Common Weakness Enumeration

CWE-1284

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CVE-2026-57019 (GCVE-0-2026-57019)

Vulnerability from cvelistv5 – Published: 2026-07-09 21:04 – Updated: 2026-07-10 13:29
VLAI
Title
Junos OS: MX Series: Specific traffic causes an FPC to reset
Summary
An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). When a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered. Affected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE). When this issue happens the following logs can be observed: fpc<#> CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default fpc<#> Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default This issue affects Junos OS on MX Series: * all versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2-S4, * 24.4 versions before 24.4R2-S4, * 25.2 versions before 25.2R2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 23.2R2-S6 (custom)
Affected: 23.4 , < 23.4R2-S7 (custom)
Affected: 24.2 , < 24.2R2-S4 (custom)
Affected: 24.4 , < 24.4R2-S4 (custom)
Affected: 25.2 , < 25.2R2 (custom)
Create a notification for this product.
Date Public
2026-07-08 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-10T13:29:42.438982Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-10T13:29:55.755Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "23.2R2-S6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "23.4R2-S7",
              "status": "affected",
              "version": "23.4",
              "versionType": "custom"
            },
            {
              "lessThan": "24.2R2-S4",
              "status": "affected",
              "version": "24.2",
              "versionType": "custom"
            },
            {
              "lessThan": "24.4R2-S4",
              "status": "affected",
              "version": "24.4",
              "versionType": "custom"
            },
            {
              "lessThan": "25.2R2",
              "status": "affected",
              "version": "25.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-07-08T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cp\u003e\n\nWhen a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.\u003c/p\u003e\u003cp\u003eAffected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE).\u003c/p\u003e\u003cp\u003eWhen this issue happens the following logs can be observed:\u003c/p\u003e\u003ctt\u003efpc\u0026lt;#\u0026gt; CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default\u003cbr\u003e\u003c/tt\u003e\u003ctt\u003efpc\u0026lt;#\u0026gt; Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default\u003c/tt\u003e\u003cp\u003e\n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on MX Series:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S6,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S4,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\n\nWhen a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.\n\nAffected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE).\n\nWhen this issue happens the following logs can be observed:\n\nfpc\u003c#\u003e CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default\nfpc\u003c#\u003e Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default\n\n\n\n\nThis issue affects Junos OS on MX Series:\n\n\n  *  all versions before 23.2R2-S6,\n  *  23.4 versions before 23.4R2-S7,\n  *  24.2 versions before 24.2R2-S4,\n  *  24.4 versions before 24.4R2-S4,\n  *  25.2 versions before 25.2R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T21:04:41.927Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA110079"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S6, 23.4R2-S7, 24.2R2-S4, 24.4R2-S4, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 23.2R2-S6, 23.4R2-S7, 24.2R2-S4, 24.4R2-S4, 25.2R2, 25.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA110079",
        "defect": [
          "1912053"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: MX Series: Specific traffic causes an FPC to reset",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2026-57019",
    "datePublished": "2026-07-09T21:04:41.927Z",
    "dateReserved": "2026-06-23T16:27:00.248Z",
    "dateUpdated": "2026-07-10T13:29:55.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57023 (GCVE-0-2026-57023)

