Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25547 (GCVE-0-2026-25547)
Vulnerability from cvelistv5 – Published: 2026-02-04 21:51 – Updated: 2026-02-05 14:31
VLAI
EPSS
Title
Uncontrolled Resource Consumption in @isaacs/brace-expansion
Summary
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/isaacs/brace-expansion/securit… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| isaacs | brace-expansion |
Affected:
< 5.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:24:50.676205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:31:38.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "brace-expansion",
"vendor": "isaacs",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:51:17.198Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"source": {
"advisory": "GHSA-7h2j-956f-4vf2",
"discovery": "UNKNOWN"
},
"title": "Uncontrolled Resource Consumption in @isaacs/brace-expansion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25547",
"datePublished": "2026-02-04T21:51:17.198Z",
"dateReserved": "2026-02-02T19:59:47.376Z",
"dateUpdated": "2026-02-05T14:31:38.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-25547",
"date": "2026-06-15",
"epss": "0.00481",
"percentile": "0.37515"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25547\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-04T22:16:00.813\",\"lastModified\":\"2026-02-05T14:57:20.563\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25547\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-05T14:24:50.676205Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-05T14:24:51.376Z\"}}], \"cna\": {\"title\": \"Uncontrolled Resource Consumption in @isaacs/brace-expansion\", \"source\": {\"advisory\": \"GHSA-7h2j-956f-4vf2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"isaacs\", \"product\": \"brace-expansion\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.0.1\"}]}], \"references\": [{\"url\": \"https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2\", \"name\": \"https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333: Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-04T21:51:17.198Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25547\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-05T14:31:38.349Z\", \"dateReserved\": \"2026-02-02T19:59:47.376Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-04T21:51:17.198Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:2363-1
Vulnerability from csaf_suse - Published: 2026-06-11 06:54 - Updated: 2026-06-11 06:54Summary
Security update for cockpit
Severity
Important
Notes
Title of the patch: Security update for cockpit
Description of the patch: This update for cockpit fixes the following issues
- CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs
UI (bsc#1265040).
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and
may crash a Node.js process (bsc#1257838).
- CVE-2026-27606: rollup: Arbitrary File Write via Path Traversal in Rollup 4 (bsc#1258900).
- CVE-2026-27904: minimatch: nested *() extglobs can lead to regular expressions with exponential backtracking
complexity and a ReDoS (bsc#1259015).
Patchnames: SUSE-2026-2363,SUSE-SLE-Micro-5.5-2026-2363
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cockpit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cockpit fixes the following issues\n\n- CVE-2026-4802: remote command execution via unsanitized user-controlled parameters within crafted links in system logs\n UI (bsc#1265040).\n- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and\n may crash a Node.js process (bsc#1257838).\n- CVE-2026-27606: rollup: Arbitrary File Write via Path Traversal in Rollup 4 (bsc#1258900).\n- CVE-2026-27904: minimatch: nested *() extglobs can lead to regular expressions with exponential backtracking\n complexity and a ReDoS (bsc#1259015).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2363,SUSE-SLE-Micro-5.5-2026-2363",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2363-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2363-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262363-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2363-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047250.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257838",
"url": "https://bugzilla.suse.com/1257838"
},
{
"category": "self",
"summary": "SUSE Bug 1258900",
"url": "https://bugzilla.suse.com/1258900"
},
{
"category": "self",
"summary": "SUSE Bug 1259015",
"url": "https://bugzilla.suse.com/1259015"
},
{
"category": "self",
"summary": "SUSE Bug 1265040",
"url": "https://bugzilla.suse.com/1265040"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27904 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-4802 page",
"url": "https://www.suse.com/security/cve/CVE-2026-4802/"
}
],
"title": "Security update for cockpit",
"tracking": {
"current_release_date": "2026-06-11T06:54:18Z",
"generator": {
"date": "2026-06-11T06:54:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2363-1",
"initial_release_date": "2026-06-11T06:54:18Z",
"revision_history": [
{
"date": "2026-06-11T06:54:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cockpit-298-150500.3.12.1.aarch64",
"product": {
"name": "cockpit-298-150500.3.12.1.aarch64",
"product_id": "cockpit-298-150500.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "cockpit-bridge-298-150500.3.12.1.aarch64",
"product": {
"name": "cockpit-bridge-298-150500.3.12.1.aarch64",
"product_id": "cockpit-bridge-298-150500.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "cockpit-devel-298-150500.3.12.1.aarch64",
"product": {
"name": "cockpit-devel-298-150500.3.12.1.aarch64",
"product_id": "cockpit-devel-298-150500.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "cockpit-pcp-298-150500.3.12.1.aarch64",
"product": {
"name": "cockpit-pcp-298-150500.3.12.1.aarch64",
"product_id": "cockpit-pcp-298-150500.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "cockpit-ws-298-150500.3.12.1.aarch64",
"product": {
"name": "cockpit-ws-298-150500.3.12.1.aarch64",
