Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-G794-3FMP-753H
Vulnerability from github – Published: 2026-05-27 21:35 – Updated: 2026-05-27 21:35Summary
AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorized_keys/%u can be made to read an authorized-keys file outside the intended directory when the SSH username contains path traversal segments. If the attacker can place or reference a readable authorized-keys-format file containing their public key, the attacker can authenticate over SSH as the traversal username.
Affected Product
- Package: asyncssh
- Ecosystem: pip
- Affected versions: confirmed on 2.22.0; exact lower bound not finalized
- Tested version: 2.22.0
- Audit commit/tag: tag
v2.22.0, commitaf5a81e669633d83d535163f93b6bf3f957c9238 - PyPI sdist SHA256:
c3ce72b01be4f97b40e62844dd384227e5ff5a401a3793007c42f86a5c8eb537
Vulnerability Details
- CWE: CWE-22: Improper Limitation of a Pathname to a Restricted Directory
- Component: AsyncSSH server config reload and public-key authentication (
asyncssh/config.py,asyncssh/connection.py,asyncssh/auth_keys.py,asyncssh/misc.py) - Root cause:
%uinAuthorizedKeysFileis expanded from the remote username without rejecting path separators or..segments, and the resulting path is opened without constraining it to the intended authorized-keys directory. - Security boundary violated: the configured authorized-keys directory and public-key authentication trust boundary.
- Direct impact: public-key authentication succeeds using an attacker-selected authorized-keys file outside the intended directory.
- Chain impact, if any: none claimed; direct authentication impact is primary.
Attack Preconditions
- The AsyncSSH server uses a config or equivalent pattern where
AuthorizedKeysFilecontains%u, for exampleAuthorizedKeysFile authorized_keys/%u. - Public-key authentication is enabled.
- The attacker can place or reference a readable authorized-keys-format file outside the intended directory, such as a file in a world-writable or application-writable location.
- The application does not separately reject usernames containing
/,\, or..before AsyncSSH uses the username for key-file selection.
Reproduction
The run-scoped evidence contains a safe localhost proof:
-
Start the proof harness saved at harness_app.py
-
Run exploit_proof.py through run_proof.sh
-
The harness creates
sshd_configwithAuthorizedKeysFile authorized_keys/%u, writes the attacker's public key to a file outsideauthorized_keys/, starts a real AsyncSSH server, and attempts two SSH logins. - Expected result: the normal username
victimfails, while the traversal username authenticates with the same attacker key.
Observed proof output:
[CONTROL] username=victim success=False
[ATTACK] username=../../../asyncssh-proof-exploit-proof-8b2bd23daeeb.pub success=True
[ATTACK] output=AUTH_BYPASS_SUCCESS username=../../../asyncssh-proof-exploit-proof-8b2bd23daeeb.pub
PASS: traversal username authenticated with attacker-controlled authorized_keys file
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "asyncssh"
},
"ranges": [
{
"events": [
{
"introduced": "2.22.0"
},
{
"fixed": "2.23.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.22.0"
]
}
],
"aliases": [
"CVE-2026-45309"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-27T21:35:06Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\nAsyncSSH 2.22.0 expands the OpenSSH-compatible `AuthorizedKeysFile` `%u` token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as `AuthorizedKeysFile authorized_keys/%u` can be made to read an authorized-keys file outside the intended directory when the SSH username contains path traversal segments. If the attacker can place or reference a readable authorized-keys-format file containing their public key, the attacker can authenticate over SSH as the traversal username.\n\n## Affected Product\n- Package: asyncssh\n- Ecosystem: pip\n- Affected versions: confirmed on 2.22.0; exact lower bound not finalized\n- Tested version: 2.22.0\n- Audit commit/tag: tag `v2.22.0`, commit `af5a81e669633d83d535163f93b6bf3f957c9238`\n- PyPI sdist SHA256: `c3ce72b01be4f97b40e62844dd384227e5ff5a401a3793007c42f86a5c8eb537`\n\n## Vulnerability Details\n- CWE: CWE-22: Improper Limitation of a Pathname to a Restricted Directory\n- Component: AsyncSSH server config reload and public-key authentication (`asyncssh/config.py`, `asyncssh/connection.py`, `asyncssh/auth_keys.py`, `asyncssh/misc.py`)\n- Root cause: `%u` in `AuthorizedKeysFile` is expanded from the remote username without rejecting path separators or `..` segments, and the resulting path is opened without constraining it to the intended authorized-keys directory.\n- Security boundary violated: the configured authorized-keys directory and public-key authentication trust boundary.