Vulnerability from cvelistv5 – Published: 2026-07-09 21:06 – Updated: 2026-07-10 15:28
VLAI
Title
Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash
Summary
An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS). When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered. This issue affects Junos OS on MX with SPC3, and SRX Series:  * 23.4 versions before 23.4R2-S7,  * 24.2 versions before 24.2R2-S4,  * 24.4 versions before 24.4R2-S3, * 25.2 versions before 25.2R2. This issue does not affect releases before 23.4R1.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 23.4 , < 23.4R2-S7 (custom)
Affected: 24.2 , < 24.2R2-S4 (custom)
Affected: 24.4 , < 24.4R2-S3 (custom)
Affected: 25.2 , < 25.2R2 (custom)
Create a notification for this product.
Date Public
2026-07-08 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57023",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-10T15:28:39.605123Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-10T15:28:45.274Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "SRX Series",
            "MX Series with SPC3"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "23.4R2-S7",
              "status": "affected",
              "version": "23.4",
              "versionType": "custom"
            },
            {
              "lessThan": "24.2R2-S4",
              "status": "affected",
              "version": "24.2",
              "versionType": "custom"
            },
            {
              "lessThan": "24.4R2-S3",
              "status": "affected",
              "version": "24.4",
              "versionType": "custom"
            },
            {
              "lessThan": "25.2R2",
              "status": "affected",
              "version": "25.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-07-08T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen TCP proxy is engaged in a flow session, to support ALGs,\u0026nbsp;Advanced Anti-Malware, ICAP\u0026nbsp;or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.\u003cbr\u003e\n\n\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on MX with SPC3, and SRX Series:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S3,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue does not affect releases before 23.4R1.\u003c/p\u003e"
            }
          ],
          "value": "An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).\n\nWhen TCP proxy is engaged in a flow session, to support ALGs,\u00a0Advanced Anti-Malware, ICAP\u00a0or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.\n\n\n\nThis issue affects Junos OS on MX with SPC3, and SRX Series:\u00a0\n\n\n\n  *  23.4 versions before 23.4R2-S7,\u00a0\n  *  24.2 versions before 24.2R2-S4,\u00a0\n  *  24.4 versions before 24.4R2-S3,\n  *  25.2 versions before 25.2R2.\n\n\n\n\nThis issue does not affect releases before 23.4R1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T21:06:34.219Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA110083"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S7, 24.2R2-S4, 24.4R2-S3, 25.2R2, 25.4R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA110083",
        "defect": [
          "1918795"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd crash",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue."
            }
          ],
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2026-57023",
    "datePublished": "2026-07-09T21:06:34.219Z",
    "dateReserved": "2026-06-23T16:27:00.248Z",
    "dateUpdated": "2026-07-10T15:28:45.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57053 (GCVE-0-2026-57053)

Vulnerability from cvelistv5 – Published: 2026-06-23 16:40 – Updated: 2026-06-23 17:40
VLAI
Summary
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
GNU libidn Affected: 0 , < 1.44 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57053",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T17:40:08.293205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T17:40:14.173Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libidn",
          "vendor": "GNU",
          "versions": [
            {
              "lessThan": "1.44",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:gnu:libidn:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.44",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU libidn before 1.44 is prone to out-of-bounds reads of\u00a0uninitialized memory in the ToUnicode APIs because of mishandling in\u00a0idna_to_unicode_internal. The affected code is not present in libidn2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T16:40:22.947Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://lists.gnu.org/archive/html/help-libidn/2026-06/msg00001.html"
        },
        {
          "url": "https://lists.gnu.org/archive/html/help-libidn/2026-05/msg00000.html"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-57053",
    "datePublished": "2026-06-23T16:40:22.947Z",
    "dateReserved": "2026-06-23T16:40:22.560Z",
    "dateUpdated": "2026-06-23T17:40:14.173Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57062 (GCVE-0-2026-57062)

Vulnerability from cvelistv5 – Published: 2026-06-23 17:26 – Updated: 2026-06-23 17:35
VLAI
Summary
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
GnuPG GnuPG Affected: 0 , ≤ 2.5.20 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T17:35:24.722258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T17:35:30.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GnuPG",
          "vendor": "GnuPG",
          "versions": [
            {
              "lessThanOrEqual": "2.5.20",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "2.5.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-23T17:26:25.133Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://blog.calif.io/p/how-to-format-a-ciphertext"
        },
        {
          "url": "https://www.gnupg.org/download/"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-57062",
    "datePublished": "2026-06-23T17:26:25.133Z",
    "dateReserved": "2026-06-23T17:26:24.801Z",
    "dateUpdated": "2026-06-23T17:35:30.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57623 (GCVE-0-2026-57623)