"product_id": "cockpit-ws-298-150500.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cockpit-doc-298-150500.3.12.1.noarch",
"product": {
"name": "cockpit-doc-298-150500.3.12.1.noarch",
"product_id": "cockpit-doc-298-150500.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "cockpit-kdump-298-150500.3.12.1.noarch",
"product": {
"name": "cockpit-kdump-298-150500.3.12.1.noarch",
"product_id": "cockpit-kdump-298-150500.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "cockpit-networkmanager-298-150500.3.12.1.noarch",
"product": {
"name": "cockpit-networkmanager-298-150500.3.12.1.noarch",
"product_id": "cockpit-networkmanager-298-150500.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "cockpit-packagekit-298-150500.3.12.1.noarch",
"product": {
"name": "cockpit-packagekit-298-150500.3.12.1.noarch",
"product_id": "cockpit-packagekit-298-150500.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "cockpit-selinux-298-150500.3.12.1.noarch",
"product": {
"name": "cockpit-selinux-298-150500.3.12.1.noarch",
"product_id": "cockpit-selinux-298-150500.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "cockpit-storaged-298-150500.3.12.1.noarch",
"product": {
"name": "cockpit-storaged-298-150500.3.12.1.noarch",
"product_id": "cockpit-storaged-298-150500.3.12.1.noarch"
}
},
{
"category": "product_version",
"name": "cockpit-system-298-150500.3.12.1.noarch",
"product": {
"name": "cockpit-system-298-150500.3.12.1.noarch",
"product_id": "cockpit-system-298-150500.3.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cockpit-298-150500.3.12.1.ppc64le",
"product": {
"name": "cockpit-298-150500.3.12.1.ppc64le",
"product_id": "cockpit-298-150500.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cockpit-bridge-298-150500.3.12.1.ppc64le",
"product": {
"name": "cockpit-bridge-298-150500.3.12.1.ppc64le",
"product_id": "cockpit-bridge-298-150500.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cockpit-devel-298-150500.3.12.1.ppc64le",
"product": {
"name": "cockpit-devel-298-150500.3.12.1.ppc64le",
"product_id": "cockpit-devel-298-150500.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cockpit-pcp-298-150500.3.12.1.ppc64le",
"product": {
"name": "cockpit-pcp-298-150500.3.12.1.ppc64le",
"product_id": "cockpit-pcp-298-150500.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cockpit-ws-298-150500.3.12.1.ppc64le",
"product": {
"name": "cockpit-ws-298-150500.3.12.1.ppc64le",
"product_id": "cockpit-ws-298-150500.3.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cockpit-298-150500.3.12.1.s390x",
"product": {
"name": "cockpit-298-150500.3.12.1.s390x",
"product_id": "cockpit-298-150500.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "cockpit-bridge-298-150500.3.12.1.s390x",
"product": {
"name": "cockpit-bridge-298-150500.3.12.1.s390x",
"product_id": "cockpit-bridge-298-150500.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "cockpit-devel-298-150500.3.12.1.s390x",
"product": {
"name": "cockpit-devel-298-150500.3.12.1.s390x",
"product_id": "cockpit-devel-298-150500.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "cockpit-pcp-298-150500.3.12.1.s390x",
"product": {
"name": "cockpit-pcp-298-150500.3.12.1.s390x",
"product_id": "cockpit-pcp-298-150500.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "cockpit-ws-298-150500.3.12.1.s390x",
"product": {
"name": "cockpit-ws-298-150500.3.12.1.s390x",
"product_id": "cockpit-ws-298-150500.3.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cockpit-298-150500.3.12.1.x86_64",
"product": {
"name": "cockpit-298-150500.3.12.1.x86_64",
"product_id": "cockpit-298-150500.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "cockpit-bridge-298-150500.3.12.1.x86_64",
"product": {
"name": "cockpit-bridge-298-150500.3.12.1.x86_64",
"product_id": "cockpit-bridge-298-150500.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "cockpit-devel-298-150500.3.12.1.x86_64",
"product": {
"name": "cockpit-devel-298-150500.3.12.1.x86_64",
"product_id": "cockpit-devel-298-150500.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "cockpit-pcp-298-150500.3.12.1.x86_64",
"product": {
"name": "cockpit-pcp-298-150500.3.12.1.x86_64",
"product_id": "cockpit-pcp-298-150500.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "cockpit-ws-298-150500.3.12.1.x86_64",
"product": {
"name": "cockpit-ws-298-150500.3.12.1.x86_64",
"product_id": "cockpit-ws-298-150500.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-298-150500.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64"
},
"product_reference": "cockpit-298-150500.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-298-150500.3.12.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le"
},
"product_reference": "cockpit-298-150500.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-298-150500.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x"
},
"product_reference": "cockpit-298-150500.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-298-150500.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64"
},
"product_reference": "cockpit-298-150500.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-bridge-298-150500.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64"
},
"product_reference": "cockpit-bridge-298-150500.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-bridge-298-150500.3.12.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le"
},
"product_reference": "cockpit-bridge-298-150500.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-bridge-298-150500.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x"
},
"product_reference": "cockpit-bridge-298-150500.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-bridge-298-150500.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64"
},
"product_reference": "cockpit-bridge-298-150500.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-networkmanager-298-150500.3.12.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch"
},
