Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from cleanstart
Published
2026-05-18 13:03
Modified
2026-05-15 07:31
Summary
Security fixes for CVE-2025-54410, CVE-2026-32952, CVE-2026-33186, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, ghsa-4vq8-7jfc-9cvp, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 8.18.1-r0, 9.1.10-r0, 9.4.0-r1
Details
Multiple security vulnerabilities affect the elastic-beats package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "elastic-beats"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.4.0-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the elastic-beats package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PM88731",
"modified": "2026-05-15T07:31:56Z",
"published": "2026-05-18T13:03:17.085841Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PM88731.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-54410"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40179"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42151"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42154"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4vq8-7jfc-9cvp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-8rm2-7qqf-34qm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fw8g-cg8f-9j28"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pjcq-xvwq-hhpj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vffh-x6r8-xx99"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wg65-39gg-5wfj"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54410"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40179"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42154"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-54410, CVE-2026-32952, CVE-2026-33186, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, ghsa-4vq8-7jfc-9cvp, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 8.18.1-r0, 9.1.10-r0, 9.4.0-r1",
"upstream": [
"CVE-2025-54410",
"CVE-2026-32952",
"CVE-2026-33186",
"CVE-2026-40179",
"CVE-2026-42151",
"CVE-2026-42154",
"ghsa-4vq8-7jfc-9cvp",
"ghsa-8rm2-7qqf-34qm",
"ghsa-fw8g-cg8f-9j28",
"ghsa-p77j-4mvh-x3m3",
"ghsa-pjcq-xvwq-hhpj",
"ghsa-vffh-x6r8-xx99",
"ghsa-wg65-39gg-5wfj"
]
}
CVE-2025-54410 (GCVE-0-2025-54410)
Vulnerability from cvelistv5 – Published: 2025-07-30 13:24 – Updated: 2025-07-30 13:38
VLAI?
EPSS
Title
Moby's Firewalld reload removes bridge network isolation
Summary
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected.
Workarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.
Severity ?
CWE
- CWE-909 - Missing Initialization of Resource
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/moby/moby/security/advisories/… | x_refsource_CONFIRM |
| https://firewalld.org/documentation/howto/reload-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-30T13:37:49.901547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T13:38:40.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "moby",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003c= 25.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected.\nWorkarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-909",
"description": "CWE-909: Missing Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T13:24:50.818Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp"
},
{
"name": "https://firewalld.org/documentation/howto/reload-firewalld.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://firewalld.org/documentation/howto/reload-firewalld.html"
}
],
"source": {
"advisory": "GHSA-4vq8-7jfc-9cvp",
"discovery": "UNKNOWN"
},
"title": "Moby\u0027s Firewalld reload removes bridge network isolation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54410",
"datePublished": "2025-07-30T13:24:50.818Z",
"dateReserved": "2025-07-21T23:18:10.280Z",
"dateUpdated": "2025-07-30T13:38:40.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-32952 (GCVE-0-2026-32952)
Vulnerability from cvelistv5 – Published: 2026-04-24 01:46 – Updated: 2026-04-24 16:29
VLAI?
EPSS
Title
go-ntlmssp NTLM challenges can panic on malformed payloads
Summary
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.
Severity ?
5.3 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Azure/go-ntlmssp/security/advi… | x_refsource_CONFIRM |
| https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | go-ntlmssp |
Affected:
< 0.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T16:29:17.449582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:29:28.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-ntlmssp",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T01:46:31.573Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj"
},
{
"name": "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1"
}
],
"source": {
"advisory": "GHSA-pjcq-xvwq-hhpj",
"discovery": "UNKNOWN"
},
"title": "go-ntlmssp NTLM challenges can panic on malformed payloads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32952",
"datePublished": "2026-04-24T01:46:31.573Z",
"dateReserved": "2026-03-17T00:05:53.285Z",
"dateUpdated": "2026-04-24T16:29:28.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33186 (GCVE-0-2026-33186)
Vulnerability from cvelistv5 – Published: 2026-03-20 22:23 – Updated: 2026-03-24 18:09
VLAI?
