Search criteria
553 vulnerabilities by linuxfoundation
CVE-2026-41491 (GCVE-0-2026-41491)
Vulnerability from cvelistv5 – Published: 2026-05-08 13:11 – Updated: 2026-05-08 13:58
VLAI?
Title
Dapr: Service Invocation path traversal ACL bypass
Summary
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path while the target application received a different one. This issue has been patched in versions 1.15.14, 1.16.14, and 1.17.5.
Severity ?
8.1 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/dapr/dapr/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/dapr/dapr/pull/9589 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T13:58:49.341365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:58:57.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dapr",
"vendor": "dapr",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.15.14"
},
{
"status": "affected",
"version": "\u003e= 1.16.0-rc.1, \u003c 1.16.14"
},
{
"status": "affected",
"version": "\u003e= 1.17.0-rc.1, \u003c 1.17.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path while the target application received a different one. This issue has been patched in versions 1.15.14, 1.16.14, and 1.17.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:11:13.128Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dapr/dapr/security/advisories/GHSA-85gx-3qv6-4463",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dapr/dapr/security/advisories/GHSA-85gx-3qv6-4463"
},
{
"name": "https://github.com/dapr/dapr/pull/9589",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dapr/dapr/pull/9589"
}
],
"source": {
"advisory": "GHSA-85gx-3qv6-4463",
"discovery": "UNKNOWN"
},
"title": "Dapr: Service Invocation path traversal ACL bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41491",
"datePublished": "2026-05-08T13:11:13.128Z",
"dateReserved": "2026-04-20T16:14:19.008Z",
"dateUpdated": "2026-05-08T13:58:57.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-37525 (GCVE-0-2026-37525)
Vulnerability from cvelistv5 – Published: 2026-05-01 00:00 – Updated: 2026-05-01 19:45
VLAI?
Summary
AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials by calling afb_context_change_cred(&xreq->context, NULL) before dispatching an attacker-controlled API call via xapi->itf->call(xapi->closure, xreq). The NULL propagation chain through afb-context.c:110 (context->credentials = afb_cred_addref(NULL)) and afb-cred.c:163 (returns NULL when cred is NULL) confirms that credentials are zeroed before the target API executes. The attacker controls both api and verb parameters via JSON input, allowing execution of any registered API with a NULL credential context. APIs that rely on context->credentials for authorization decisions may fail open when receiving NULL credentials, enabling privilege escalation. This vulnerability was introduced in commit abbb4599f0b921c6f434b6bd02bcfb277eecf745 on 2018-02-14.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-37525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T19:35:21.065832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T19:45:35.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitly nullifies the request credentials by calling afb_context_change_cred(\u0026xreq-\u003econtext, NULL) before dispatching an attacker-controlled API call via xapi-\u003eitf-\u003ecall(xapi-\u003eclosure, xreq). The NULL propagation chain through afb-context.c:110 (context-\u003ecredentials = afb_cred_addref(NULL)) and afb-cred.c:163 (returns NULL when cred is NULL) confirms that credentials are zeroed before the target API executes. The attacker controls both api and verb parameters via JSON input, allowing execution of any registered API with a NULL credential context. APIs that rely on context-\u003ecredentials for authorization decisions may fail open when receiving NULL credentials, enabling privilege escalation. This vulnerability was introduced in commit abbb4599f0b921c6f434b6bd02bcfb277eecf745 on 2018-02-14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:14:35.776Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gerrit.automotivelinux.org/gerrit/src/app-framework-binder"
},
{
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-37525",
"datePublished": "2026-05-01T00:00:00.000Z",
"dateReserved": "2026-04-06T00:00:00.000Z",
"dateUpdated": "2026-05-01T19:45:35.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-37531 (GCVE-0-2026-37531)
Vulnerability from cvelistv5 – Published: 2026-05-01 00:00 – Updated: 2026-05-01 19:45
VLAI?
Summary
AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal sequences it only blocks absolute paths. The zread extraction function uses openat(workdirfd, filename, O_CREAT) which resolves dot notation values relative to the work directory, allowing files to be written anywhere on the filesystem. Critically, in function install_widget in file wgtpkg-install.c, extraction via zread occurs BEFORE signature verification via check_all_signatures. Even if signature verification fails, the error cleanup (remove_workdir) only deletes the temporary work directory files written outside via path traversal persist permanently.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-37531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T19:34:07.709953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T19:45:23.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal sequences it only blocks absolute paths. The zread extraction function uses openat(workdirfd, filename, O_CREAT) which resolves dot notation values relative to the work directory, allowing files to be written anywhere on the filesystem. Critically, in function install_widget in file wgtpkg-install.c, extraction via zread occurs BEFORE signature verification via check_all_signatures. Even if signature verification fails, the error cleanup (remove_workdir) only deletes the temporary work directory files written outside via path traversal persist permanently."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:28:33.371Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gerrit.automotivelinux.org/gerrit/src/app-framework-main"
},
{
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-37531",
"datePublished": "2026-05-01T00:00:00.000Z",
"dateReserved": "2026-04-06T00:00:00.000Z",
"dateUpdated": "2026-05-01T19:45:23.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-37532 (GCVE-0-2026-37532)
Vulnerability from cvelistv5 – Published: 2026-05-01 00:00 – Updated: 2026-05-01 19:45
VLAI?
