished": "2026-05-28T15:46:12.241Z",
"dateReserved": "2026-05-06T17:18:51.782Z",
"dateUpdated": "2026-07-03T12:05:13.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44247 (GCVE-0-2026-44247)
Vulnerability from nvd – Published: 2026-05-27 20:56 – Updated: 2026-05-30 01:50
VLAI
Title
Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size
Summary
Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook server exposed to in-cluster traffic are affected. This vulnerability is fixed in v1.14.2, v1.13.3, and v1.12.4.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/volcano-sh/volcano/security/ad… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| volcano-sh | volcano |
Affected:
>= 1.14.0-alpha.0, < 1.14.2
Affected: >= 1.13.0, < 1.13.3 Affected: < 1.12.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T01:50:29.251207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T01:50:43.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "volcano",
"vendor": "volcano-sh",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.14.0-alpha.0, \u003c 1.14.2"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.3"
},
{
"status": "affected",
"version": "\u003c 1.12.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook server exposed to in-cluster traffic are affected. This vulnerability is fixed in v1.14.2, v1.13.3, and v1.12.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T20:56:47.220Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/volcano-sh/volcano/security/advisories/GHSA-8wxp-xxp2-rcgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/volcano-sh/volcano/security/advisories/GHSA-8wxp-xxp2-rcgx"
}
],
"source": {
"advisory": "GHSA-8wxp-xxp2-rcgx",
"discovery": "UNKNOWN"
},
"title": "Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44247",
"datePublished": "2026-05-27T20:56:47.220Z",
"dateReserved": "2026-05-05T16:33:55.844Z",
"dateUpdated": "2026-05-30T01:50:43.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44374 (GCVE-0-2026-44374)
Vulnerability from nvd – Published: 2026-05-14 14:30 – Updated: 2026-05-14 19:51
VLAI
Title
Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks
Summary
Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting Backstage installations using this module. This is patched in @backstage/plugin-catalog-backend-module-unprocessed version 0.6.11, @backstage/plugin-catalog-unprocessed-entities-common version 0.0.15 and @backstage/plugin-catalog-unprocessed-entities version 0.2.30.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/backstage/backstage/security/a… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| @backstage | plugin-catalog-backend-module-unprocessed |
Affected:
< 0.6.11
|
|
| @backstage | plugin-catalog-unprocessed-entities |
Affected:
< 0.2.30
|
|
| @backstage | plugin-catalog-unprocessed-entities-common |
Affected:
< 0.0.15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T16:02:43.037594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:51:53.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plugin-catalog-backend-module-unprocessed",
"vendor": "@backstage",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.11"
}
]
},
{
"product": "plugin-catalog-unprocessed-entities",
"vendor": "@backstage",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2.30"
}
]
},
{
"product": "plugin-catalog-unprocessed-entities-common",
"vendor": "@backstage",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting Backstage installations using this module. This is patched in @backstage/plugin-catalog-backend-module-unprocessed version 0.6.11, @backstage/plugin-catalog-unprocessed-entities-common version 0.0.15 and @backstage/plugin-catalog-unprocessed-entities version 0.2.30."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T14:30:04.945Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/backstage/backstage/security/advisories/GHSA-p7g9-rp3g-mgfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-p7g9-rp3g-mgfg"
}
],
"source": {
"advisory": "GHSA-p7g9-rp3g-mgfg",
"discovery": "UNKNOWN"
},
"title": "Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44374",
"datePublished": "2026-05-14T14:30:04.945Z",
"dateReserved": "2026-05-05T20:15:20.631Z",
"dateUpdated": "2026-05-14T19:51:53.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45321 (GCVE-0-2026-45321)
Vulnerability from nvd – Published: 2026-05-12 00:12 – Updated: 2026-05-28 03:55Title
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
Summary
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Severity
9.6 (Critical)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/TanStack/router/security/advis… | x_refsource_CONFIRM |
| https://github.com/TanStack/router/issues/7383 | x_refsource_MISC |
| https://tanstack.com/blog/npm-supply-chain-compro… | x_refsource_MISC |
| https://www.stepsecurity.io/blog/mini-shai-hulud-… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
42 products
| Vendor | Product | Version | |
|---|---|---|---|
| @tanstack | arktype-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
|
| @tanstack | eslint-plugin-router |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | eslint-plugin-start |
Affected:
0.0.4
Affected: 0.0.7 |
|
| @tanstack | history |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | nitro-v2-vite-plugin |
Affected:
1.154.12
Affected: 1.154.15 |
|
| @tanstack | react-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | react-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | react-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | react-start |
Affected:
1.167.68
Affected: 1.167.71 |
|
| @tanstack | react-start-client |
Affected:
1.166.51
Affected: 1.166.54 |
|
| @tanstack | react-start-rsc |
Affected:
0.0.47
Affected: 0.0.50 |
|
| @tanstack | react-start-server |
Affected:
1.166.55
Affected: 1.166.58 |
|
| @tanstack | router-cli |
Affected:
1.166.46
Affected: 1.166.49 |
|
| @tanstack | router-core |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | router-devtools-core |
Affected:
1.167.6
Affected: 1.167.9 |
|
| @tanstack | router-generator |
Affected:
1.166.45
Affected: 1.166.48 |
|
| @tanstack | router-plugin |
Affected:
1.167.38
Affected: 1.167.41 |
|
| @tanstack | router-ssr-query-core |
Affected:
1.168.3
Affected: 1.168.6 |
|
| @tanstack | router-utils |
Affected:
1.161.11
Affected: 1.161.14 |
|
| @tanstack | outer-vite-plugin |
Affected:
1.166.53
Affected: 1.166.56 |
|
| @tanstack | solid-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | solid-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | solid-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | solid-start |
Affected:
1.167.65
Affected: 1.167.68 |
|
| @tanstack | solid-start-client |
Affected:
1.166.50
Affected: 1.166.53 |
|
| @tanstack | solid-start-server |
Affected:
1.166.54
Affected: 1.166.57 |
|
| @tanstack | start-client-core |
Affected:
1.168.5
Affected: 1.168.8 |
|
| @tanstack | start-fn-stubs |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | start-plugin-core |
Affected:
1.169.23
Affected: 1.169.26 |
|
| @tanstack | start-server-core |
Affected:
1.167.33
Affected: 1.167.36 |
|
| @tanstack | start-static-server-functions |
Affected:
1.166.44
Affected: 1.166.47 |
|
| @tanstack | start-storage-context |
Affected:
1.166.38
Affected: 1.166.41 |
|
| @tanstack | valibot-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
|
| @tanstack | virtual-file-routes |
Affected:
1.161.10
Affected: 1.161.13 |
|