EPSS
Title
gRPC-Go has an authorization bypass via missing leading slash in :path
Summary
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.
Severity ?
9.1 (Critical)
CWE
- CWE-285 - Improper Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/grpc/grpc-go/security/advisori… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T18:08:38.989284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T18:09:13.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grpc-go",
"vendor": "grpc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.79.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T22:23:32.147Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"source": {
"advisory": "GHSA-p77j-4mvh-x3m3",
"discovery": "UNKNOWN"
},
"title": "gRPC-Go has an authorization bypass via missing leading slash in :path"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33186",
"datePublished": "2026-03-20T22:23:32.147Z",
"dateReserved": "2026-03-17T22:16:36.720Z",
"dateUpdated": "2026-03-24T18:09:13.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40179 (GCVE-0-2026-40179)
Vulnerability from cvelistv5 – Published: 2026-04-15 22:26 – Updated: 2026-04-16 14:21
VLAI?
EPSS
Title
Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer
Summary
Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without escaping. In both the Mantine UI and old React UI, chart tooltips on the Graph page render metric names containing HTML/JavaScript without sanitization. In the old React UI, the Metric Explorer fuzzy search results use dangerouslySetInnerHTML without escaping, and heatmap cell tooltips interpolate le label values without sanitization. With Prometheus v3.x defaulting to UTF-8 metric and label name validation, characters like <, >, and " are now valid in metric names and labels. An attacker who can inject metrics via a compromised scrape target, remote write, or OTLP receiver endpoint can execute arbitrary JavaScript in the browser of any Prometheus user who views the metric in the Graph UI, potentially enabling configuration exfiltration, data deletion, or Prometheus shutdown depending on enabled flags. This issue has been fixed in versions 3.5.2 and 3.11.2. If developers are unable to immediately update, the following workarounds are recommended: ensure that the remote write receiver (--web.enable-remote-write-receiver) and the OTLP receiver (--web.enable-otlp-receiver) are not exposed to untrusted sources; verify that all scrape targets are trusted and not under attacker control; avoid enabling admin or mutating API endpoints (e.g., --web.enable-admin-api or --web.enable-lifecycle) in environments where untrusted data may be ingested; and refrain from clicking untrusted links, particularly those containing functions such as label_replace, as they may generate poisoned label names and values.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/prometheus/prometheus/security… | x_refsource_CONFIRM |
| https://github.com/prometheus/prometheus/pull/18506 | x_refsource_MISC |
| https://github.com/prometheus/prometheus/commit/0… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| prometheus | prometheus |
Affected:
>= 3.0.0, < 3.5.2
Affected: >= 3.6.0, < 3.11.2 Affected: < 0.311.2-0.20260410083055-07c6232d159b |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T14:21:31.807163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T14:21:42.130Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "prometheus",
"vendor": "prometheus",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.5.2"
},
{
"status": "affected",
"version": "\u003e= 3.6.0, \u003c 3.11.2"
},
{
"status": "affected",
"version": "\u003c 0.311.2-0.20260410083055-07c6232d159b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without escaping. In both the Mantine UI and old React UI, chart tooltips on the Graph page render metric names containing HTML/JavaScript without sanitization. In the old React UI, the Metric Explorer fuzzy search results use dangerouslySetInnerHTML without escaping, and heatmap cell tooltips interpolate le label values without sanitization. With Prometheus v3.x defaulting to UTF-8 metric and label name validation, characters like \u003c, \u003e, and \" are now valid in metric names and labels. An attacker who can inject metrics via a compromised scrape target, remote write, or OTLP receiver endpoint can execute arbitrary JavaScript in the browser of any Prometheus user who views the metric in the Graph UI, potentially enabling configuration exfiltration, data deletion, or Prometheus shutdown depending on enabled flags. This issue has been fixed in versions 3.5.2 and 3.11.2. If developers are unable to immediately update, the following workarounds are recommended: ensure that the remote write receiver (--web.enable-remote-write-receiver) and the OTLP receiver (--web.enable-otlp-receiver) are not exposed to untrusted sources; verify that all scrape targets are trusted and not under attacker control; avoid enabling admin or mutating API endpoints (e.g., --web.enable-admin-api or --web.enable-lifecycle) in environments where untrusted data may be ingested; and refrain from clicking untrusted links, particularly those containing functions such as label_replace, as they may generate poisoned label names and values."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T22:26:46.909Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/prometheus/prometheus/security/advisories/GHSA-vffh-x6r8-xx99",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-vffh-x6r8-xx99"
},
{
"name": "https://github.com/prometheus/prometheus/pull/18506",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/pull/18506"
},
{
"name": "https://github.com/prometheus/prometheus/commit/07c6232d159bfb474a077788be184d87adcfac3c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/commit/07c6232d159bfb474a077788be184d87adcfac3c"
}
],
"source": {
"advisory": "GHSA-vffh-x6r8-xx99",
"discovery": "UNKNOWN"
},
"title": "Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40179",
"datePublished": "2026-04-15T22:26:46.909Z",
"dateReserved": "2026-04-09T20:59:17.619Z",
"dateUpdated": "2026-04-16T14:21:42.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42151 (GCVE-0-2026-42151)
Vulnerability from cvelistv5 – Published: 2026-05-04 18:12 – Updated: 2026-05-04 19:55
VLAI?