Summary
AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer.
Severity ?
7.1 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-37532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T19:33:10.186601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T19:45:17.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, \u0026data[1], payload_length) reads up to 8 bytes past the end of the data buffer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:L/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:29:06.245Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-level"
},
{
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-37532",
"datePublished": "2026-05-01T00:00:00.000Z",
"dateReserved": "2026-04-06T00:00:00.000Z",
"dateUpdated": "2026-05-01T19:45:17.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-37526 (GCVE-0-2026-37526)
Vulnerability from cvelistv5 – Published: 2026-05-01 00:00 – Updated: 2026-05-01 19:45
VLAI?
Summary
AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The on_supervision_call function in src/afb-supervision.c dispatches all 8 commands without any credential verification. The abstract socket has no DAC protection, as acknowledged in the official CAUTION comment in src/afs-supervision.h. This allows a low-privileged local process to kill the daemon (DoS via Exit command), execute arbitrary API calls (via Do command), close arbitrary user sessions (via Sclose command), or leak the entire global configuration (via Config command). The vulnerability was introduced in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29.
Severity ?
7.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T19:34:46.933336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T19:45:29.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The on_supervision_call function in src/afb-supervision.c dispatches all 8 commands without any credential verification. The abstract socket has no DAC protection, as acknowledged in the official CAUTION comment in src/afs-supervision.h. This allows a low-privileged local process to kill the daemon (DoS via Exit command), execute arbitrary API calls (via Do command), close arbitrary user sessions (via Sclose command), or leak the entire global configuration (via Config command). The vulnerability was introduced in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T16:15:27.603Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gerrit.automotivelinux.org/gerrit/src/app-framework-binder"
},
{
"url": "https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-37526",
"datePublished": "2026-05-01T00:00:00.000Z",
"dateReserved": "2026-04-06T00:00:00.000Z",
"dateUpdated": "2026-05-01T19:45:29.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40923 (GCVE-0-2026-40923)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:50 – Updated: 2026-04-22 13:51
VLAI?
Title
Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. This vulnerability is fixed in 1.11.1.
Severity ?
5.4 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T13:50:48.955785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:51:13.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tekton/ internal paths by using .. path traversal components. The restriction check uses strings.HasPrefix without filepath.Clean, so a path like /tekton/home/../results passes validation but resolves to /tekton/results at runtime. This vulnerability is fixed in 1.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:50:53.742Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rx35-6rhx-7858",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rx35-6rhx-7858"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-rx35-6rhx-7858",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40923",
"datePublished": "2026-04-21T20:50:53.742Z",
"dateReserved": "2026-04-15T20:40:15.517Z",
"dateUpdated": "2026-04-22T13:51:13.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40924 (GCVE-0-2026-40924)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:47 – Updated: 2026-04-22 13:21
VLAI?
Title
Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. This vulnerability is fixed in 1.11.1.
Severity ?
6.5 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40924",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T13:21:18.942819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T13:21:28.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver\u0027s FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response body within the 1-minute timeout window, causing the tekton-pipelines-resolvers pod to be OOM-killed by Kubernetes. Because all resolver types (Git, Hub, Bundle, Cluster, HTTP) run in the same pod, crashing this pod denies resolution service to the entire cluster. Repeated exploitation causes a sustained crash loop. The same vulnerable code path is reached by both the deprecated pkg/resolution/resolver/http and the current pkg/remoteresolution/resolver/http implementations. This vulnerability is fixed in 1.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:47:47.178Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-m2cx-gpqf-qf74"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-m2cx-gpqf-qf74",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40924",
"datePublished": "2026-04-21T20:47:47.178Z",
"dateReserved": "2026-04-15T20:40:15.517Z",
"dateUpdated": "2026-04-22T13:21:28.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40938 (GCVE-0-2026-40938)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:45 – Updated: 2026-04-22 18:36
VLAI?
Title
Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=<binary>. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1.
Severity ?
7.5 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40938",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-22T18:31:54.871943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T18:36:16.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver\u0027s revision parameter is passed directly as a positional argument to git fetch without any validation that it does not begin with a - character. Because git parses flags from mixed positional arguments, an attacker can inject arbitrary git fetch flags such as --upload-pack=\u003cbinary\u003e. Combined with the validateRepoURL function explicitly permitting URLs that begin with / (local filesystem paths), a tenant who can submit ResolutionRequest objects can chain these two behaviors to execute an arbitrary binary on the resolver pod. The tekton-pipelines-resolvers ServiceAccount holds cluster-wide get/list/watch on all Secrets, so code execution on the resolver pod enables full cluster-wide secret exfiltration. This vulnerability is fixed in 1.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:45:24.658Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-94jr-7pqp-xhcq"
},
{
"name": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/releases/tag/v1.11.1"
}
],
"source": {
"advisory": "GHSA-94jr-7pqp-xhcq",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40938",
"datePublished": "2026-04-21T20:45:24.658Z",
"dateReserved": "2026-04-15T20:40:15.518Z",
"dateUpdated": "2026-04-22T18:36:16.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40161 (GCVE-0-2026-40161)
Vulnerability from cvelistv5 – Published: 2026-04-21 16:26 – Updated: 2026-04-21 17:41
VLAI?
Title
Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint.