Vulnerability from cvelistv5 – Published: 2026-07-02 11:15 – Updated: 2026-07-02 14:37
VLAI
Title
WordPress W3 Total Cache plugin <= 2.9.4 - Arbitrary Code Execution vulnerability
Summary
Unauthenticated Arbitrary Code Execution in W3 Total Cache <= 2.9.4 versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
BoldGrid W3 Total Cache Affected: n/a , ≤ 2.9.4 (custom)
Create a notification for this product.
Credits
Ananda Dhakal (Patchstack) | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57623",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T14:37:09.943172Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T14:37:19.947Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "W3 Total Cache",
          "vendor": "BoldGrid",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.10.0",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.9.4",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ananda Dhakal (Patchstack) | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unauthenticated Arbitrary Code Execution in W3 Total Cache \u003c= 2.9.4 versions."
            }
          ],
          "value": "Unauthenticated Arbitrary Code Execution in W3 Total Cache \u003c= 2.9.4 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T11:26:52.456Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/w3-total-cache/vulnerability/wordpress-w3-total-cache-plugin-2-9-4-arbitrary-code-execution-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress W3 Total Cache Plugin to the latest available version (at least 2.10.0)."
            }
          ],
          "value": "Update the WordPress W3 Total Cache Plugin to the latest available version (at least 2.10.0)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress W3 Total Cache plugin \u003c= 2.9.4 - Arbitrary Code Execution vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-57623",
    "datePublished": "2026-07-02T11:15:25.775Z",
    "dateReserved": "2026-06-25T08:03:02.838Z",
    "dateUpdated": "2026-07-02T14:37:19.947Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-59879 (GCVE-0-2026-59879)

Vulnerability from cvelistv5 – Published: 2026-07-08 15:47 – Updated: 2026-07-08 19:41
VLAI
Title
Immutable.js `List` 32-bit trie overflow → unrecoverable DoS
Summary
Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js, causing an empty List to enter an uncatchable infinite loop, a populated List to allocate without bound until process abort, or setSize to silently wrap large values. This issue is fixed in versions 4.3.9 and 5.1.8.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-190 - Integer Overflow or Wraparound
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
immutable-js immutable-js Affected: >= 5.0.0-beta.1, < 5.1.8
Affected: < 4.3.9
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-59879",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-08T17:51:48.441737Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-08T19:41:12.330Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-v56q-mh7h-f735"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "immutable-js",
          "vendor": "immutable-js",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-beta.1, \u003c 5.1.8"
            },
            {
              "status": "affected",
              "version": "\u003c 4.3.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List#set, List#setSize, List#setIn, List#updateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 ** 30 to 2 ** 31 in setListBounds in src/List.js, causing an empty List to enter an uncatchable infinite loop, a populated List to allocate without bound until process abort, or setSize to silently wrap large values. This issue is fixed in versions 4.3.9 and 5.1.8."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T15:47:24.885Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-v56q-mh7h-f735",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-v56q-mh7h-f735"
        },
        {
          "name": "https://github.com/immutable-js/immutable-js/commit/a1a1ee412dcaa380ab325196283d06594ffe4b84",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/immutable-js/immutable-js/commit/a1a1ee412dcaa380ab325196283d06594ffe4b84"
        },
        {
          "name": "https://github.com/immutable-js/immutable-js/commit/f0bc997d8eb9886aff2236635aa210a95a04304a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/immutable-js/immutable-js/commit/f0bc997d8eb9886aff2236635aa210a95a04304a"
        },
        {
          "name": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.9"
        },
        {
          "name": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.8"
        }
      ],
      "source": {
        "advisory": "GHSA-v56q-mh7h-f735",
        "discovery": "UNKNOWN"
      },
      "title": "Immutable.js `List` 32-bit trie overflow \u2192 unrecoverable DoS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-59879",
    "datePublished": "2026-07-08T15:47:24.885Z",
    "dateReserved": "2026-07-07T16:40:07.982Z",
    "dateUpdated": "2026-07-08T19:41:12.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-59930 (GCVE-0-2026-59930)