EPSS
Title
Prometheus Azure AD remote write OAuth client secret exposed via config API
Summary
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the /-/config HTTP API endpoint. Because the field was a plain string, the Azure OAuth client secret was exposed in plaintext to any user or process with access to that endpoint. This issue has been patched in versions 3.5.3 and 3.11.3.
Severity ?
7.5 (High)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/prometheus/prometheus/security… | x_refsource_CONFIRM |
| https://github.com/prometheus/prometheus/pull/18587 | x_refsource_MISC |
| https://github.com/prometheus/prometheus/pull/18590 | x_refsource_MISC |
| https://github.com/prometheus/prometheus/releases… | x_refsource_MISC |
| https://github.com/prometheus/prometheus/releases… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| prometheus | prometheus |
Affected:
< 3.5.3
Affected: >= 3.6.0, < 3.11.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42151",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T19:54:39.314002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T19:55:09.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "prometheus",
"vendor": "prometheus",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.3"
},
{
"status": "affected",
"version": "\u003e= 3.6.0, \u003c 3.11.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/azuread) was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the /-/config HTTP API endpoint. Because the field was a plain string, the Azure OAuth client secret was exposed in plaintext to any user or process with access to that endpoint. This issue has been patched in versions 3.5.3 and 3.11.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T18:12:16.917Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj"
},
{
"name": "https://github.com/prometheus/prometheus/pull/18587",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/pull/18587"
},
{
"name": "https://github.com/prometheus/prometheus/pull/18590",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/pull/18590"
},
{
"name": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"name": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
}
],
"source": {
"advisory": "GHSA-wg65-39gg-5wfj",
"discovery": "UNKNOWN"
},
"title": "Prometheus Azure AD remote write OAuth client secret exposed via config API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42151",
"datePublished": "2026-05-04T18:12:16.917Z",
"dateReserved": "2026-04-24T17:15:21.835Z",
"dateUpdated": "2026-05-04T19:55:09.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-42154 (GCVE-0-2026-42154)
Vulnerability from cvelistv5 – Published: 2026-05-04 18:13 – Updated: 2026-05-04 20:19
VLAI?
EPSS
Title
Prometheus: remote read endpoint allows denial of service via crafted snappy payload
Summary
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaust available memory and crash the Prometheus process. This issue has been patched in versions 3.5.3 and 3.11.3.
Severity ?