\n- Direct impact: public-key authentication succeeds using an attacker-selected authorized-keys file outside the intended directory.\n- Chain impact, if any: none claimed; direct authentication impact is primary.\n\n## Attack Preconditions\n- The AsyncSSH server uses a config or equivalent pattern where `AuthorizedKeysFile` contains `%u`, for example `AuthorizedKeysFile authorized_keys/%u`.\n- Public-key authentication is enabled.\n- The attacker can place or reference a readable authorized-keys-format file outside the intended directory, such as a file in a world-writable or application-writable location.\n- The application does not separately reject usernames containing `/`, `\\`, or `..` before AsyncSSH uses the username for key-file selection.\n\n## Reproduction\nThe run-scoped evidence contains a safe localhost proof:\n\n1. Start the proof harness saved at \n[harness_app.py](https://github.com/user-attachments/files/27232526/harness_app.py)\n\n2. Run \n[exploit_proof.py](https://github.com/user-attachments/files/27232538/exploit_proof.py)\nthrough \n[run_proof.sh](https://github.com/user-attachments/files/27232545/run_proof.sh)\n\n3. The harness creates `sshd_config` with `AuthorizedKeysFile authorized_keys/%u`, writes the attacker\u0027s public key to a file outside `authorized_keys/`, starts a real AsyncSSH server, and attempts two SSH logins.\n4. Expected result: the normal username `victim` fails, while the traversal username authenticates with the same attacker key.\n\nObserved proof output:\n\n```text\n[CONTROL] username=victim success=False\n[ATTACK] username=../../../asyncssh-proof-exploit-proof-8b2bd23daeeb.pub success=True\n[ATTACK] output=AUTH_BYPASS_SUCCESS username=../../../asyncssh-proof-exploit-proof-8b2bd23daeeb.pub\nPASS: traversal username authenticated with attacker-controlled authorized_keys file\n```",
"id": "GHSA-g794-3fmp-753h",
"modified": "2026-05-27T21:35:06Z",
"published": "2026-05-27T21:35:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ronf/asyncssh/security/advisories/GHSA-g794-3fmp-753h"
},
{
"type": "PACKAGE",
"url": "https://github.com/ronf/asyncssh"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username"
}
cleanstart-2026-mr94452
Vulnerability from cleanstart
Multiple security vulnerabilities affect the airflow-3 package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "airflow-3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.8-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the airflow-3 package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-MR94452",
"modified": "2026-06-07T16:45:27Z",
"published": "2026-06-08T12:29:26.603264Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-MR94452.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46136"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12797"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-34069"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-49766"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-49767"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-66221"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-0994"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-21860"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25645"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26007"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27199"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27205"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27448"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-30922"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-31958"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32597"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34073"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34519"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34520"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34525"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35536"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40217"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40347"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41066"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44307"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44681"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-45309"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48522"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48523"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48524"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48525"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48526"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48710"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-8838"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-29h4-r29x-hchv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