| @tanstack | vue-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | vue-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | vue-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | vue-start |
Affected:
1.167.61
Affected: 1.167.64 |
|
| @tanstack | vue-start-client |
Affected:
1.166.46
Affected: 1.166.49 |
|
| @tanstack | vue-start-server |
Affected:
1.166.50
Affected: 1.166.53 |
|
| @tanstack | zod-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45321",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-05-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T03:55:26.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-27T00:00:00.000Z",
"value": "CVE-2026-45321 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arktype-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
},
{
"product": "eslint-plugin-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "eslint-plugin-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "0.0.4"
},
{
"status": "affected",
"version": "0.0.7"
}
]
},
{
"product": "history",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "nitro-v2-vite-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.154.12"
},
{
"status": "affected",
"version": "1.154.15"
}
]
},
{
"product": "react-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "react-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "react-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "react-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.68"
},
{
"status": "affected",
"version": "1.167.71"
}
]
},
{
"product": "react-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.51"
},
{
"status": "affected",
"version": "1.166.54"
}
]
},
{
"product": "react-start-rsc",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "0.0.47"
},
{
"status": "affected",
"version": "0.0.50"
}
]
},
{
"product": "react-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.55"
},
{
"status": "affected",
"version": "1.166.58"
}
]
},
{
"product": "router-cli",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.46"
},
{
"status": "affected",
"version": "1.166.49"
}
]
},
{
"product": "router-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "router-devtools-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.6"
},
{
"status": "affected",
"version": "1.167.9"
}
]
},
{
"product": "router-generator",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.45"
},
{
"status": "affected",
"version": "1.166.48"
}
]
},
{
"product": "router-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.38"
},
{
"status": "affected",
"version": "1.167.41"
}
]
},
{
"product": "router-ssr-query-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.168.3"
},
{
"status": "affected",
"version": "1.168.6"
}
]
},
{
"product": "router-utils",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.11"
},
{
"status": "affected",
"version": "1.161.14"
}
]
},
{
"product": "outer-vite-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.53"
},
{
"status": "affected",
"version": "1.166.56"
}
]
},
{
"product": "solid-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "solid-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "solid-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "solid-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.65"
},
{
"status": "affected",
"version": "1.167.68"
}
]
},
{
"product": "solid-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.50"
},
{
"status": "affected",
"version": "1.166.53"
}
]
},
{
"product": "solid-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.54"
},
{
"status": "affected",
"version": "1.166.57"
}
]
},
{
"product": "start-client-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.168.5"
},
{
"status": "affected",
"version": "1.168.8"
}
]
},
{
"product": "start-fn-stubs",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "start-plugin-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.23"
},
{
"status": "affected",
"version": "1.169.26"
}
]
},
{
"product": "start-server-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.33"
},
{
"status": "affected",
"version": "1.167.36"
}
]
},
{
"product": "start-static-server-functions",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.44"
},
{
"status": "affected",
"version": "1.166.47"
}
]
},
{
"product": "start-storage-context",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.38"
},
{
"status": "affected",
"version": "1.166.41"
}
]
},
{
"product": "valibot-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
},
{
"product": "virtual-file-routes",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.10"
},
{
"status": "affected",
"version": "1.161.13"
}
]
},
{
"product": "vue-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "vue-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "vue-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "vue-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.61"
},
{
"status": "affected",
"version": "1.167.64"
}
]
},
{
"product": "vue-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.46"
},
{
"status": "affected",
"version": "1.166.49"
}
]
},
{
"product": "vue-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.50"
},
{
"status": "affected",
"version": "1.166.53"
}
]
},
{
"product": "zod-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T15:16:17.354Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx"
},
{
"name": "https://github.com/TanStack/router/issues/7383",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TanStack/router/issues/7383"
},
{
"name": "https://tanstack.com/blog/npm-supply-chain-compromise-postmortem",
"tags": [
"x_refsource_MISC"
],
"url": "https://tanstack.com/blog/npm-supply-chain-compromise-postmortem"
},
{
"name": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem"
}
],
"source": {
"advisory": "GHSA-g7cv-rxg3-hmpx",
"discovery": "UNKNOWN"
},
"title": "Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45321",
"datePublished": "2026-05-12T00:12:35.452Z",
"dateReserved": "2026-05-11T20:50:30.539Z",
"dateUpdated": "2026-05-28T03:55:26.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41491 (GCVE-0-2026-41491)
Vulnerability from nvd – Published: 2026-05-08 13:11 – Updated: 2026-05-08 13:58
VLAI
Title
Dapr: Service Invocation path traversal ACL bypass
Summary
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path while the target application received a different one. This issue has been patched in versions 1.15.14, 1.16.14, and 1.17.5.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/dapr/dapr/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/dapr/dapr/pull/9589 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T13:58:49.341365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:58:57.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dapr",
"vendor": "dapr",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.15.14"
},
{
"status": "affected",
"version": "\u003e= 1.16.0-rc.1, \u003c 1.16.14"
},
{
"status": "affected",
"version": "\u003e= 1.17.0-rc.1, \u003c 1.17.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path while the target application received a different one. This issue has been patched in versions 1.15.14, 1.16.14, and 1.17.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:11:13.128Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dapr/dapr/security/advisories/GHSA-85gx-3qv6-4463",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dapr/dapr/security/advisories/GHSA-85gx-3qv6-4463"
},
{
"name": "https://github.com/dapr/dapr/pull/9589",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dapr/dapr/pull/9589"