7.5 (High)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/prometheus/prometheus/security… | x_refsource_CONFIRM |
| https://github.com/prometheus/prometheus/pull/18584 | x_refsource_MISC |
| https://github.com/prometheus/prometheus/pull/18585 | x_refsource_MISC |
| https://github.com/prometheus/prometheus/releases… | x_refsource_MISC |
| https://github.com/prometheus/prometheus/releases… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| prometheus | prometheus |
Affected:
< 3.5.3
Affected: >= 3.6.0, < 3.11.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42154",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T20:18:48.754025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T20:19:13.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "prometheus",
"vendor": "prometheus",
"versions": [
{
"status": "affected",
"version": "\u003c 3.5.3"
},
{
"status": "affected",
"version": "\u003e= 3.6.0, \u003c 3.11.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaust available memory and crash the Prometheus process. This issue has been patched in versions 3.5.3 and 3.11.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T18:13:12.340Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm"
},
{
"name": "https://github.com/prometheus/prometheus/pull/18584",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/pull/18584"
},
{
"name": "https://github.com/prometheus/prometheus/pull/18585",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/pull/18585"
},
{
"name": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"name": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
}
],
"source": {
"advisory": "GHSA-8rm2-7qqf-34qm",
"discovery": "UNKNOWN"
},
"title": "Prometheus: remote read endpoint allows denial of service via crafted snappy payload"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42154",
"datePublished": "2026-05-04T18:13:12.340Z",
"dateReserved": "2026-04-24T17:15:21.835Z",
"dateUpdated": "2026-05-04T20:19:13.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
GHSA-4VQ8-7JFC-9CVP
Vulnerability from github – Published: 2025-07-29 19:56 – Updated: 2026-03-27 17:37
VLAI?
Summary
Moby firewalld reload removes bridge network isolation
Details
Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker, or Docker Engine.
Firewalld is a daemon used by some Linux distributions to provide a dynamically managed firewall. When Firewalld is running, Docker uses its iptables backend to create rules, including rules to isolate containers in one bridge network from containers in other bridge networks.
Impact
The iptables rules created by Docker are removed when firewalld is reloaded using, for example "firewall-cmd --reload", "killall -HUP firewalld", or "systemctl reload firewalld".
When that happens, Docker must re-create the rules. However, in affected versions of Docker, the iptables rules that isolate containers in different bridge networks from each other are not re-created.
Once these rules have been removed, containers have access to any port, on any container, in any non-internal bridge network, running on the Docker host.
Containers running in networks created with --internal or equivalent have no access to other networks. Containers that are only connected to these networks remain isolated after a firewalld reload.
Where Docker Engine is not running in the host's network namespace, it is unaffected. Including, for example, Rootless Mode, and Docker Desktop.
Patches
Moby releases 28.0.0 and newer are not affected. A fix is available in moby release 25.0.13.
Workarounds
After reloading firewalld, either: - Restart the docker daemon, - Re-create bridge networks, or - Use rootless mode.
References
https://firewalld.org/ https://firewalld.org/documentation/howto/reload-firewalld.html
Severity ?
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 25.0.12"
},
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "25.0.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/docker/docker"
},
"ranges": [
{
"events": [
{
"introduced": "26.0.0-rc1"
},
{
"fixed": "28.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-54410"
],
"database_specific": {
"cwe_ids": [
"CWE-909"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-29T19:56:25Z",
"nvd_published_at": "2025-07-30T14:15:28Z",
"severity": "LOW"
},
"details": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as Docker, or Docker Engine.\n\nFirewalld is a daemon used by some Linux distributions to provide a dynamically managed firewall. When Firewalld is running, Docker uses its iptables backend to create rules, including rules to isolate containers in one bridge network from containers in other bridge networks.\n\n### Impact\n\nThe iptables rules created by Docker are removed when firewalld is reloaded using, for example \"firewall-cmd --reload\", \"killall -HUP firewalld\", or \"systemctl reload firewalld\".\n\nWhen that happens, Docker must re-create the rules. However, in affected versions of Docker, the iptables rules that isolate containers in different bridge networks from each other are not re-created.\n\nOnce these rules have been removed, containers have access to any port, on any container, in any non-internal bridge network, running on the Docker host.\n\nContainers running in networks created with `--internal` or equivalent have no access to other networks. Containers that are only connected to these networks remain isolated after a firewalld reload.\n\nWhere Docker Engine is not running in the host\u0027s network namespace, it is unaffected. Including, for example, Rootless Mode, and Docker Desktop.\n\n### Patches\n\nMoby releases 28.0.0 and newer are not affected. A fix is available in moby release 25.0.13.\n\n### Workarounds\nAfter reloading firewalld, either:\n- Restart the docker daemon,\n- Re-create bridge networks, or\n- Use rootless mode.\n\n### References\nhttps://firewalld.org/\nhttps://firewalld.org/documentation/howto/reload-firewalld.html",
"id": "GHSA-4vq8-7jfc-9cvp",
"modified": "2026-03-27T17:37:52Z",
"published": "2025-07-29T19:56:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54410"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/pull/49443"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/pull/49728"
},
{
"type": "WEB",
"url": "https://firewalld.org/documentation/howto/reload-firewalld.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/moby/moby"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moby firewalld reload removes bridge network isolation"
}
GHSA-8RM2-7QQF-34QM
Vulnerability from github – Published: 2026-05-05 19:34 – Updated: 2026-05-05 19:34
VLAI?
