Common Weakness Enumeration

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

CVE-2025-8672 (GCVE-0-2025-8672)

Vulnerability from cvelistv5 – Published: 2025-08-11 12:21 – Updated: 2025-08-11 19:45 X_Open Source
VLAI
Title
TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app
Summary
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent. This issue has been fixed in 3.1.4.2 version of GIMP.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
GIMP GIMP Affected: 0 , < 3.1.4.2 (custom)
Create a notification for this product.
Date Public
2025-08-11 12:00
Credits
Karol Mazurek - Afine Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8672",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-11T19:45:01.431476Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-11T19:45:08.822Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "GIMP",
          "repo": "https://gitlab.gnome.org/GNOME/gimp/",
          "vendor": "GIMP",
          "versions": [
            {
              "lessThan": "3.1.4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Karol Mazurek - Afine Team"
        }
      ],
      "datePublic": "2025-08-11T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "MacOS version of GIMP bundles a \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePython\u003c/span\u003e interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker\u0027s malicious intent.\u003cbr\u003e\u003cbr\u003eThis issue has been fixed in 3.1.4.2 version of GIMP.\u003cbr\u003e"
            }
          ],
          "value": "MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions\ngranted by the user to the main application bundle. An attacker with local user access can\ninvoke this interpreter with arbitrary commands or scripts, leveraging the\napplication\u0027s previously granted TCC permissions to access user\u0027s files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker\u0027s malicious intent.\n\nThis issue has been fixed in 3.1.4.2 version of GIMP."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-11T15:13:02.758Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://gitlab.gnome.org/Infrastructure/gimp-macos-build"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/08/tcc-bypass/"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/13848"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-8672",
    "datePublished": "2025-08-11T12:21:48.487Z",
    "dateReserved": "2025-08-06T12:01:36.272Z",
    "dateUpdated": "2025-08-11T19:45:08.822Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8766 (GCVE-0-2025-8766)

Vulnerability from cvelistv5 – Published: 2026-03-13 02:48 – Updated: 2026-07-15 01:24
VLAI
Title
Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
Summary
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782932114 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782931768 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782932104 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783536000 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783535989 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783536515 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782932521 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783018461 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783018421 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782932812 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783537001 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782932919 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783537586 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782932969 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782933015 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782933042 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783537392 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782933235 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782933251 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783537955 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782933417 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783537742 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782933602 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1783019377 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782934054 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782934036 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Red Hat Red Hat Openshift Data Foundation 4.22 Unaffected: 1782934284 , < * (rpm)
    cpe:/a:redhat:openshift_data_foundation:4.22::el9
Create a notification for this product.
Date Public
2026-03-13 02:37
Credits
Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8766",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-13T14:13:26.491349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-13T14:13:35.211Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/cephcsi-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782932114",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/cephcsi-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782931768",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/devicefinder-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782932104",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/mcg-core-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783536000",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/mcg-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783535989",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/ocs-client-console-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783536515",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/ocs-client-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782932521",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/ocs-metrics-exporter-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783018461",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/ocs-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783018421",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-blackbox-exporter-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782932812",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-cli-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783537001",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-cloudnative-pg-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782932919",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-console-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783537586",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-cosi-sidecar-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782932969",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-csi-addons-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782933015",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782933042",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-drbd-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783537392",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-external-snapshotter-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782933235",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-external-snapshotter-sidecar-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782933251",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-multicluster-console-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783537955",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-multicluster-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782933417",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-must-gather-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783537742",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odf-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782933602",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odr-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1783019377",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odr-volsync-plugin-mover-rhel9",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782934054",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/odr-volsync-plugin-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782934036",
                "versionType": "rpm"
              }
            ]
          },
          {
            "collectionURL": "https://catalog.redhat.com/software/containers/",
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
            ],
            "defaultStatus": "affected",
            "packageName": "odf4/rook-ceph-rhel9-operator",
            "product": "Red Hat Openshift Data Foundation 4.22",
            "vendor": "Red Hat",
            "versions": [
              {
                "lessThan": "*",
                "status": "unaffected",
                "version": "1782934284",
                "versionType": "rpm"
              }
            ]
          }
        ],
        "datePublic": "2026-03-13T02:37:00.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-276",
                "description": "Incorrect Default Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T01:24:27.891Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2025-8766"
          },
          {
            "name": "RHBZ#2387265",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387265"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8766.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:37387"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:37387: Red Hat Openshift Data Foundation 4.22"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-08-08T16:08:17.737Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-03-13T02:37:00.000Z",
            "value": "Made public."
          }
        ],
        "title": "noobaa-core: Excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/cephcsi-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782932114",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/cephcsi-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782931768",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/devicefinder-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782932104",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-core-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783536000",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/mcg-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783535989",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-console-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783536515",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-client-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782932521",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-metrics-exporter-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783018461",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/ocs-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783018421",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-blackbox-exporter-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782932812",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cli-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783537001",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cloudnative-pg-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782932919",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-console-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783537586",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-cosi-sidecar-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782932969",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782933015",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-csi-addons-sidecar-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782933042",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-drbd-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783537392",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-external-snapshotter-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782933235",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-external-snapshotter-sidecar-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782933251",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-console-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783537955",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-multicluster-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782933417",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-must-gather-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783537742",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odf-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782933602",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1783019377",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-volsync-plugin-mover-rhel9",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782934054",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/odr-volsync-plugin-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782934036",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "odf4/rook-ceph-rhel9-operator",
          "product": "Red Hat Openshift Data Foundation 4.22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782934284",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue."
        }
      ],
      "datePublic": "2026-03-13T02:37:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-09T15:03:31.630Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:37387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:37387"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-8766"
        },
        {
          "name": "RHBZ#2387265",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387265"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-08T16:08:17.737Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-13T02:37:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-276: Incorrect Default Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-8766",
    "datePublished": "2026-03-13T02:48:19.748Z",
    "dateReserved": "2025-08-08T16:07:52.076Z",
    "dateUpdated": "2026-07-15T01:24:27.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9190 (GCVE-0-2025-9190)