}
],
"source": {
"advisory": "GHSA-85gx-3qv6-4463",
"discovery": "UNKNOWN"
},
"title": "Dapr: Service Invocation path traversal ACL bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41491",
"datePublished": "2026-05-08T13:11:13.128Z",
"dateReserved": "2026-04-20T16:14:19.008Z",
"dateUpdated": "2026-05-08T13:58:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-37532 (GCVE-0-2026-37532)
Vulnerability from nvd – Published: 2026-05-01 00:00 – Updated: 2026-05-01 19:45
VLAI
Summary
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-126 - Buffer Over-read
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-37532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T19:33:10.186601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T19:45:17.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, \u0026data[1], payload_length) reads up to 8 bytes past the end of the data buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:L/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:29:06.245Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level"
},
{
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-37532",
"datePublished": "2026-05-01T00:00:00.000Z",
"dateReserved": "2026-04-06T00:00:00.000Z",
"dateUpdated": "2026-05-01T19:45:17.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-37531 (GCVE-0-2026-37531)
Vulnerability from nvd – Published: 2026-05-01 00:00 – Updated: 2026-05-01 19:45
VLAI
Summary
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal sequences it only blocks absolute paths. The zread extraction function uses openat(workdirfd, filename, O_CREAT) which resolves dot notation values relative to the work directory, allowing files to be written anywhere on the filesystem. Critically, in function install_widget in file wgtpkg-install.c, extraction via zread occurs BEFORE signature verification via check_all_signatures. Even if signature verification fails, the error cleanup (remove_workdir) only deletes the temporary work directory files written outside via path traversal persist permanently.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-37531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T19:34:07.709953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T19:45:23.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal sequences it only blocks absolute paths. The zread extraction function uses openat(workdirfd, filename, O_CREAT) which resolves dot notation values relative to the work directory, allowing files to be written anywhere on the filesystem. Critically, in function install_widget in file wgtpkg-install.c, extraction via zread occurs BEFORE signature verification via check_all_signatures. Even if signature verification fails, the error cleanup (remove_workdir) only deletes the temporary work directory files written outside via path traversal persist permanently."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:28:33.371Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gerrit.automotivelinux.org/gerrit/src/app-framework-main"
},
{
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-37531",
"datePublished": "2026-05-01T00:00:00.000Z",
"dateReserved": "2026-04-06T00:00:00.000Z",
"dateUpdated": "2026-05-01T19:45:23.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-37530 (GCVE-0-2026-37530)
Vulnerability from nvd – Published: 2026-05-01 00:00 – Updated: 2026-05-01 18:39
VLAI
Summary
AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-37530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T18:38:34.455726Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T18:39:04.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AGL agl-service-can-low-level thru 17.1.12 contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:16:11.563Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level"
},
{
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-37530",
"datePublished": "2026-05-01T00:00:00.000Z",
"dateReserved": "2026-04-06T00:00:00.000Z",
"dateUpdated": "2026-05-01T18:39:04.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-37526 (GCVE-0-2026-37526)
Vulnerability from nvd – Published: 2026-05-01 00:00 – Updated: 2026-05-01 19:45
VLAI
Summary
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The on_supervision_call function in src/afb-supervision.c dispatches all 8 commands without any credential verification. The abstract socket has no DAC protection, as acknowledged in the official CAUTION comment in src/afs-supervision.h. This allows a low-privileged local process to kill the daemon (DoS via Exit command), execute arbitrary API calls (via Do command), close arbitrary user sessions (via Sclose command), or leak the entire global configuration (via Config command). The vulnerability was introduced in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-284 - Improper Access Control
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T19:34:46.933336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T19:45:29.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The on_supervision_call function in src/afb-supervision.c dispatches all 8 commands without any credential verification. The abstract socket has no DAC protection, as acknowledged in the official CAUTION comment in src/afs-supervision.h. This allows a low-privileged local process to kill the daemon (DoS via Exit command), execute arbitrary API calls (via Do command), close arbitrary user sessions (via Sclose command), or leak the entire global configuration (via Config command). The vulnerability was introduced in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:15:27.603Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gerrit.automotivelinux.org/gerrit/src/app-framework-binder"
},
{
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-37526",
"datePublished": "2026-05-01T00:00:00.000Z",
"dateReserved": "2026-04-06T00:00:00.000Z",
"dateUpdated": "2026-05-01T19:45:29.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53489 (GCVE-0-2026-53489)
Vulnerability from cvelistv5 – Published: 2026-07-01 18:10 – Updated: 2026-07-02 14:34
VLAI
Title
containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore
Summary
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 2.1.0, < 2.1.9
Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T14:34:14.152419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T14:34:50.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T18:10:41.802Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388"
}
],
"source": {
"advisory": "GHSA-rgh6-rfwx-v388",
"discovery": "UNKNOWN"
},
"title": "containerd: Arbitrary host CRI log file read via symlink following in CRI checkpoint restore"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53489",
"datePublished": "2026-07-01T18:10:41.802Z",
"dateReserved": "2026-06-09T17:05:25.059Z",
"dateUpdated": "2026-07-02T14:34:50.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53492 (GCVE-0-2026-53492)
Vulnerability from cvelistv5 – Published: 2026-07-01 17:59 – Updated: 2026-07-02 12:50
VLAI
Title
containerd CRI checkpoint restore CDI annotation smuggling
Summary
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod's create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 2.1.0, < 2.1.9
Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T12:50:36.308393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:50:43.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface (CDI) annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive rather than relying solely on the pod\u0027s create-time specification. This allows a user with pod creation permissions to bypass standard Kubernetes resource allocation and device plugin enforcement, injecting arbitrary CDI edits (such as device nodes and host mounts) into the restored container. Successful exploitation requires that the node has CDI enabled and contains a matching host CDI specification for the requested device; environments where CDI is disabled or lacking sensitive device specifications are not affected. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:59:12.552Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc"
}
],
"source": {
"advisory": "GHSA-33vj-92qq-66hc",
"discovery": "UNKNOWN"
},
"title": "containerd CRI checkpoint restore CDI annotation smuggling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53492",
"datePublished": "2026-07-01T17:59:12.552Z",
"dateReserved": "2026-06-09T17:05:25.059Z",
"dateUpdated": "2026-07-02T12:50:43.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50195 (GCVE-0-2026-50195)
Vulnerability from cvelistv5 – Published: 2026-07-01 17:50 – Updated: 2026-07-01 18:32
VLAI
Title
containerd: CRI checkpoint import allows local image tag poisoning
Summary
containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node's local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker's malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod's identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 2.1.0, < 2.1.9
Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T18:32:22.918998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T18:32:29.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image\u0027s configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious image and assign it an arbitrary local tag, thereby poisoning the node\u0027s local image cache. Subsequently, if other pods on the same node attempt to use the poisoned tag with an IfNotPresent (or Never) pull policy, they will unknowingly execute the attacker\u0027s malicious image instead of the legitimate one. This can lead to a compromise of the affected pods, allowing the attacker to execute arbitrary code under the victim pod\u0027s identity. This issue has been fixed in versions 2.3.2, 2.2.5 and 2.1.9."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:50:53.072Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574"
}
],
"source": {
"advisory": "GHSA-cvxm-645q-p574",
"discovery": "UNKNOWN"
},
"title": "containerd: CRI checkpoint import allows local image tag poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50195",
"datePublished": "2026-07-01T17:50:53.072Z",
"dateReserved": "2026-06-03T22:05:13.645Z",
"dateUpdated": "2026-07-01T18:32:29.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47262 (GCVE-0-2026-47262)
Vulnerability from cvelistv5 – Published: 2026-07-01 17:48 – Updated: 2026-07-01 18:34
VLAI
Title
containerd image-triggered runtime DoS via unbounded group parsing
Summary
containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
>= 1.7.0, < 1.7.33
Affected: >= 2.0.0, < 2.0.10 Affected: >= 2.1.0, < 2.1.9 Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-47262",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T18:33:54.105358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T18:34:06.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.7.0, \u003c 1.7.33"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.10"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service (DoS) condition. When creating a container from this image, memory exhaustion occurs, leading to an Out Of Memory (OOM) kill of the containerd process. This renders the container runtime API unavailable and can disrupt clients such as the Docker Engine or Kubernetes control-plane components. This issue has been fixed in versions 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:48:43.205Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq"
}
],
"source": {
"advisory": "GHSA-jpcc-p29g-p8mq",
"discovery": "UNKNOWN"
},
"title": "containerd image-triggered runtime DoS via unbounded group parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-47262",
"datePublished": "2026-07-01T17:48:43.205Z",
"dateReserved": "2026-05-18T23:03:37.229Z",
"dateUpdated": "2026-07-01T18:34:06.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46680 (GCVE-0-2026-46680)
Vulnerability from cvelistv5 – Published: 2026-07-01 17:40 – Updated: 2026-07-03 03:56
VLAI
Title
containerd user ID handling bypass allows runAsNonRoot evasion
Summary
containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue has been fixed in versions 1.7.32, 2.0.9, 2.2.4 and 2.3.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
< 1.7.32
Affected: >= 2.0.4, < 2.0.9 Affected: >= 2.0.10, < 2.2.4 Affected: >= 2.2.5, < 2.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T03:56:06.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.32"
},
{
"status": "affected",
"version": "\u003e= 2.0.4, \u003c 2.0.9"
},
{
"status": "affected",
"version": "\u003e= 2.0.10, \u003c 2.2.4"
},
{
"status": "affected",
"version": "\u003e= 2.2.5, \u003c 2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. In versions prior to 1.7.32, 2.0.9, 2.2.4 and 2.3.1, containers launched with a numeric User directive that cannot be parsed as a 32-bit integer are incorrectly treated as a username, leading to runAsNonRoot evasion. If a crafted image provides an /etc/passwd file mapping this large numeric string to root, the container ultimately runs as root (UID 0). This allows the Kubernetes runAsNonRoot restriction to be bypassed, causing unexpected behavior for environments that require containers to run as a non-root user. This issue has been fixed in versions 1.7.32, 2.0.9, 2.2.4 and 2.3.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:40:25.499Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-fqw6-gf59-qr4w"
}
],
"source": {
"advisory": "GHSA-fqw6-gf59-qr4w",
"discovery": "UNKNOWN"
},
"title": "containerd user ID handling bypass allows runAsNonRoot evasion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46680",
"datePublished": "2026-07-01T17:40:25.499Z",
"dateReserved": "2026-05-15T21:46:51.547Z",
"dateUpdated": "2026-07-03T03:56:06.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-53488 (GCVE-0-2026-53488)
Vulnerability from cvelistv5 – Published: 2026-07-01 00:11 – Updated: 2026-07-03 03:56
VLAI
Title
containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull
Summary
containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
< 1.7.33
Affected: >= 2.0.0, < 2.0.10 Affected: >= 2.1.0, < 2.1.9 Affected: >= 2.2.0, < 2.2.5 Affected: >= 2.3.0, < 2.3.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-53488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T03:56:07.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.33"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.0.10"
},
{
"status": "affected",
"version": "\u003e= 2.1.0, \u003c 2.1.9"
},
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.2.5"
},
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c 2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. In versions prior to 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10 the CRI plugin propagates labels from an image config (LABEL instruction in Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host, via a plugin that consumes container labels for some operations. This issue has been fixed in versions 1.7.33, 2.3.2, 2.2.5, 2.1.9, and 2.0.10."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T00:11:20.610Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