Severity ?
7.7 (High)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/issues/9608 | x_refsource_MISC |
| https://github.com/tektoncd/pipeline/issues/9609 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T17:41:32.164689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T17:41:38.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c= 1.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a user-controlled serverURL when the user omits the token parameter. A tenant with TaskRun or PipelineRun create permission can exfiltrate the shared API token (GitHub PAT, GitLab token, etc.) by pointing serverURL to an attacker-controlled endpoint."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:26:27.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-wjxp-xrpv-xpff"
},
{
"name": "https://github.com/tektoncd/pipeline/issues/9608",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/issues/9608"
},
{
"name": "https://github.com/tektoncd/pipeline/issues/9609",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/issues/9609"
}
],
"source": {
"advisory": "GHSA-wjxp-xrpv-xpff",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40161",
"datePublished": "2026-04-21T16:26:27.381Z",
"dateReserved": "2026-04-09T19:31:56.014Z",
"dateUpdated": "2026-04-21T17:41:38.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25542 (GCVE-0-2026-25542)
Vulnerability from cvelistv5 – Published: 2026-04-21 16:05 – Updated: 2026-04-21 16:48
VLAI?
Title
Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching
Summary
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43.0 to 1.11.0, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply.
Severity ?
6.5 (Medium)
CWE
- CWE-185 - Incorrect Regular Expression
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/tektoncd/pipeline/security/adv… | x_refsource_CONFIRM |
| https://github.com/tektoncd/pipeline/commit/b8905… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T16:48:04.873157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:48:15.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pipeline",
"vendor": "tektoncd",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.43.0, \u003c= 1.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43.0 to 1.11.0, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-185",
"description": "CWE-185: Incorrect Regular Expression",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T16:05:43.217Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-rmx9-2pp3-xhcr"
},
{
"name": "https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tektoncd/pipeline/commit/b8905600322aa86327baae0a7c04d6cf1207362a"
}
],
"source": {
"advisory": "GHSA-rmx9-2pp3-xhcr",
"discovery": "UNKNOWN"
},
"title": "Tekton Pipelines: VerificationPolicy regex pattern bypass via substring matching"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25542",
"datePublished": "2026-04-21T16:05:43.217Z",
"dateReserved": "2026-02-02T19:59:47.375Z",
"dateUpdated": "2026-04-21T16:48:15.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32613 (GCVE-0-2026-32613)
Vulnerability from cvelistv5 – Published: 2026-04-20 20:07 – Updated: 2026-04-23 16:30
VLAI?
Title
Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling
Summary
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT restricting that context to a set of trusted classes, but allowing FULL JVM access. This enabled a user to use arbitrary java classes which allow deep access to the system. This enabled the ability to invoke commands, access files, etc. Versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain a patch. As a workaround, disable echo entirely.
Severity ?
10 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/spinnaker/spinnaker/security/a… | x_refsource_CONFIRM |
| https://github.com/spinnaker/spinnaker/releases/t… | x_refsource_MISC |
| https://github.com/spinnaker/spinnaker/releases/t… | x_refsource_MISC |
| https://github.com/spinnaker/spinnaker/releases/t… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T03:56:18.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-23T16:30:05.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://zeropath.com/blog/spinnaker-rce-production-compromise"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "spinnaker",
"vendor": "spinnaker",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.0.1"
},
{
"status": "affected",
"version": "\u003c 2025.4.2"
},
{
"status": "affected",
"version": "\u003c 2025.3.2"
},
{
"status": "affected",
"version": "\u003c 2026.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT restricting that context to a set of trusted classes, but allowing FULL JVM access. This enabled a user to use arbitrary java classes which allow deep access to the system. This enabled the ability to invoke commands, access files, etc. Versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain a patch. As a workaround, disable echo entirely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T20:08:54.702Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-69rw-45wj-g4v6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-69rw-45wj-g4v6"
},
{
"name": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2"
},
{
"name": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2"
},
{
"name": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1"
}
],
"source": {
"advisory": "GHSA-69rw-45wj-g4v6",
"discovery": "UNKNOWN"
},
"title": "Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32613",
"datePublished": "2026-04-20T20:07:24.697Z",
"dateReserved": "2026-03-12T14:54:24.271Z",
"dateUpdated": "2026-04-23T16:30:05.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-32604 (GCVE-0-2026-32604)
Vulnerability from cvelistv5 – Published: 2026-04-20 20:00 – Updated: 2026-04-23 16:28
VLAI?
Title
Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Summary
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain a patch. As a workaround, disable the gitrepo artifact types.
Severity ?