-29vq-49wr-vm6x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2g68-c3qc-8985"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2h4p-vjrc-8xpq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2vrm-gr82-f7m5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3wq7-rqq7-wx6j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5239-wwwm-4pmq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-53mr-6c8q-9789"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-63hf-3vf5-4wqf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-68rp-wp8r-4726"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-752w-5fwx-jx9f"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-78cv-mqj4-43f7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-79v4-65xg-pq4g"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7f5h-v6xp-fcq8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7gcm-g887-7qv7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-87hc-h4r5-73f7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-966j-vmvw-g2g9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c427-h43c-vf67"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f9vj-2wh5-fj8j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fqwm-6jpj-5wxc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g794-3fmp-753h"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h4gh-qq45-vh27"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hcc4-c3v8-rx92"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hgf8-39gv-g3f2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hrfv-mqp8-q5rw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jj8c-mmj3-mmgv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jjhc-v7c2-5hh6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jr27-m4p2-rc6r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m5qp-6w8w-w647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m959-cc7f-wv43"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj87-hwqh-73pj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mwh4-6h8g-pg8w"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p998-jp59-783m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q34m-jh98-gwm2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qjxf-f2mg-c6mc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r6ph-v2qm-q3c2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r95x-qfjj-fjj2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v92g-xgxw-vvmm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vfmq-68hx-4jfw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w2fm-2cpv-w7v5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wxxx-gvqv-xp7p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xqmj-j6mv-4862"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46136"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12797"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49766"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49767"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66221"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0994"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21860"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25645"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27199"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27205"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27448"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31958"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34073"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34519"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34520"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34525"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35536"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40217"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40347"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41066"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44307"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44681"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45309"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48522"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48523"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48524"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48525"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48710"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8838"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2023-46136, CVE-2024-12797, CVE-2024-34069, CVE-2024-49766, CVE-2024-49767, CVE-2025-62727, CVE-2025-66221, CVE-2026-0994, CVE-2026-21860, CVE-2026-22815, CVE-2026-25645, CVE-2026-26007, CVE-2026-27199, CVE-2026-27205, CVE-2026-27448, CVE-2026-27459, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