}
],
"source": {
"advisory": "GHSA-xhf5-7wjv-pqxp",
"discovery": "UNKNOWN"
},
"title": "containerd CRI plugin: \u2014 image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-53488",
"datePublished": "2026-07-01T00:11:20.610Z",
"dateReserved": "2026-06-09T17:05:25.059Z",
"dateUpdated": "2026-07-03T03:56:07.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41579 (GCVE-0-2026-41579)
Vulnerability from cvelistv5 – Published: 2026-07-01 00:02 – Updated: 2026-07-01 13:35
VLAI
Title
runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations
Summary
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names and targets in an arbitrary pre-existing host directory. This issue is not exploitable under Docker, because Docker creates a top-level read-only layer that masks any malicious /dev symlink present in the container image — unlike some other Linux container tooling, whose higher-level runtimes built on runc remain exposed to exploitation via a malicious image. This issue has been fixed in versions 1.3.6, 1.4.3 and 1.5.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/opencontainers/runc/security/a… | x_refsource_CONFIRM |
| https://github.com/opencontainers/runc/commit/864… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| opencontainers | runc |
Affected:
< 1.3.6
Affected: >= 1.4.0-rc.1, < 1.4.3 Affected: >= 1.5.0-rc.1, < 1.5.0-rc.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41579",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:34:05.348945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T13:35:41.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "runc",
"vendor": "opencontainers",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.6"
},
{
"status": "affected",
"version": "\u003e= 1.4.0-rc.1, \u003c 1.4.3"
},
{
"status": "affected",
"version": "\u003e= 1.5.0-rc.1, \u003c 1.5.0-rc.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join string which allow an image with /dev as a symlink to trick runc into deleting files called ptmx on the host or creating a hardcoded set of symlinks with specific names and targets in an arbitrary pre-existing host directory. This issue is not exploitable under Docker, because Docker creates a top-level read-only layer that masks any malicious /dev\u00a0symlink present in the container image \u2014 unlike some other Linux container tooling, whose higher-level runtimes built on runc remain exposed to exploitation via a malicious image. This issue has been fixed in versions 1.3.6, 1.4.3 and 1.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T00:02:08.639Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-xjvp-4fhw-gc47",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-xjvp-4fhw-gc47"
},
{
"name": "https://github.com/opencontainers/runc/commit/864db8042dbb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/864db8042dbb"
}
],
"source": {
"advisory": "GHSA-xjvp-4fhw-gc47",
"discovery": "UNKNOWN"
},
"title": "runc: Malicious image with /dev symlink can trigger limited host filesystem integrity violations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41579",
"datePublished": "2026-07-01T00:02:08.639Z",
"dateReserved": "2026-04-21T14:15:21.958Z",
"dateUpdated": "2026-07-01T13:35:41.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3840 (GCVE-0-2026-3840)
Vulnerability from cvelistv5 – Published: 2026-06-12 15:45 – Updated: 2026-06-12 17:20
VLAI
Title
Path Traversal in kedro-org/kedro
Summary
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to escape the intended versioned dataset directory and access files outside the expected path. The issue is also reachable through the CLI via the `--load-versions` parameter, as `_split_load_versions()` in `kedro/framework/cli/utils.py` does not validate the version string. This vulnerability can lead to unauthorized file reads, data poisoning, cross-project or cross-tenant data access, and broader downstream impacts in environments where Kedro is used with automation or orchestration layers.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| kedro-org | kedro-org/kedro |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3840",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T17:20:38.188127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T17:20:41.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/156dead0-1ad5-487f-b7f5-84e707277f76"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kedro-org/kedro",
"vendor": "kedro-org",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to escape the intended versioned dataset directory and access files outside the expected path. The issue is also reachable through the CLI via the `--load-versions` parameter, as `_split_load_versions()` in `kedro/framework/cli/utils.py` does not validate the version string. This vulnerability can lead to unauthorized file reads, data poisoning, cross-project or cross-tenant data access, and broader downstream impacts in environments where Kedro is used with automation or orchestration layers."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:45:39.873Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/156dead0-1ad5-487f-b7f5-84e707277f76"
}
],
"source": {
"advisory": "156dead0-1ad5-487f-b7f5-84e707277f76",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in kedro-org/kedro"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2026-3840",
"datePublished": "2026-06-12T15:45:39.873Z",
"dateReserved": "2026-03-09T16:04:48.887Z",
"dateUpdated": "2026-06-12T17:20:41.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44477 (GCVE-0-2026-44477)
Vulnerability from cvelistv5 – Published: 2026-05-28 15:46 – Updated: 2026-07-03 12:05
VLAI
Title
CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE
Summary
CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/cloudnative-pg/cloudnative-pg/… | x_refsource_CONFIRM |
| https://github.com/cloudnative-pg/cloudnative-pg/… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2026-44477 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2482763 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudnative-pg | cloudnative-pg |
Affected:
< 1.28.3
Affected: >= 1.29.0, < 1.29.1 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T17:28:36.663338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T17:28:44.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-28T15:46:12.241Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in CloudNativePG\u0027s metrics exporter. The issue arises because the metrics exporter connected to PostgreSQL using a highly privileged account and did not properly restrict privileges during monitoring operations. A low-privileged database user could exploit this behavior through crafted monitoring queries or PostgreSQL object resolution manipulation to regain PostgreSQL superuser privileges and potentially execute arbitrary operating system commands as the postgres user inside the affected database pod."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:05:13.014Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-44477"
},
{
"name": "RHBZ#2482763",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482763"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44477.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T17:01:09.448Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-28T15:46:12.241Z",
"value": "Made public."