10 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/spinnaker/spinnaker/security/a… | x_refsource_CONFIRM |
| https://github.com/spinnaker/spinnaker/releases/t… | x_refsource_MISC |
| https://github.com/spinnaker/spinnaker/releases/t… | x_refsource_MISC |
| https://github.com/spinnaker/spinnaker/releases/t… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T03:56:17.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-23T16:28:39.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://zeropath.com/blog/spinnaker-rce-production-compromise"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "spinnaker",
"vendor": "spinnaker",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.0.1"
},
{
"status": "affected",
"version": "\u003c 2025.4.2"
},
{
"status": "affected",
"version": "\u003c 2025.3.2"
},
{
"status": "affected",
"version": "\u003c 2026.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain a patch. As a workaround, disable the gitrepo artifact types."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T20:07:31.157Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-x3j7-7pgj-h87r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/spinnaker/spinnaker/security/advisories/GHSA-x3j7-7pgj-h87r"
},
{
"name": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.3.2"
},
{
"name": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2025.4.2"
},
{
"name": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spinnaker/spinnaker/releases/tag/spinnaker-release-2026.0.1"
}
],
"source": {
"advisory": "GHSA-x3j7-7pgj-h87r",
"discovery": "UNKNOWN"
},
"title": "Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32604",
"datePublished": "2026-04-20T20:00:57.517Z",
"dateReserved": "2026-03-12T14:54:24.270Z",
"dateUpdated": "2026-04-23T16:28:39.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-39984 (GCVE-0-2026-39984)
Vulnerability from cvelistv5 – Published: 2026-04-14 23:41 – Updated: 2026-04-16 14:00
VLAI?
Title
Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Summary
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint checks in VerifyLeafCert uses the first non-CA certificate from the PKCS#7 certificate bag instead of the leaf certificate from the verified chain. An attacker can exploit this by prepending a forged certificate to the certificate bag while the message is signed with an authorized key, causing the library to validate the signature against one certificate but perform authorization checks against another. This vulnerability only affects users of the timestamp-authority/v2/pkg/verification package and does not affect the timestamp-authority service itself or sigstore-go. The issue has been fixed in version 2.0.6.
Severity ?
5.5 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/sigstore/timestamp-authority/s… | x_refsource_CONFIRM |
| https://github.com/sigstore/timestamp-authority/r… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sigstore | timestamp-authority |
Affected:
< 2.0.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T14:00:42.548200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T14:00:55.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "timestamp-authority",
"vendor": "sigstore",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint checks in VerifyLeafCert uses the first non-CA certificate from the PKCS#7 certificate bag instead of the leaf certificate from the verified chain. An attacker can exploit this by prepending a forged certificate to the certificate bag while the message is signed with an authorized key, causing the library to validate the signature against one certificate but perform authorization checks against another. This vulnerability only affects users of the timestamp-authority/v2/pkg/verification package and does not affect the timestamp-authority service itself or sigstore-go. The issue has been fixed in version 2.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T23:41:47.909Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-xm5m-wgh2-rrg3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-xm5m-wgh2-rrg3"
},
{
"name": "https://github.com/sigstore/timestamp-authority/releases/tag/v2.0.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sigstore/timestamp-authority/releases/tag/v2.0.6"
}
],
"source": {
"advisory": "GHSA-xm5m-wgh2-rrg3",
"discovery": "UNKNOWN"
},
"title": "Sigstore Timestamp Authority has Improper Certificate Validation in verifier"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39984",
"datePublished": "2026-04-14T23:41:47.909Z",
"dateReserved": "2026-04-08T00:01:47.628Z",
"dateUpdated": "2026-04-16T14:00:55.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34045 (GCVE-0-2026-34045)
Vulnerability from cvelistv5 – Published: 2026-04-07 20:52 – Updated: 2026-04-08 15:44
VLAI?
Title
Podman Desktop WebView Server Exposed
Summary
Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2.
Severity ?
8.2 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/podman-desktop/podman-desktop/… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| podman-desktop | podman-desktop |
Affected:
< 1.26.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34045",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:44:06.218575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T15:44:10.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-2q88-39rh-gxvv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "podman-desktop",
"vendor": "podman-desktop",
"versions": [
{
"status": "affected",
"version": "\u003c 1.26.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T20:52:32.438Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-2q88-39rh-gxvv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/podman-desktop/podman-desktop/security/advisories/GHSA-2q88-39rh-gxvv"
}
],
"source": {
"advisory": "GHSA-2q88-39rh-gxvv",
"discovery": "UNKNOWN"
},
"title": "Podman Desktop WebView Server Exposed"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34045",
"datePublished": "2026-04-07T20:52:32.438Z",
"dateReserved": "2026-03-25T15:29:04.745Z",
"dateUpdated": "2026-04-08T15:44:10.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35171 (GCVE-0-2026-35171)
Vulnerability from cvelistv5 – Published: 2026-04-06 17:45 – Updated: 2026-04-07 15:10
VLAI?
Title
Arbitrary Code Execution via Malicious Logging Configuration in Kedro
Summary
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema supports the special () key, which enables arbitrary callable instantiation. An attacker can exploit this to execute arbitrary system commands during application startup. This is a critical remote code execution (RCE) vulnerability caused by unsafe use of logging.config.dictConfig() with user-controlled input. This vulnerability is fixed in 1.3.0.
Severity ?