Vulnerability from cvelistv5 – Published: 2026-07-08 16:13 – Updated: 2026-07-09 13:54
VLAI
Title
Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content
Summary
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id="toc_N" content to collide with generated anchors and redirect same-page navigation, CSS selectors, or JavaScript handlers. This issue is fixed in version 3.3.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-345 - Insufficient Verification of Data Authenticity
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
lepture mistune Affected: < 3.3.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-59930",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-09T13:53:53.247241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-09T13:54:33.627Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/lepture/mistune/security/advisories/GHSA-2hm2-hc3v-44h9"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mistune",
          "vendor": "lepture",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable toc_N values without slugifying the heading text, allowing attacker-controlled id=\"toc_N\" content to collide with generated anchors and redirect same-page navigation, CSS selectors, or JavaScript handlers. This issue is fixed in version 3.3.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T16:13:21.999Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/lepture/mistune/security/advisories/GHSA-2hm2-hc3v-44h9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/lepture/mistune/security/advisories/GHSA-2hm2-hc3v-44h9"
        },
        {
          "name": "https://github.com/lepture/mistune/commit/c4093c4742ed0d10d9332fb8edb455869b7b581b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lepture/mistune/commit/c4093c4742ed0d10d9332fb8edb455869b7b581b"
        },
        {
          "name": "https://github.com/lepture/mistune/releases/tag/v3.3.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lepture/mistune/releases/tag/v3.3.0"
        }
      ],
      "source": {
        "advisory": "GHSA-2hm2-hc3v-44h9",
        "discovery": "UNKNOWN"
      },
      "title": "Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id=\"toc_N\"` content"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-59930",
    "datePublished": "2026-07-08T16:13:21.999Z",
    "dateReserved": "2026-07-07T18:20:06.126Z",
    "dateUpdated": "2026-07-09T13:54:33.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-59997 (GCVE-0-2026-59997)

Vulnerability from cvelistv5 – Published: 2026-07-08 00:09 – Updated: 2026-07-08 12:52
VLAI
Summary
internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
OpenBSD OpenSSH Affected: 0 , < 10.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-59997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-08T12:52:00.795684Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-08T12:52:08.430Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSH",
          "vendor": "OpenBSD",
          "versions": [
            {
              "lessThan": "10.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T00:09:04.920Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/07/06/5"
        },
        {
          "url": "https://marc.info/?l=openssh-unix-dev\u0026m=178333966933090\u0026w=2"
        },
        {
          "url": "https://www.openssh.org/releasenotes.html#10.4p1"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-59997",
    "datePublished": "2026-07-08T00:09:04.920Z",
    "dateReserved": "2026-07-08T00:09:04.544Z",
    "dateUpdated": "2026-07-08T12:52:08.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6839 (GCVE-0-2026-6839)

Vulnerability from cvelistv5 – Published: 2026-04-22 06:07 – Updated: 2026-04-22 12:30
VLAI
Summary
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper validation of specified quantity in input
References
Impacted products
Vendor Product Version
Samsung Open Source ONE Affected: 1.30.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6839",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T12:29:51.595229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T12:30:25.364Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ONE",
          "vendor": "Samsung Open Source",
          "versions": [
            {
              "status": "affected",
              "version": "1.30.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\u003cbr\u003eAffected version is prior to commit  1.30.0."
            }
          ],
          "value": "Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE\nAffected version is prior to commit  1.30.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper validation of specified quantity in input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T06:07:06.857Z",
        "orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
        "shortName": "samsung.tv_appliance"
      },
      "references": [
        {
          "url": "https://github.com/Samsung/ONE/pull/16481"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe",
    "assignerShortName": "samsung.tv_appliance",
    "cveId": "CVE-2026-6839",
    "datePublished": "2026-04-22T06:07:06.857Z",
    "dateReserved": "2026-04-22T06:03:50.823Z",
    "dateUpdated": "2026-04-22T12:30:25.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6915 (GCVE-0-2026-6915)

Vulnerability from cvelistv5 – Published: 2026-04-29 16:51 – Updated: 2026-04-29 17:49
VLAI
Title
Flaw in the updateUser Command May Allow Unauthorized Configuration Change
Summary
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper validation of specified quantity in input
Assigner
References
Impacted products
Vendor Product Version
MongoDB MongoDB Server Affected: 8.2.0 , < 8.2.7 (custom)
Affected: 8.0.0 , < 8.0.21 (custom)
Affected: 7.0.0 , < 7.0.32 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T17:49:12.354730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T17:49:18.851Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB",
          "versions": [
            {
              "lessThan": "8.2.7",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.21",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.32",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account."
            }
          ],
          "value": "An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper validation of specified quantity in input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-29T16:51:01.903Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "url": "https://jira.mongodb.org/browse/SERVER-119679"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Flaw in the updateUser Command May Allow Unauthorized Configuration Change",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2026-6915",
    "datePublished": "2026-04-29T16:51:01.903Z",
    "dateReserved": "2026-04-23T14:59:47.210Z",
    "dateUpdated": "2026-04-29T17:49:18.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-5

Phase: Implementation

Strategy: Input Validation

Description:

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page