}
],
"title": "github.com/cloudnative-pg/cloudnative-pg: CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE",
"workarounds": [
{
"lang": "en",
"value": "- Avoid using unqualified identifiers in custom monitoring queries\n- Restrict ownership of user-controlled schemas and database objects\n- Avoid unnecessary exposure of monitoring query configuration to untrusted users\n- Avoid using broad monitoring configurations such as: ``` target_databases: \u0027*\u0027 ``` unless all databases and users are trusted."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "cloudnative-pg",
"vendor": "cloudnative-pg",
"versions": [
{
"status": "affected",
"version": "\u003c 1.28.3"
},
{
"status": "affected",
"version": "\u003e= 1.29.0, \u003c 1.29.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271: Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T15:46:12.241Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cloudnative-pg/cloudnative-pg/security/advisories/GHSA-423p-g724-fr39",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cloudnative-pg/cloudnative-pg/security/advisories/GHSA-423p-g724-fr39"
},
{
"name": "https://github.com/cloudnative-pg/cloudnative-pg/pull/10576",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cloudnative-pg/cloudnative-pg/pull/10576"
}
],
"source": {
"advisory": "GHSA-423p-g724-fr39",
"discovery": "UNKNOWN"
},
"title": "CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44477",
"datePublished": "2026-05-28T15:46:12.241Z",
"dateReserved": "2026-05-06T17:18:51.782Z",
"dateUpdated": "2026-07-03T12:05:13.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44247 (GCVE-0-2026-44247)
Vulnerability from cvelistv5 – Published: 2026-05-27 20:56 – Updated: 2026-05-30 01:50
VLAI
Title
Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size
Summary
Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook server exposed to in-cluster traffic are affected. This vulnerability is fixed in v1.14.2, v1.13.3, and v1.12.4.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/volcano-sh/volcano/security/ad… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| volcano-sh | volcano |
Affected:
>= 1.14.0-alpha.0, < 1.14.2
Affected: >= 1.13.0, < 1.13.3 Affected: < 1.12.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44247",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T01:50:29.251207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T01:50:43.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "volcano",
"vendor": "volcano-sh",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.14.0-alpha.0, \u003c 1.14.2"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.3"
},
{
"status": "affected",
"version": "\u003c 1.12.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Volcano is a Kubernetes-native batch scheduling system. Prior to v1.14.2, v1.13.3, and v1.12.4, the Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook server exposed to in-cluster traffic are affected. This vulnerability is fixed in v1.14.2, v1.13.3, and v1.12.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T20:56:47.220Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/volcano-sh/volcano/security/advisories/GHSA-8wxp-xxp2-rcgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/volcano-sh/volcano/security/advisories/GHSA-8wxp-xxp2-rcgx"
}
],
"source": {
"advisory": "GHSA-8wxp-xxp2-rcgx",
"discovery": "UNKNOWN"
},
"title": "Volcano: Webhook server vulnerable to OOM due to unbounded HTTP request body size"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44247",
"datePublished": "2026-05-27T20:56:47.220Z",
"dateReserved": "2026-05-05T16:33:55.844Z",
"dateUpdated": "2026-05-30T01:50:43.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44374 (GCVE-0-2026-44374)
Vulnerability from cvelistv5 – Published: 2026-05-14 14:30 – Updated: 2026-05-14 19:51
VLAI
Title
Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks
Summary
Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting Backstage installations using this module. This is patched in @backstage/plugin-catalog-backend-module-unprocessed version 0.6.11, @backstage/plugin-catalog-unprocessed-entities-common version 0.0.15 and @backstage/plugin-catalog-unprocessed-entities version 0.2.30.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/backstage/backstage/security/a… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| @backstage | plugin-catalog-backend-module-unprocessed |
Affected:
< 0.6.11
|
|
| @backstage | plugin-catalog-unprocessed-entities |
Affected:
< 0.2.30
|
|
| @backstage | plugin-catalog-unprocessed-entities-common |
Affected:
< 0.0.15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T16:02:43.037594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:51:53.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plugin-catalog-backend-module-unprocessed",
"vendor": "@backstage",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.11"
}
]
},
{
"product": "plugin-catalog-unprocessed-entities",
"vendor": "@backstage",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2.30"
}
]
},
{
"product": "plugin-catalog-unprocessed-entities-common",
"vendor": "@backstage",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting Backstage installations using this module. This is patched in @backstage/plugin-catalog-backend-module-unprocessed version 0.6.11, @backstage/plugin-catalog-unprocessed-entities-common version 0.0.15 and @backstage/plugin-catalog-unprocessed-entities version 0.2.30."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T14:30:04.945Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/backstage/backstage/security/advisories/GHSA-p7g9-rp3g-mgfg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-p7g9-rp3g-mgfg"
}
],
"source": {
"advisory": "GHSA-p7g9-rp3g-mgfg",
"discovery": "UNKNOWN"
},
"title": "Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44374",
"datePublished": "2026-05-14T14:30:04.945Z",
"dateReserved": "2026-05-05T20:15:20.631Z",
"dateUpdated": "2026-05-14T19:51:53.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45321 (GCVE-0-2026-45321)
Vulnerability from cvelistv5 – Published: 2026-05-12 00:12 – Updated: 2026-05-28 03:55Title
Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
Summary
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart.