-34073, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-35536, CVE-2026-40217, CVE-2026-40347, CVE-2026-41066, CVE-2026-44307, CVE-2026-44431, CVE-2026-44432, CVE-2026-44681, CVE-2026-45309, CVE-2026-4539, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526, CVE-2026-48710, CVE-2026-8838, ghsa-29h4-r29x-hchv, ghsa-29vq-49wr-vm6x, ghsa-2g68-c3qc-8985, ghsa-2h4p-vjrc-8xpq, ghsa-2vrm-gr82-f7m5, ghsa-3wq7-rqq7-wx6j, ghsa-5239-wwwm-4pmq, ghsa-53mr-6c8q-9789, ghsa-63hf-3vf5-4wqf, ghsa-68rp-wp8r-4726, ghsa-752w-5fwx-jx9f, ghsa-78cv-mqj4-43f7, ghsa-79v4-65xg-pq4g, ghsa-7f5h-v6xp-fcq8, ghsa-7gcm-g887-7qv7, ghsa-87hc-h4r5-73f7, ghsa-966j-vmvw-g2g9, ghsa-c427-h43c-vf67, ghsa-f9vj-2wh5-fj8j, ghsa-fqwm-6jpj-5wxc, ghsa-g794-3fmp-753h, ghsa-gc5v-m9x4-r6x2, ghsa-h4gh-qq45-vh27, ghsa-hcc4-c3v8-rx92, ghsa-hgf8-39gv-g3f2, ghsa-hrfv-mqp8-q5rw, ghsa-jj8c-mmj3-mmgv, ghsa-jjhc-v7c2-5hh6, ghsa-jr27-m4p2-rc6r, ghsa-m5qp-6w8w-w647, ghsa-m959-cc7f-wv43, ghsa-mf9v-mfxr-j63j, ghsa-mj87-hwqh-73pj, ghsa-mwh4-6h8g-pg8w, ghsa-p998-jp59-783m, ghsa-q34m-jh98-gwm2, ghsa-qccp-gfcp-xxvc, ghsa-qjxf-f2mg-c6mc, ghsa-r6ph-v2qm-q3c2, ghsa-r95x-qfjj-fjj2, ghsa-v92g-xgxw-vvmm, ghsa-vfmq-68hx-4jfw, ghsa-w2fm-2cpv-w7v5, ghsa-wxxx-gvqv-xp7p, ghsa-xqmj-j6mv-4862 applied in versions: 3.1.8-r0, 3.1.8-r1, 3.1.8-r2, 3.1.8-r3",
"upstream": [
"CVE-2023-46136",
"CVE-2024-12797",
"CVE-2024-34069",
"CVE-2024-49766",
"CVE-2024-49767",
"CVE-2025-62727",
"CVE-2025-66221",
"CVE-2026-0994",
"CVE-2026-21860",
"CVE-2026-22815",
"CVE-2026-25645",
"CVE-2026-26007",
"CVE-2026-27199",
"CVE-2026-27205",
"CVE-2026-27448",
"CVE-2026-27459",
"CVE-2026-30922",
"CVE-2026-31958",
"CVE-2026-32597",
"CVE-2026-34073",
"CVE-2026-34513",
"CVE-2026-34514",
"CVE-2026-34515",
"CVE-2026-34516",
"CVE-2026-34517",
"CVE-2026-34518",
"CVE-2026-34519",
"CVE-2026-34520",
"CVE-2026-34525",
"CVE-2026-35536",
"CVE-2026-40217",
"CVE-2026-40347",
"CVE-2026-41066",
"CVE-2026-44307",
"CVE-2026-44431",
"CVE-2026-44432",
"CVE-2026-44681",
"CVE-2026-45309",
"CVE-2026-4539",
"CVE-2026-48522",
"CVE-2026-48523",
"CVE-2026-48524",
"CVE-2026-48525",
"CVE-2026-48526",
"CVE-2026-48710",
"CVE-2026-8838",
"ghsa-29h4-r29x-hchv",
"ghsa-29vq-49wr-vm6x",
"ghsa-2g68-c3qc-8985",
"ghsa-2h4p-vjrc-8xpq",
"ghsa-2vrm-gr82-f7m5",
"ghsa-3wq7-rqq7-wx6j",
"ghsa-5239-wwwm-4pmq",
"ghsa-53mr-6c8q-9789",
"ghsa-63hf-3vf5-4wqf",
"ghsa-68rp-wp8r-4726",
"ghsa-752w-5fwx-jx9f",
"ghsa-78cv-mqj4-43f7",
"ghsa-79v4-65xg-pq4g",
"ghsa-7f5h-v6xp-fcq8",
"ghsa-7gcm-g887-7qv7",
"ghsa-87hc-h4r5-73f7",
"ghsa-966j-vmvw-g2g9",
"ghsa-c427-h43c-vf67",
"ghsa-f9vj-2wh5-fj8j",
"ghsa-fqwm-6jpj-5wxc",
"ghsa-g794-3fmp-753h",
"ghsa-gc5v-m9x4-r6x2",
"ghsa-h4gh-qq45-vh27",
"ghsa-hcc4-c3v8-rx92",
"ghsa-hgf8-39gv-g3f2",
"ghsa-hrfv-mqp8-q5rw",
"ghsa-jj8c-mmj3-mmgv",
"ghsa-jjhc-v7c2-5hh6",
"ghsa-jr27-m4p2-rc6r",
"ghsa-m5qp-6w8w-w647",
"ghsa-m959-cc7f-wv43",
"ghsa-mf9v-mfxr-j63j",
"ghsa-mj87-hwqh-73pj",
"ghsa-mwh4-6h8g-pg8w",
"ghsa-p998-jp59-783m",
"ghsa-q34m-jh98-gwm2",
"ghsa-qccp-gfcp-xxvc",
"ghsa-qjxf-f2mg-c6mc",
"ghsa-r6ph-v2qm-q3c2",
"ghsa-r95x-qfjj-fjj2",
"ghsa-v92g-xgxw-vvmm",
"ghsa-vfmq-68hx-4jfw",
"ghsa-w2fm-2cpv-w7v5",
"ghsa-wxxx-gvqv-xp7p",
"ghsa-xqmj-j6mv-4862"
]
}
cleanstart-2026-wu03167
Vulnerability from cleanstart
Multiple security vulnerabilities affect the airflow-3 package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "airflow-3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.8-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the airflow-3 package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-WU03167",
"modified": "2026-06-07T16:45:27Z",
"published": "2026-07-09T09:57:39.854516Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WU03167.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46136"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-12797"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-34069"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-49766"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-49767"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-66221"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-0994"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-21860"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-22815"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25645"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26007"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27199"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27205"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27448"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27459"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-30922"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-31958"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32597"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