Summary
Prometheus: Remote read endpoint allows denial of service via crafted snappy payload
Details
Impact
The remote read endpoint (/api/v1/read) does not validate the declared decoded length in a snappy-compressed request body before allocating memory.
An unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaust available memory and crash the Prometheus process.
Patches
Has the problem been patched? What versions should users upgrade to?
Fixed in 3.11.3 and 3.5.3 LTS. Users should upgrade to these versions or later.
Workarounds
User who can not upgrade can place Prometheus behind a reverse proxy or firewall that requires authentication before requests reach /api/v1/read.
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/prometheus/prometheus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.311.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42154"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-789"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T19:34:05Z",
"nvd_published_at": "2026-05-04T19:16:04Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThe remote read endpoint (`/api/v1/read`) does not validate the declared decoded length in a snappy-compressed request body before allocating memory.\nAn unauthenticated attacker can send a small payload that causes a huge heap allocation per request. Under concurrent load this can exhaust available memory and crash the Prometheus process.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nFixed in 3.11.3 and 3.5.3 LTS. Users should upgrade to these versions or later.\n\n### Workarounds\nUser who can not upgrade can place Prometheus behind a reverse proxy or firewall that requires authentication before requests reach /api/v1/read.",
"id": "GHSA-8rm2-7qqf-34qm",
"modified": "2026-05-05T19:34:05Z",
"published": "2026-05-05T19:34:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42154"
},
{
"type": "WEB",
"url": "https://github.com/prometheus/prometheus/pull/18584"
},
{
"type": "WEB",
"url": "https://github.com/prometheus/prometheus/pull/18585"
},
{
"type": "PACKAGE",
"url": "https://github.com/prometheus/prometheus"
},
{
"type": "WEB",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"type": "WEB",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Prometheus: Remote read endpoint allows denial of service via crafted snappy payload"
}
GHSA-FW8G-CG8F-9J28
Vulnerability from github – Published: 2026-05-05 21:53 – Updated: 2026-05-13 13:29
VLAI?
Summary
Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display
Details
Impact
In the Prometheus server's legacy web UI (enabled via the command-line flag --enable-feature=old-ui), the histogram heatmap chart view does not escape le label values when inserting them into the HTML for use as axis tick mark labels.
An attacker who can inject crafted metrics (e.g. via a compromised scrape target, remote write, or OTLP receiver endpoint) can execute JavaScript in the browser of any Prometheus user who views the metric in the heatmap chart UI. From the XSS context, an attacker could for example:
- Read
/api/v1/status/configto extract sensitive configuration (although credentials / secrets are redacted by the server) - Call
/-/quitto shut down Prometheus (only if--web.enable-lifecycleis set) - Call
/api/v1/admin/tsdb/delete_seriesto delete data (only if--web.enable-admin-apiis set) - Exfiltrate metric data to an external server
Note that this only affects users who have explicitly enabled the legacy Prometheus web UI using the --enable-feature=old-ui command-line flag.
Patches
https://github.com/prometheus/prometheus/commit/38f23b9075ced1de2b82d2dad8b2bebb1ecd5b7d
Workarounds
If at all possible, disable the legacy web UI by removing the --enable-feature=old-ui command-line flag).
If this is not an option, take the following precautions:
- If using the remote write receiver (
--web.enable-remote-write-receiver), ensure it is not exposed to untrusted sources. - If using the OTLP receiver (
--web.enable-otlp-receiver), ensure it is not exposed to untrusted sources. - Ensure scrape targets are trusted and not under attacker control.