Severity
9.6 (Critical)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-506 - Embedded Malicious Code
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/TanStack/router/security/advis… | x_refsource_CONFIRM |
| https://github.com/TanStack/router/issues/7383 | x_refsource_MISC |
| https://tanstack.com/blog/npm-supply-chain-compro… | x_refsource_MISC |
| https://www.stepsecurity.io/blog/mini-shai-hulud-… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
42 products
| Vendor | Product | Version | |
|---|---|---|---|
| @tanstack | arktype-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
|
| @tanstack | eslint-plugin-router |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | eslint-plugin-start |
Affected:
0.0.4
Affected: 0.0.7 |
|
| @tanstack | history |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | nitro-v2-vite-plugin |
Affected:
1.154.12
Affected: 1.154.15 |
|
| @tanstack | react-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | react-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | react-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | react-start |
Affected:
1.167.68
Affected: 1.167.71 |
|
| @tanstack | react-start-client |
Affected:
1.166.51
Affected: 1.166.54 |
|
| @tanstack | react-start-rsc |
Affected:
0.0.47
Affected: 0.0.50 |
|
| @tanstack | react-start-server |
Affected:
1.166.55
Affected: 1.166.58 |
|
| @tanstack | router-cli |
Affected:
1.166.46
Affected: 1.166.49 |
|
| @tanstack | router-core |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | router-devtools-core |
Affected:
1.167.6
Affected: 1.167.9 |
|
| @tanstack | router-generator |
Affected:
1.166.45
Affected: 1.166.48 |
|
| @tanstack | router-plugin |
Affected:
1.167.38
Affected: 1.167.41 |
|
| @tanstack | router-ssr-query-core |
Affected:
1.168.3
Affected: 1.168.6 |
|
| @tanstack | router-utils |
Affected:
1.161.11
Affected: 1.161.14 |
|
| @tanstack | outer-vite-plugin |
Affected:
1.166.53
Affected: 1.166.56 |
|
| @tanstack | solid-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | solid-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | solid-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | solid-start |
Affected:
1.167.65
Affected: 1.167.68 |
|
| @tanstack | solid-start-client |
Affected:
1.166.50
Affected: 1.166.53 |
|
| @tanstack | solid-start-server |
Affected:
1.166.54
Affected: 1.166.57 |
|
| @tanstack | start-client-core |
Affected:
1.168.5
Affected: 1.168.8 |
|
| @tanstack | start-fn-stubs |
Affected:
1.161.9
Affected: 1.161.12 |
|
| @tanstack | start-plugin-core |
Affected:
1.169.23
Affected: 1.169.26 |
|
| @tanstack | start-server-core |
Affected:
1.167.33
Affected: 1.167.36 |
|
| @tanstack | start-static-server-functions |
Affected:
1.166.44
Affected: 1.166.47 |
|
| @tanstack | start-storage-context |
Affected:
1.166.38
Affected: 1.166.41 |
|
| @tanstack | valibot-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
|
| @tanstack | virtual-file-routes |
Affected:
1.161.10
Affected: 1.161.13 |
|
| @tanstack | vue-router |
Affected:
1.169.5
Affected: 1.169.8 |
|
| @tanstack | vue-router-devtools |
Affected:
1.166.16
Affected: 1.166.19 |
|
| @tanstack | vue-router-ssr-query |
Affected:
1.166.15
Affected: 1.166.18 |
|
| @tanstack | vue-start |
Affected:
1.167.61
Affected: 1.167.64 |
|
| @tanstack | vue-start-client |
Affected:
1.166.46
Affected: 1.166.49 |
|
| @tanstack | vue-start-server |
Affected:
1.166.50
Affected: 1.166.53 |
|
| @tanstack | zod-adapter |
Affected:
1.166.12
Affected: 1.166.15 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45321",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-05-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T03:55:26.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45321"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-27T00:00:00.000Z",
"value": "CVE-2026-45321 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "arktype-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
},
{
"product": "eslint-plugin-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "eslint-plugin-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "0.0.4"
},
{
"status": "affected",
"version": "0.0.7"
}
]
},
{
"product": "history",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "nitro-v2-vite-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.154.12"
},
{
"status": "affected",
"version": "1.154.15"
}
]
},
{
"product": "react-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "react-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "react-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "react-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.68"
},
{
"status": "affected",
"version": "1.167.71"
}
]
},
{
"product": "react-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.51"
},
{
"status": "affected",
"version": "1.166.54"
}
]
},
{
"product": "react-start-rsc",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "0.0.47"
},
{
"status": "affected",
"version": "0.0.50"
}
]
},
{
"product": "react-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.55"
},
{
"status": "affected",
"version": "1.166.58"
}
]
},
{
"product": "router-cli",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.46"
},
{
"status": "affected",
"version": "1.166.49"
}
]
},
{
"product": "router-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "router-devtools-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.6"
},
{
"status": "affected",
"version": "1.167.9"
}
]
},
{
"product": "router-generator",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.45"
},
{
"status": "affected",
"version": "1.166.48"
}
]
},
{
"product": "router-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.38"
},
{
"status": "affected",
"version": "1.167.41"
}
]
},
{
"product": "router-ssr-query-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.168.3"
},
{
"status": "affected",
"version": "1.168.6"
}
]
},
{
"product": "router-utils",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.11"
},
{
"status": "affected",
"version": "1.161.14"
}
]
},
{