34073"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34519"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34520"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34525"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35536"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40217"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40347"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41066"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44307"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44681"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-45309"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4539"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48522"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48523"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48524"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48525"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48526"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-48710"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-8838"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-29h4-r29x-hchv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-29vq-49wr-vm6x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2g68-c3qc-8985"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2h4p-vjrc-8xpq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2vrm-gr82-f7m5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3wq7-rqq7-wx6j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-5239-wwwm-4pmq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-53mr-6c8q-9789"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-63hf-3vf5-4wqf"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-68rp-wp8r-4726"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-752w-5fwx-jx9f"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-78cv-mqj4-43f7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-79v4-65xg-pq4g"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7f5h-v6xp-fcq8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7gcm-g887-7qv7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-87hc-h4r5-73f7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-966j-vmvw-g2g9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c427-h43c-vf67"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f9vj-2wh5-fj8j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fqwm-6jpj-5wxc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-g794-3fmp-753h"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gc5v-m9x4-r6x2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-h4gh-qq45-vh27"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hcc4-c3v8-rx92"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hgf8-39gv-g3f2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hrfv-mqp8-q5rw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jj8c-mmj3-mmgv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jjhc-v7c2-5hh6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jr27-m4p2-rc6r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m5qp-6w8w-w647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-m959-cc7f-wv43"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mf9v-mfxr-j63j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mj87-hwqh-73pj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mwh4-6h8g-pg8w"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p998-jp59-783m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-q34m-jh98-gwm2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qccp-gfcp-xxvc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qjxf-f2mg-c6mc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r6ph-v2qm-q3c2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r95x-qfjj-fjj2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v92g-xgxw-vvmm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vfmq-68hx-4jfw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w2fm-2cpv-w7v5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wxxx-gvqv-xp7p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xqmj-j6mv-4862"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46136"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12797"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49766"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49767"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66221"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0994"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21860"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22815"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25645"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27199"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27205"