9.8 (Critical)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/kedro-org/kedro/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T15:07:48.767240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:10:37.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kedro",
"vendor": "kedro-org",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDRO_LOGGING_CONFIG environment variable and loads it without validation. The logging configuration schema supports the special () key, which enables arbitrary callable instantiation. An attacker can exploit this to execute arbitrary system commands during application startup. This is a critical remote code execution (RCE) vulnerability caused by unsafe use of logging.config.dictConfig() with user-controlled input. This vulnerability is fixed in 1.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T17:45:45.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kedro-org/kedro/security/advisories/GHSA-9cqf-439c-j96r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kedro-org/kedro/security/advisories/GHSA-9cqf-439c-j96r"
}
],
"source": {
"advisory": "GHSA-9cqf-439c-j96r",
"discovery": "UNKNOWN"
},
"title": "Arbitrary Code Execution via Malicious Logging Configuration in Kedro"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35171",
"datePublished": "2026-04-06T17:45:45.664Z",
"dateReserved": "2026-04-01T17:26:21.133Z",
"dateUpdated": "2026-04-07T15:10:37.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35167 (GCVE-0-2026-35167)
Vulnerability from cvelistv5 – Published: 2026-04-06 17:43 – Updated: 2026-04-07 14:36
VLAI?
Title
Kedro has a path traversal in versioned dataset loading via unsanitized version string
Summary
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.
This is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0.
Severity ?
7.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kedro-org/kedro/security/advis… | x_refsource_CONFIRM |
| https://github.com/kedro-org/kedro/pull/5442 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:36:23.631547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:36:34.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kedro",
"vendor": "kedro-org",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned dataset directory.\nThis is reachable through multiple entry points: catalog.load(..., version=...), DataCatalog.from_config(..., load_versions=...), and the CLI via kedro run --load-versions=dataset:../../../secrets. An attacker who can influence the version string can force Kedro to load files from outside the intended version directory, enabling unauthorized file reads, data poisoning, or cross-tenant data access in shared environments. This vulnerability is fixed in 1.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T17:43:21.922Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kedro-org/kedro/security/advisories/GHSA-6326-w46w-ppjw"
},
{
"name": "https://github.com/kedro-org/kedro/pull/5442",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kedro-org/kedro/pull/5442"
}
],
"source": {
"advisory": "GHSA-6326-w46w-ppjw",
"discovery": "UNKNOWN"
},
"title": "Kedro has a path traversal in versioned dataset loading via unsanitized version string"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35167",
"datePublished": "2026-04-06T17:43:21.922Z",
"dateReserved": "2026-04-01T17:26:21.133Z",
"dateUpdated": "2026-04-07T14:36:34.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34992 (GCVE-0-2026-34992)
Vulnerability from cvelistv5 – Published: 2026-04-06 16:31 – Updated: 2026-04-07 14:10
VLAI?
Title
Missing Encryption of Sensitive Data in antrea.io/antrea
Summary
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode: ipsec), Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload), traffic using IPv6 is transmitted in plaintext. This occurs because the packets are encapsulated (using Geneve or VXLAN) but bypass the IPsec encryption layer. Impacted Users: users with dual-stack clusters and IPsec encryption enabled. Single-stack IPv4 or IPv6 clusters are not affected. This vulnerability is fixed in 2.4.5 and 2.5.2.
Severity ?
CWE
- CWE-311 - Missing Encryption of Sensitive Data
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/antrea-io/antrea/security/advi… | x_refsource_CONFIRM |
| https://github.com/antrea-io/antrea/pull/7757 | x_refsource_MISC |
| https://github.com/antrea-io/antrea/pull/7759 | x_refsource_MISC |
| https://github.com/antrea-io/antrea/commit/738bad… | x_refsource_MISC |
| https://github.com/antrea-io/antrea/blob/main/doc… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T14:10:43.927210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:10:53.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "antrea",
"vendor": "antrea-io",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.5"
},
{
"status": "affected",
"version": "\u003e= 2.5.0, \u003c 2.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode: ipsec), Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload), traffic using IPv6 is transmitted in plaintext. This occurs because the packets are encapsulated (using Geneve or VXLAN) but bypass the IPsec encryption layer. Impacted Users: users with dual-stack clusters and IPsec encryption enabled. Single-stack IPv4 or IPv6 clusters are not affected. This vulnerability is fixed in 2.4.5 and 2.5.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-311",
"description": "CWE-311: Missing Encryption of Sensitive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:31:39.224Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/antrea-io/antrea/security/advisories/GHSA-qcmw-8mm4-4p28",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/antrea-io/antrea/security/advisories/GHSA-qcmw-8mm4-4p28"
},
{
"name": "https://github.com/antrea-io/antrea/pull/7757",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antrea-io/antrea/pull/7757"
},
{
"name": "https://github.com/antrea-io/antrea/pull/7759",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antrea-io/antrea/pull/7759"
},
{
"name": "https://github.com/antrea-io/antrea/commit/738bad662b20a5d358d19466936176ef580a9b07",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antrea-io/antrea/commit/738bad662b20a5d358d19466936176ef580a9b07"
},
{
"name": "https://github.com/antrea-io/antrea/blob/main/docs/traffic-encryption.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antrea-io/antrea/blob/main/docs/traffic-encryption.md"
}
],
"source": {
"advisory": "GHSA-qcmw-8mm4-4p28",
"discovery": "UNKNOWN"
},
"title": "Missing Encryption of Sensitive Data in antrea.io/antrea"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34992",
"datePublished": "2026-04-06T16:31:39.224Z",
"dateReserved": "2026-03-31T19:38:31.618Z",
"dateUpdated": "2026-04-07T14:10:53.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34447 (GCVE-0-2026-34447)
Vulnerability from cvelistv5 – Published: 2026-04-01 17:39 – Updated: 2026-04-01 19:14
VLAI?