- Do not enable admin / mutating API endpoints (e.g.
--web.enable-admin-apiorweb.enable-lifecycle) in cases where you cannot prevent untrusted data from being ingested. - Users should avoid clicking untrusted links, especially those containing functions such as
label_replace, as they may generate poisoned label names and values.
References
- CVE-2019-10215 — prior stored DOM XSS vulnerability in Prometheus query history, fixed in v2.7.2
- CVE-2026-40179 — prior stored DOM XSS vulnerability in Prometheus web UI (hover tooltips and metrics explorer), fixed in v3.11.2
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/prometheus/prometheus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.311.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44903"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T21:53:18Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nIn the Prometheus server\u0027s legacy web UI (enabled via the command-line flag `--enable-feature=old-ui`), the histogram heatmap chart view does not escape `le` label values when inserting them into the HTML for use as axis tick mark labels.\n\nAn attacker who can inject crafted metrics (e.g. via a compromised scrape target, remote write, or OTLP receiver endpoint) can execute JavaScript in the browser of any Prometheus user who views the metric in the heatmap chart UI. From the XSS context, an attacker could for example:\n\n- Read `/api/v1/status/config` to extract sensitive configuration (although credentials / secrets are redacted by the server)\n- Call `/-/quit` to shut down Prometheus (only if `--web.enable-lifecycle` is set)\n- Call `/api/v1/admin/tsdb/delete_series` to delete data (only if `--web.enable-admin-api` is set)\n- Exfiltrate metric data to an external server\n\nNote that this only affects users who have explicitly enabled the legacy Prometheus web UI using the `--enable-feature=old-ui` command-line flag.\n\n### Patches\n\nhttps://github.com/prometheus/prometheus/commit/38f23b9075ced1de2b82d2dad8b2bebb1ecd5b7d\n\n### Workarounds\n\nIf at all possible, disable the legacy web UI by removing the `--enable-feature=old-ui` command-line flag).\n\nIf this is not an option, take the following precautions:\n\n- If using the remote write receiver (`--web.enable-remote-write-receiver`), ensure it is not exposed to untrusted sources.\n- If using the OTLP receiver (`--web.enable-otlp-receiver`), ensure it is not exposed to untrusted sources.\n- Ensure scrape targets are trusted and not under attacker control.\n- Do not enable admin / mutating API endpoints (e.g. `--web.enable-admin-api` or `web.enable-lifecycle`) in cases where you cannot prevent untrusted data from being ingested.\n- Users should avoid clicking untrusted links, especially those containing functions such as `label_replace`, as they may generate poisoned label names and values.\n\n### References\n\n- CVE-2019-10215 \u2014 prior stored DOM XSS vulnerability in Prometheus query history, fixed in v2.7.2\n- CVE-2026-40179 \u2014 prior stored DOM XSS vulnerability in Prometheus web UI (hover tooltips and metrics explorer), fixed in v3.11.2",
"id": "GHSA-fw8g-cg8f-9j28",
"modified": "2026-05-13T13:29:02Z",
"published": "2026-05-05T21:53:18Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-fw8g-cg8f-9j28"
},
{
"type": "WEB",
"url": "https://github.com/prometheus/prometheus/commit/38f23b9075ced1de2b82d2dad8b2bebb1ecd5b7d"
},
{
"type": "PACKAGE",
"url": "https://github.com/prometheus/prometheus"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display"
}
GHSA-P77J-4MVH-X3M3
Vulnerability from github – Published: 2026-03-18 20:10 – Updated: 2026-03-25 18:12
VLAI?
Summary
gRPC-Go has an authorization bypass via missing leading slash in :path
Details
Impact
What kind of vulnerability is it? Who is impacted?
It is an Authorization Bypass resulting from Improper Input Validation of the HTTP/2 :path pseudo-header.
The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory leading slash (e.g., Service/Method instead of /Service/Method). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official grpc/authz package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with /) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present.
Who is impacted?