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27448"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31958"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34073"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34519"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34520"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34525"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35536"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40217"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40347"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41066"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44307"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44681"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45309"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4539"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48522"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48523"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48524"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48525"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48526"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48710"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8838"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2023-46136, CVE-2024-12797, CVE-2024-34069, CVE-2024-49766, CVE-2024-49767, CVE-2025-62727, CVE-2025-66221, CVE-2026-0994, CVE-2026-21860, CVE-2026-22815, CVE-2026-25645, CVE-2026-26007, CVE-2026-27199, CVE-2026-27205, CVE-2026-27448, CVE-2026-27459, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-34073, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-35536, CVE-2026-40217, CVE-2026-40347, CVE-2026-41066, CVE-2026-44307, CVE-2026-44431, CVE-2026-44432, CVE-2026-44681, CVE-2026-45309, CVE-2026-4539, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526, CVE-2026-48710, CVE-2026-8838, ghsa-29h4-r29x-hchv, ghsa-29vq-49wr-vm6x, ghsa-2g68-c3qc-8985, ghsa-2h4p-vjrc-8xpq, ghsa-2vrm-gr82-f7m5, ghsa-3wq7-rqq7-wx6j, ghsa-5239-wwwm-4pmq, ghsa-53mr-6c8q-9789, ghsa-63hf-3vf5-4wqf, ghsa-68rp-wp8r-4726, ghsa-752w-5fwx-jx9f, ghsa-78cv-mqj4-43f7, ghsa-79v4-65xg-pq4g, ghsa-7f5h-v6xp-fcq8, ghsa-7gcm-g887-7qv7, ghsa-87hc-h4r5-73f7, ghsa-966j-vmvw-g2g9, ghsa-c427-h43c-vf67, ghsa-f9vj-2wh5-fj8j, ghsa-fqwm-6jpj-5wxc, ghsa-g794-3fmp-753h, ghsa-gc5v-m9x4-r6x2, ghsa-h4gh-qq45-vh27, ghsa-hcc4-c3v8-rx92, ghsa-hgf8-39gv-g3f2, ghsa-hrfv-mqp8-q5rw, ghsa-jj8c-mmj3-mmgv, ghsa-jjhc-v7c2-5hh6, ghsa-jr27-m4p2-rc6r, ghsa-m5qp-6w8w-w647, ghsa-m959-cc7f-wv43, ghsa-mf9v-mfxr-j63j, ghsa-mj87-hwqh-73pj, ghsa-mwh4-6h8g-pg8w, ghsa-p998-jp59-783m, ghsa-q34m-jh98-gwm2, ghsa-qccp-gfcp-xxvc, ghsa-qjxf-f2mg-c6mc, ghsa-r6ph-v2qm-q3c2, ghsa-r95x-qfjj-fjj2, ghsa-v92g-xgxw-vvmm, ghsa-vfmq-68hx-4jfw, ghsa-w2fm-2cpv-w7v5, ghsa-wxxx-gvqv-xp7p, ghsa-xqmj-j6mv-4862 applied in versions: 3.1.8-r0, 3.1.8-r1, 3.1.8-r2, 3.1.8-r3",
"upstream": [
"CVE-2023-46136",
"CVE-2024-12797",
"CVE-2024-34069",
"CVE-2024-49766",
"CVE-2024-49767",
"CVE-2025-62727",
"CVE-2025-66221",
"CVE-2026-0994",
"CVE-2026-21860",
"CVE-2026-22815",
"CVE-2026-25645",
"CVE-2026-26007",
"CVE-2026-27199",
"CVE-2026-27205",
"CVE-2026-27448",
"CVE-2026-27459",
"CVE-2026-30922",
"CVE-2026-31958",
"CVE-2026-32597",
"CVE-2026-34073",
"CVE-2026-34513",
"CVE-2026-34514",
"CVE-2026-34515",
"CVE-2026-34516",
"CVE-2026-34517",
"CVE-2026-34518",
"CVE-2026-34519",
"CVE-2026-34520",
"CVE-2026-34525",
"CVE-2026-35536",
"CVE-2026-40217",
"CVE-2026-40347",
"CVE-2026-41066",
"CVE-2026-44307",
"CVE-2026-44431",
"CVE-2026-44432",
"CVE-2026-44681",
"CVE-2026-45309",
"CVE-2026-4539",
"CVE-2026-48522",
"CVE-2026-48523",
"CVE-2026-48524",
"CVE-2026-48525",
"CVE-2026-48526",
"CVE-2026-48710",
"CVE-2026-8838",
"ghsa-29h4-r29x-hchv",
"ghsa-29vq-49wr-vm6x",
"ghsa-2g68-c3qc-8985",
"ghsa-2h4p-vjrc-8xpq",
"ghsa-2vrm-gr82-f7m5",
"ghsa-3wq7-rqq7-wx6j",
"ghsa-5239-wwwm-4pmq",
"ghsa-53mr-6c8q-9789",
"ghsa-63hf-3vf5-4wqf",
"ghsa-68rp-wp8r-4726",
"ghsa-752w-5fwx-jx9f",
"ghsa-78cv-mqj4-43f7",
"ghsa-79v4-65xg-pq4g",
"ghsa-7f5h-v6xp-fcq8",
"ghsa-7gcm-g887-7qv7",
"ghsa-87hc-h4r5-73f7",
"ghsa-966j-vmvw-g2g9",
"ghsa-c427-h43c-vf67",
"ghsa-f9vj-2wh5-fj8j",
"ghsa-fqwm-6jpj-5wxc",
"ghsa-g794-3fmp-753h",
"ghsa-gc5v-m9x4-r6x2",
"ghsa-h4gh-qq45-vh27",
"ghsa-hcc4-c3v8-rx92",
"ghsa-hgf8-39gv-g3f2",
"ghsa-hrfv-mqp8-q5rw",
"ghsa-jj8c-mmj3-mmgv",
"ghsa-jjhc-v7c2-5hh6",
"ghsa-jr27-m4p2-rc6r",
"ghsa-m5qp-6w8w-w647",
"ghsa-m959-cc7f-wv43",
"ghsa-mf9v-mfxr-j63j",
"ghsa-mj87-hwqh-73pj",
"ghsa-mwh4-6h8g-pg8w",
"ghsa-p998-jp59-783m",
"ghsa-q34m-jh98-gwm2",
"ghsa-qccp-gfcp-xxvc",
"ghsa-qjxf-f2mg-c6mc",
"ghsa-r6ph-v2qm-q3c2",
"ghsa-r95x-qfjj-fjj2",
"ghsa-v92g-xgxw-vvmm",
"ghsa-vfmq-68hx-4jfw",
"ghsa-w2fm-2cpv-w7v5",
"ghsa-wxxx-gvqv-xp7p",
"ghsa-xqmj-j6mv-4862"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.