Title
ONNX: External Data Symlink Traversal
Summary
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0.
Severity ?
5.5 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/onnx/onnx/security/advisories/… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34447",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T19:14:28.777731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:14:38.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "onnx",
"vendor": "onnx",
"versions": [
{
"status": "affected",
"version": "\u003c 1.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:39:38.129Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/onnx/onnx/security/advisories/GHSA-p433-9wv8-28xj"
}
],
"source": {
"advisory": "GHSA-p433-9wv8-28xj",
"discovery": "UNKNOWN"
},
"title": "ONNX: External Data Symlink Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34447",
"datePublished": "2026-04-01T17:39:38.129Z",
"dateReserved": "2026-03-27T18:18:14.894Z",
"dateUpdated": "2026-04-01T19:14:38.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34446 (GCVE-0-2026-34446)
Vulnerability from cvelistv5 – Published: 2026-04-01 17:37 – Updated: 2026-04-02 14:10
VLAI?
Title
ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load
Summary
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0.
Severity ?
4.7 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/onnx/onnx/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/onnx/onnx/commit/4755f8053928d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T14:10:29.172559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T14:10:36.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "onnx",
"vendor": "onnx",
"versions": [
{
"status": "affected",
"version": "\u003c 1.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, there is an issue in onnx.load, the code checks for symlinks to prevent path traversal, but completely misses hardlinks because a hardlink looks exactly like a regular file on the filesystem. This issue has been patched in version 1.21.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:37:54.737Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/onnx/onnx/security/advisories/GHSA-cmw6-hcpp-c6jp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/onnx/onnx/security/advisories/GHSA-cmw6-hcpp-c6jp"
},
{
"name": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb"
}
],
"source": {
"advisory": "GHSA-cmw6-hcpp-c6jp",
"discovery": "UNKNOWN"
},
"title": "ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34446",
"datePublished": "2026-04-01T17:37:54.737Z",
"dateReserved": "2026-03-27T18:18:14.894Z",
"dateUpdated": "2026-04-02T14:10:36.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27489 (GCVE-0-2026-27489)
Vulnerability from cvelistv5 – Published: 2026-04-01 17:33 – Updated: 2026-04-01 19:09
VLAI?
Title
ONNX: Path Traversal via Symlink
Summary
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0.
Severity ?
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/onnx/onnx/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/onnx/onnx/commit/4755f8053928d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27489",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T19:08:27.206936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T19:09:18.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "onnx",
"vendor": "onnx",
"versions": [
{
"status": "affected",
"version": "\u003c 1.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:33:51.281Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73"
},
{
"name": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb"
}
],
"source": {
"advisory": "GHSA-3r9x-f23j-gc73",
"discovery": "UNKNOWN"
},
"title": "ONNX: Path Traversal via Symlink"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27489",
"datePublished": "2026-04-01T17:33:51.281Z",
"dateReserved": "2026-02-19T19:46:03.541Z",
"dateUpdated": "2026-04-01T19:09:18.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-34445 (GCVE-0-2026-34445)
Vulnerability from cvelistv5 – Published: 2026-04-01 17:30 – Updated: 2026-04-01 18:00
VLAI?
Title
ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Summary
Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn’t check if the "keys" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0.
Severity ?
8.6 (High)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/onnx/onnx/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/onnx/onnx/pull/7751 | x_refsource_MISC |
| https://github.com/onnx/onnx/commit/e30c6935d67cc… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T17:59:29.944812Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:00:14.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "onnx",
"vendor": "onnx",
"versions": [
{
"status": "affected",
"version": "\u003c 1.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python\u2019s setattr() function to load metadata (like file paths or data lengths) directly from an ONNX model file. It didn\u2019t check if the \"keys\" in the file were valid. Due to this, an attacker could craft a malicious model that overwrites internal object properties. This issue has been patched in version 1.21.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T17:30:19.994Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9"
},
{
"name": "https://github.com/onnx/onnx/pull/7751",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onnx/onnx/pull/7751"
},
{
"name": "https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/onnx/onnx/commit/e30c6935d67cc3eca2fa284e37248e7c0036c46b"
}
],
"source": {
"advisory": "GHSA-538c-55jv-c5g9",
"discovery": "UNKNOWN"
},
"title": "ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34445",
"datePublished": "2026-04-01T17:30:19.994Z",
"dateReserved": "2026-03-27T18:18:14.894Z",
"dateUpdated": "2026-04-01T18:00:14.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33701 (GCVE-0-2026-33701)
Vulnerability from cvelistv5 – Published: 2026-03-27 00:01 – Updated: 2026-03-27 13:52
VLAI?
Title
OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution
Summary
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution. All three of the following conditions must be true to exploit this vulnerability: First, OpenTelemetry Java instrumentation is attached as a Java agent (`-javaagent`) on Java 16 or earlier. Second, JMX/RMI port has been explicitly configured via `-Dcom.sun.management.jmxremote.port` and is network-reachable. Third, gadget-chain-compatible library is present on the classpath. This results in arbitrary remote code execution with the privileges of the user running the instrumented JVM. For JDK >= 17, no action is required, but upgrading is strongly encouraged. For JDK < 17, upgrade to version 2.26.1 or later. As a workaround, set the system property `-Dotel.instrumentation.rmi.enabled=false` to disable the RMI integration.