"product": "outer-vite-plugin",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.53"
},
{
"status": "affected",
"version": "1.166.56"
}
]
},
{
"product": "solid-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "solid-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "solid-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "solid-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.65"
},
{
"status": "affected",
"version": "1.167.68"
}
]
},
{
"product": "solid-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.50"
},
{
"status": "affected",
"version": "1.166.53"
}
]
},
{
"product": "solid-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.54"
},
{
"status": "affected",
"version": "1.166.57"
}
]
},
{
"product": "start-client-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.168.5"
},
{
"status": "affected",
"version": "1.168.8"
}
]
},
{
"product": "start-fn-stubs",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.9"
},
{
"status": "affected",
"version": "1.161.12"
}
]
},
{
"product": "start-plugin-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.23"
},
{
"status": "affected",
"version": "1.169.26"
}
]
},
{
"product": "start-server-core",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.33"
},
{
"status": "affected",
"version": "1.167.36"
}
]
},
{
"product": "start-static-server-functions",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.44"
},
{
"status": "affected",
"version": "1.166.47"
}
]
},
{
"product": "start-storage-context",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.38"
},
{
"status": "affected",
"version": "1.166.41"
}
]
},
{
"product": "valibot-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
},
{
"product": "virtual-file-routes",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.161.10"
},
{
"status": "affected",
"version": "1.161.13"
}
]
},
{
"product": "vue-router",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.169.5"
},
{
"status": "affected",
"version": "1.169.8"
}
]
},
{
"product": "vue-router-devtools",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.16"
},
{
"status": "affected",
"version": "1.166.19"
}
]
},
{
"product": "vue-router-ssr-query",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.15"
},
{
"status": "affected",
"version": "1.166.18"
}
]
},
{
"product": "vue-start",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.167.61"
},
{
"status": "affected",
"version": "1.167.64"
}
]
},
{
"product": "vue-start-client",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.46"
},
{
"status": "affected",
"version": "1.166.49"
}
]
},
{
"product": "vue-start-server",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.50"
},
{
"status": "affected",
"version": "1.166.53"
}
]
},
{
"product": "zod-adapter",
"vendor": "@tanstack",
"versions": [
{
"status": "affected",
"version": "1.166.12"
},
{
"status": "affected",
"version": "1.166.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes \u2014 a pull_request_target \"Pwn Request\" misconfiguration, GitHub Actions cache poisoning across the fork\u2194base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process \u2014 to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-506",
"description": "CWE-506: Embedded Malicious Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T15:16:17.354Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TanStack/router/security/advisories/GHSA-g7cv-rxg3-hmpx"
},
{
"name": "https://github.com/TanStack/router/issues/7383",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TanStack/router/issues/7383"
},
{
"name": "https://tanstack.com/blog/npm-supply-chain-compromise-postmortem",
"tags": [
"x_refsource_MISC"
],
"url": "https://tanstack.com/blog/npm-supply-chain-compromise-postmortem"
},
{
"name": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.stepsecurity.io/blog/mini-shai-hulud-is-back-a-self-spreading-supply-chain-attack-hits-the-npm-ecosystem"
}
],
"source": {
"advisory": "GHSA-g7cv-rxg3-hmpx",
"discovery": "UNKNOWN"
},
"title": "Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45321",
"datePublished": "2026-05-12T00:12:35.452Z",
"dateReserved": "2026-05-11T20:50:30.539Z",
"dateUpdated": "2026-05-28T03:55:26.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41491 (GCVE-0-2026-41491)
Vulnerability from cvelistv5 – Published: 2026-05-08 13:11 – Updated: 2026-05-08 13:58
VLAI
Title
Dapr: Service Invocation path traversal ACL bypass
Summary
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path while the target application received a different one. This issue has been patched in versions 1.15.14, 1.16.14, and 1.17.5.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/dapr/dapr/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/dapr/dapr/pull/9589 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T13:58:49.341365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:58:57.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dapr",
"vendor": "dapr",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.15.14"
},
{
"status": "affected",
"version": "\u003e= 1.16.0-rc.1, \u003c 1.16.14"
},
{
"status": "affected",
"version": "\u003e= 1.17.0-rc.1, \u003c 1.17.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path while the target application received a different one. This issue has been patched in versions 1.15.14, 1.16.14, and 1.17.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:11:13.128Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dapr/dapr/security/advisories/GHSA-85gx-3qv6-4463",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dapr/dapr/security/advisories/GHSA-85gx-3qv6-4463"
},
{
"name": "https://github.com/dapr/dapr/pull/9589",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dapr/dapr/pull/9589"
}
],
"source": {
"advisory": "GHSA-85gx-3qv6-4463",
"discovery": "UNKNOWN"
},
"title": "Dapr: Service Invocation path traversal ACL bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41491",
"datePublished": "2026-05-08T13:11:13.128Z",
"dateReserved": "2026-04-20T16:14:19.008Z",
"dateUpdated": "2026-05-08T13:58:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}