This affects gRPC-Go servers that meet both of the following criteria:
1. They use path-based authorization interceptors, such as the official RBAC implementation in google.golang.org/grpc/authz or custom interceptors relying on info.FullMethod or grpc.Method(ctx).
2. Their security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule).
The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed :path headers directly to the gRPC server.
Patches
Has the problem been patched? What versions should users upgrade to?
Yes, the issue has been patched. The fix ensures that any request with a :path that does not start with a leading slash is immediately rejected with a codes.Unimplemented error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string.
Users should upgrade to the following versions (or newer): * v1.79.3 * The latest master branch.
It is recommended that all users employing path-based authorization (especially grpc/authz) upgrade as soon as the patch is available in a tagged release.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods:
1. Use a Validating Interceptor (Recommended Mitigation)
Add an "outermost" interceptor to your server that validates the path before any other authorization logic runs:
func pathValidationInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {
if info.FullMethod == "" || info.FullMethod[0] != '/' {
return nil, status.Errorf(codes.Unimplemented, "malformed method name")
}
return handler(ctx, req)
}
// Ensure this is the FIRST interceptor in your chain
s := grpc.NewServer(
grpc.ChainUnaryInterceptor(pathValidationInterceptor, authzInterceptor),
)
2. Infrastructure-Level Normalization
If your gRPC server is behind a reverse proxy or load balancer (such as Envoy, NGINX, or an L7 Cloud Load Balancer), ensure it is configured to enforce strict HTTP/2 compliance for pseudo-headers and reject or normalize requests where the :path header does not start with a leading slash.
3. Policy Hardening
Switch to a "default deny" posture in your authorization policies (explicitly listing all allowed paths and denying everything else) to reduce the risk of bypasses via malformed inputs.
Severity ?
9.1 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "google.golang.org/grpc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.79.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33186"
],
"database_specific": {
"cwe_ids": [
"CWE-285"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-18T20:10:29Z",
"nvd_published_at": "2026-03-20T23:16:45Z",
"severity": "CRITICAL"
},
"details": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nIt is an **Authorization Bypass** resulting from **Improper Input Validation** of the HTTP/2 `:path` pseudo-header.\n\nThe gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present.\n\n**Who is impacted?**\nThis affects gRPC-Go servers that meet both of the following criteria:\n1. They use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`.\n2. Their security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule).\n\nThe vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nYes, the issue has been patched. The fix ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string.\n\nUsers should upgrade to the following versions (or newer):\n* **v1.79.3**\n* The latest **master** branch.\n\nIt is recommended that all users employing path-based authorization (especially `grpc/authz`) upgrade as soon as the patch is available in a tagged release.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nWhile upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods:\n\n#### 1. Use a Validating Interceptor (Recommended Mitigation)\nAdd an \"outermost\" interceptor to your server that validates the path before any other authorization logic runs:\n\n```go\nfunc pathValidationInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {\n if info.FullMethod == \"\" || info.FullMethod[0] != \u0027/\u0027 {\n return nil, status.Errorf(codes.Unimplemented, \"malformed method name\")\n } \n return handler(ctx, req)\n}\n\n// Ensure this is the FIRST interceptor in your chain\ns := grpc.NewServer(\n grpc.ChainUnaryInterceptor(pathValidationInterceptor, authzInterceptor),\n)\n```\n\n#### 2. Infrastructure-Level Normalization\nIf your gRPC server is behind a reverse proxy or load balancer (such as Envoy, NGINX, or an L7 Cloud Load Balancer), ensure it is configured to enforce strict HTTP/2 compliance for pseudo-headers and reject or normalize requests where the `:path` header does not start with a leading slash.\n\n#### 3. Policy Hardening\nSwitch to a \"default deny\" posture in your authorization policies (explicitly listing all allowed paths and denying everything else) to reduce the risk of bypasses via malformed inputs.",
"id": "GHSA-p77j-4mvh-x3m3",
"modified": "2026-03-25T18:12:09Z",
"published": "2026-03-18T20:10:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "PACKAGE",
"url": "https://github.com/grpc/grpc-go"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "gRPC-Go has an authorization bypass via missing leading slash in :path"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…