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/open-telemetry/opentelemetry-j… | x_refsource_CONFIRM |
| https://github.com/open-telemetry/opentelemetry-j… | x_refsource_MISC |
| https://github.com/open-telemetry/opentelemetry-j… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| open-telemetry | opentelemetry-java-instrumentation |
Affected:
< 2.26.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33701",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:26:02.475553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T13:52:22.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opentelemetry-java-instrumentation",
"vendor": "open-telemetry",
"versions": [
{
"status": "affected",
"version": "\u003c 2.26.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.26.1, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this to potentially achieve remote code execution.\u00a0All three of the following conditions must be true to exploit this vulnerability: First, OpenTelemetry Java instrumentation is attached as a Java agent (`-javaagent`) on Java 16 or earlier. Second, JMX/RMI port has been explicitly configured via `-Dcom.sun.management.jmxremote.port` and is network-reachable. Third, gadget-chain-compatible library is present on the classpath. This results in arbitrary remote code execution with the privileges of the user running the instrumented JVM. For JDK \u003e= 17, no action is required, but upgrading is strongly encouraged. For JDK \u003c 17, upgrade to version 2.26.1 or later. As a workaround, set the system property `-Dotel.instrumentation.rmi.enabled=false` to disable the RMI integration."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T00:01:12.327Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-xw7x-h9fj-p2c7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/security/advisories/GHSA-xw7x-h9fj-p2c7"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/commit/9cf4fbaaa9e79226142b2ed42a6f6b4ac0be2197",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/commit/9cf4fbaaa9e79226142b2ed42a6f6b4ac0be2197"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/tag/v2.26.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/tag/v2.26.1"
}
],
"source": {
"advisory": "GHSA-xw7x-h9fj-p2c7",
"discovery": "UNKNOWN"
},
"title": "OpenTelemetry: Unsafe Deserialization in RMI Instrumentation may Lead to Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33701",
"datePublished": "2026-03-27T00:01:12.327Z",
"dateReserved": "2026-03-23T17:06:05.746Z",
"dateUpdated": "2026-03-27T13:52:22.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33015 (GCVE-0-2026-33015)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:42 – Updated: 2026-03-26 17:35
VLAI?
Title
EVerest has RemoteStop Bypass via BCB Toggle Session Restart
Summary
EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass operational/billing/safety controls. Version 2026.02.0 contains a patch.
Severity ?
5.2 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/EVerest/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2026.02.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33015",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T17:35:04.423385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T17:35:07.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-pw9q-2287-cchc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.02.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV\u0027s BCB toggle, allowing session restart. This breaks the irreversibility of remote stop and can bypass operational/billing/safety controls. Version 2026.02.0 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:42:50.695Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-pw9q-2287-cchc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-pw9q-2287-cchc"
}
],
"source": {
"advisory": "GHSA-pw9q-2287-cchc",
"discovery": "UNKNOWN"
},
"title": "EVerest has RemoteStop Bypass via BCB Toggle Session Restart"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33015",
"datePublished": "2026-03-26T16:42:50.695Z",
"dateReserved": "2026-03-17T17:22:14.666Z",
"dateUpdated": "2026-03-26T17:35:07.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33014 (GCVE-0-2026-33014)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:40 – Updated: 2026-03-26 18:24
VLAI?
Title
EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop
Summary
EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back to true, defeating the `stop_transaction()` call condition on PowerOff events. As a result, the transaction can remain open even after a remote stop. Version 2026.02.0 contains a patch.
Severity ?
5.2 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/EVerest/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2026.02.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33014",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T17:48:02.431251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:24:11.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-43xm-5m3v-52hm"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.02.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back to true, defeating the `stop_transaction()` call condition on PowerOff events. As a result, the transaction can remain open even after a remote stop. Version 2026.02.0 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:42:26.062Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-43xm-5m3v-52hm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-43xm-5m3v-52hm"
}
],
"source": {
"advisory": "GHSA-43xm-5m3v-52hm",
"discovery": "UNKNOWN"
},
"title": "EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33014",
"datePublished": "2026-03-26T16:40:40.062Z",
"dateReserved": "2026-03-17T17:22:14.665Z",
"dateUpdated": "2026-03-26T18:24:11.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33009 (GCVE-0-2026-33009)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:39 – Updated: 2026-03-28 02:26
VLAI?
Title
EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio
Summary
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging` message and results in `Charger::shared_context` / `internal_context` accessed concurrently without lock. Version 2026.02.0 contains a patch.
Severity ?
8.2 (High)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/EVerest/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2026.02.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33009",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-28T02:25:42.838839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T02:26:05.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.02.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connector}/cmd/switch_three_phases_while_charging` message and results in `Charger::shared_context` / `internal_context` accessed concurrently without lock. Version 2026.02.0 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:39:30.268Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-33qh-fg6f-jjx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-33qh-fg6f-jjx5"
}
],
"source": {
"advisory": "GHSA-33qh-fg6f-jjx5",
"discovery": "UNKNOWN"
},
"title": "EVerest: MQTT Switch-Phases Command Data Race Causing Charger State Corruptio"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33009",
"datePublished": "2026-03-26T16:39:30.268Z",
"dateReserved": "2026-03-17T17:22:14.664Z",
"dateUpdated": "2026-03-28T02:26:05.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29044 (GCVE-0-2026-29044)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:37 – Updated: 2026-03-26 18:50
VLAI?