"product_reference": "cockpit-networkmanager-298-150500.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-selinux-298-150500.3.12.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch"
},
"product_reference": "cockpit-selinux-298-150500.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-storaged-298-150500.3.12.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch"
},
"product_reference": "cockpit-storaged-298-150500.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-system-298-150500.3.12.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch"
},
"product_reference": "cockpit-system-298-150500.3.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-ws-298-150500.3.12.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64"
},
"product_reference": "cockpit-ws-298-150500.3.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-ws-298-150500.3.12.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le"
},
"product_reference": "cockpit-ws-298-150500.3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-ws-298-150500.3.12.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x"
},
"product_reference": "cockpit-ws-298-150500.3.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-ws-298-150500.3.12.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
},
"product_reference": "cockpit-ws-298-150500.3.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-11T06:54:18Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-11T06:54:18Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
},
{
"cve": "CVE-2026-27904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27904"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27904",
"url": "https://www.suse.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "SUSE Bug 1258994 for CVE-2026-27904",
"url": "https://bugzilla.suse.com/1258994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-11T06:54:18Z",
"details": "important"
}
],
"title": "CVE-2026-27904"
},
{
"cve": "CVE-2026-4802",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-4802"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-4802",
"url": "https://www.suse.com/security/cve/CVE-2026-4802"
},
{
"category": "external",
"summary": "SUSE Bug 1265040 for CVE-2026-4802",
"url": "https://bugzilla.suse.com/1265040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-bridge-298-150500.3.12.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:cockpit-networkmanager-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-selinux-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-storaged-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-system-298-150500.3.12.1.noarch",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.s390x",
"SUSE Linux Enterprise Micro 5.5:cockpit-ws-298-150500.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-11T06:54:18Z",
"details": "important"
}
],
"title": "CVE-2026-4802"
}
]
}
WID-SEC-W-2026-0526
Vulnerability from csaf_certbund - Published: 2026-02-25 23:00 - Updated: 2026-03-02 23:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Daten zu manipulieren, und um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.23
IBM / App Connect Enterprise
|
<12.0.12.23 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.0.6.2
IBM / App Connect Enterprise
|
<13.0.6.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.23
IBM / App Connect Enterprise
|
<12.0.12.23 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.0.6.2
IBM / App Connect Enterprise
|
<13.0.6.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.23
IBM / App Connect Enterprise
|
<12.0.12.23 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.0.6.2
IBM / App Connect Enterprise
|
<13.0.6.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.23
IBM / App Connect Enterprise
|
<12.0.12.23 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.0.6.2
IBM / App Connect Enterprise
|
<13.0.6.2 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Daten zu manipulieren, und um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0526 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0526.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0526 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0526"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7261765 vom 2026-02-25",
"url": "https://www.ibm.com/support/pages/node/7261765"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262274 vom 2026-03-02",
"url": "https://www.ibm.com/support/pages/node/7262274"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-02T23:00:00.000+00:00",
"generator": {
"date": "2026-03-03T09:33:00.950+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0526",
"initial_release_date": "2026-02-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-02T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.6.2",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.6.2",
"product_id": "T051233"
}
},
{
"category": "product_version",
"name": "13.0.6.2",
"product": {
"name": "IBM App Connect Enterprise 13.0.6.2",
"product_id": "T051233-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.6.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.23",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.23",
"product_id": "T051234"
}
},
{
"category": "product_version",
"name": "12.0.12.23",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.23",
"product_id": "T051234-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.23"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61140",
"product_status": {
"known_affected": [
"T051234",
"T032495",
"T051233"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2026-24001",
"product_status": {
"known_affected": [
"T051234",
"T032495",
"T051233"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-24001"
},
{
"cve": "CVE-2026-25128",
"product_status": {
"known_affected": [
"T051234",
"T032495",
"T051233"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-25128"
},
{
"cve": "CVE-2026-25547",
"product_status": {
"known_affected": [
"T051234",
"T032495",
"T051233"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-25547"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…