CVE-2026-24402 (GCVE-0-2026-24402)

Vulnerability from cvelistv5 – Published: – Updated: 2026-01-24 00:27
VLAI?

GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE CNA rules](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment): > 4.2.6 CNAs SHOULD assign different CVE IDs to separate Vulnerabilities, as determined using the guidance in [4.1](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-1_Vulnerability_Determination). > 4.2.11 CNAs SHOULD assign different CVE IDs to different, Independently Fixable Vulnerabilities. You can move forward in one of two ways: - If you agree that this Security Advisory concerns more than one independently fixable vulnerability, split each vulnerability into its own advisory and request one CVE for each vulnerability. - If you do not agree that these vulnerabilities are independently fixable, resubmit the CVE request with a section clarifying how they are dependent and should have the same CVE. Thank you for making the open source ecosystem more secure by fixing and responsibly disclosing these vulnerabilities.

Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2026-01-24T00:27:07.708Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability.\r\n\r\nAccording to [rule 4.2.11 of the CVE CNA rules](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment):\r\n\r\n\u003e 4.2.6 CNAs SHOULD assign different CVE IDs to separate Vulnerabilities, as determined using the guidance in [4.1](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-1_Vulnerability_Determination).\r\n\r\n\u003e 4.2.11 CNAs SHOULD assign different CVE IDs to different, Independently Fixable Vulnerabilities.\r\n\r\nYou can move forward in one of two ways:\r\n\r\n- If you agree that this Security Advisory concerns more than one independently fixable vulnerability, split each vulnerability into its own advisory and request one CVE for each vulnerability.\r\n- If you do not agree that these vulnerabilities are independently fixable, resubmit the CVE request with a section clarifying how they are dependent and should have the same CVE.\r\n\r\nThank you for making the open source ecosystem more secure by fixing and responsibly disclosing these vulnerabilities."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24402",
    "dateRejected": "2026-01-24T00:27:07.708Z",
    "dateReserved": "2026-01-22T18:19:49.172Z",
    "dateUpdated": "2026-01-24T00:27:07.708Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-24402\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-24T01:15:50.543\",\"lastModified\":\"2026-01-24T01:15:50.543\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability.\\r\\n\\r\\nAccording to [rule 4.2.11 of the CVE CNA rules](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-2_CVE_ID_Assignment):\\r\\n\\r\\n\u003e 4.2.6 CNAs SHOULD assign different CVE IDs to separate Vulnerabilities, as determined using the guidance in [4.1](https://www.cve.org/ResourcesSupport/AllResources/CNARules#section_4-1_Vulnerability_Determination).\\r\\n\\r\\n\u003e 4.2.11 CNAs SHOULD assign different CVE IDs to different, Independently Fixable Vulnerabilities.\\r\\n\\r\\nYou can move forward in one of two ways:\\r\\n\\r\\n- If you agree that this Security Advisory concerns more than one independently fixable vulnerability, split each vulnerability into its own advisory and request one CVE for each vulnerability.\\r\\n- If you do not agree that these vulnerabilities are independently fixable, resubmit the CVE request with a section clarifying how they are dependent and should have the same CVE.\\r\\n\\r\\nThank you for making the open source ecosystem more secure by fixing and responsibly disclosing these vulnerabilities.\"}],\"metrics\":{},\"references\":[]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.