Title
EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted
Summary
EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls `Charger::deauthorize()`, but no actual stop (StopTransaction) occurs in the Charging state. As a result, authorization withdrawal can be defeated by timing, allowing charging to continue. Version 2026.02.0 contains a patch.
Severity ?
5 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/EVerest/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2026.02.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29044",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T18:49:53.120117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:50:00.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.02.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path ultimately calls `Charger::deauthorize()`, but no actual stop (StopTransaction) occurs in the Charging state. As a result, authorization withdrawal can be defeated by timing, allowing charging to continue. Version 2026.02.0 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:42:08.758Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-gx37-p775-qf5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-gx37-p775-qf5v"
}
],
"source": {
"advisory": "GHSA-gx37-p775-qf5v",
"discovery": "UNKNOWN"
},
"title": "EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29044",
"datePublished": "2026-03-26T16:37:33.230Z",
"dateReserved": "2026-03-03T17:50:11.243Z",
"dateUpdated": "2026-03-26T18:50:00.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27828 (GCVE-0-2026-27828)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:34 – Updated: 2026-03-27 14:43
VLAI?
Title
EVerest: ISO15118 session_setup use-after-free can crash EVSE process
Summary
EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/EVerest/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2026.02.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T14:43:31.476136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T14:43:59.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.02.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address). The EVSE process can be crashed remotely by an attacker with MQTT access who issues a session_setup command while v2g_ctx has been released. Version 2026.02.0 contains a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:41:54.931Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-5g3v-qc79-qqwr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-5g3v-qc79-qqwr"
}
],
"source": {
"advisory": "GHSA-5g3v-qc79-qqwr",
"discovery": "UNKNOWN"
},
"title": "EVerest: ISO15118 session_setup use-after-free can crash EVSE process"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27828",
"datePublished": "2026-03-26T16:34:23.623Z",
"dateReserved": "2026-02-24T02:32:39.800Z",
"dateUpdated": "2026-03-27T14:43:59.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27816 (GCVE-0-2026-27816)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:32 – Updated: 2026-03-26 18:24
VLAI?
Title
EVerest's ISO15118 update_energy_transfer_modes overflow can corrupt EVSE state
Summary
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/EVerest/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2026.02.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T17:48:28.483916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:24:18.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.02.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:33:57.619Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-gq54-j8f4-xj8c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-gq54-j8f4-xj8c"
}
],
"source": {
"advisory": "GHSA-gq54-j8f4-xj8c",
"discovery": "UNKNOWN"
},
"title": "EVerest\u0027s ISO15118 update_energy_transfer_modes overflow can corrupt EVSE state"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27816",
"datePublished": "2026-03-26T16:32:05.363Z",
"dateReserved": "2026-02-24T02:32:39.798Z",
"dateUpdated": "2026-03-26T18:24:18.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27815 (GCVE-0-2026-27815)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:30 – Updated: 2026-03-28 02:25
VLAI?
Title
EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state
Summary
EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/EVerest/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2026.02.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-28T02:24:51.876893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-28T02:25:02.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.02.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking. With schema validation disabled by default, oversized MQTT Cmd payloads can trigger out-of-bounds writes and corrupt adjacent EVSE state or crash the process. Version 2026.02.0 contains a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:31:34.779Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-7wmg-crc8-6xxf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-7wmg-crc8-6xxf"
}
],
"source": {
"advisory": "GHSA-7wmg-crc8-6xxf",
"discovery": "UNKNOWN"
},
"title": "EVerest: ISO15118 session_setup payment options overflow can corrupt EVSE state"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27815",
"datePublished": "2026-03-26T16:30:29.860Z",
"dateReserved": "2026-02-24T02:31:33.268Z",
"dateUpdated": "2026-03-28T02:25:02.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27814 (GCVE-0-2026-27814)
Vulnerability from cvelistv5 – Published: 2026-03-26 16:27 – Updated: 2026-03-26 18:50
VLAI?
Title
EVerest EvseManager phase-switch path has unsynchronized shared-state access race condition
Summary
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase switch request (`ac_switch_three_phases_while_charging`) during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch.
Severity ?
4.2 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/EVerest/EVerest/security/advis… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EVerest | everest-core |
Affected:
< 2026.02.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T18:50:27.710064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:50:34.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "everest-core",
"vendor": "EVerest",
"versions": [
{
"status": "affected",
"version": "\u003c 2026.02.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase \u2194 3-phase switch request (`ac_switch_three_phases_while_charging`) during charging/waiting executes concurrently with the state machine loop. Version 2026.02.0 contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T16:27:54.306Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/EVerest/EVerest/security/advisories/GHSA-5528-wc53-v557",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/EVerest/EVerest/security/advisories/GHSA-5528-wc53-v557"
}
],
"source": {
"advisory": "GHSA-5528-wc53-v557",
"discovery": "UNKNOWN"
},
"title": "EVerest EvseManager phase-switch path has unsynchronized shared-state access race condition"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27814",
"datePublished": "2026-03-26T16:27:54.306Z",
"dateReserved": "2026-02-24T02:31:33.268Z",
"dateUpdated": "2026-03-26T18:50:34.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}