Vulnerability from cvelistv5 – Published: 2025-08-26 12:22 – Updated: 2025-08-26 13:58 X_Open Source
VLAI
Title
TCC Bypass via misconfigured Node fuses in Cursor
Summary
The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Cursor, potentially disguising attacker's malicious intent. This issue was detected in 15.4.1 version of Cursor. Project maintainers decided not to fix this issue, because a scenario including a local attacker falls outside their defined threat model.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
Impacted products
Vendor Product Version
Cursor Cursor Affected: 15.4.1
Create a notification for this product.
Date Public
2025-08-26 12:19
Credits
Karol Mazurek - AFINE Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9190",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T13:55:08.869238Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T13:58:15.556Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "MacOS"
          ],
          "product": "Cursor",
          "repo": "https://github.com/cursor/cursor",
          "vendor": "Cursor",
          "versions": [
            {
              "status": "affected",
              "version": "15.4.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Karol Mazurek - AFINE Team"
        }
      ],
      "datePublic": "2025-08-26T12:19:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The configuration of Cursor on macOS, specifically the \"RunAsNode\" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. \u003cbr\u003eAcquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Cursor, potentially disguising attacker\u0027s malicious intent. \u003cbr\u003e\u003cbr\u003eThis issue was detected in 15.4.1 version of Cursor. Project maintainers decided not to fix this issue, because a scenario including a local attacker falls outside their defined threat model.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "The configuration of Cursor on macOS, specifically the \"RunAsNode\" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. \nAcquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Cursor, potentially disguising attacker\u0027s malicious intent. \n\nThis issue was detected in 15.4.1 version of Cursor. Project maintainers decided not to fix this issue, because a scenario including a local attacker falls outside their defined threat model."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-26T12:22:59.617Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://afine.com/threat-of-tcc-bypasses-on-macos/#cooking-cursor-app"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/cursor/cursor"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/posts/2025/08/tcc-bypass/"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/cursor/cursor/security/advisories/GHSA-xp8w-f7f4-r544"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "TCC Bypass via misconfigured Node fuses in Cursor",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-9190",
    "datePublished": "2025-08-26T12:22:59.617Z",
    "dateReserved": "2025-08-19T16:54:31.345Z",
    "dateUpdated": "2025-08-26T13:58:15.556Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2026-0432 (GCVE-0-2026-0432)

Vulnerability from cvelistv5 – Published: 2026-05-15 01:46 – Updated: 2026-05-16 03:56
VLAI
Summary
Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
AMD
Impacted products
Vendor Product Version
AMD AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 7040 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 7020 Series Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 7045 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 7000 Series Desktop Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 3000 Series Desktop Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 3000 WX-Series Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ 3000 Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 9000HX Series Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ AI 300 Series Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 5000 WX-Series Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ 7000 Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ Threadripper™ PRO 7000 WX-Series Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 8000 Series Desktop Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 9000 Series Desktop Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 4000 Series Desktop Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Desktop Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 5000 Series Desktop Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 8040 Series Mobile Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ AI Max 300 Series Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ AI 400 Series Processors Unaffected: AMD Ryzen™ Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD Ryzen™ Embedded R1000 Series Processors Unaffected: Q1 - 2026 AMD Embedded V1000,R1000,R2000,V2000 Windows Chipset driver (72258)
Create a notification for this product.
AMD AMD Ryzen™ Embedded R2000 Series Processors Unaffected: Q1 - 2026 AMD Embedded V1000,R1000,R2000,V2000 Windows Chipset driver (72258)
Create a notification for this product.
AMD AMD Ryzen™ Embedded V1000 Series Processors (formerly codenamed "Raven Ridge") Unaffected: Q1 - 2026 AMD Embedded V1000,R1000,R2000,V2000 Windows Chipset driver (72258)
Create a notification for this product.
AMD AMD Ryzen™ Embedded V2000 Series Processors Unaffected: Q1 - 2026 AMD Embedded V1000,R1000,R2000,V2000 Windows Chipset driver (72258)
Create a notification for this product.
AMD AMD EPYC™ Embedded 8004 Series Processors Unaffected: Q2-2026 AMD Emb Win Chipset drivers[Venice,Turin,Siena](72501)
Create a notification for this product.
AMD AMD Ryzen™ Embedded 8000 Series Processors Unaffected: Q1- 2026 AMD Embedded Ryzen7000,Ryzen8000,Ryzen9000 Windows Chipset driver (72244)
Create a notification for this product.
AMD AMD Ryzen™ Embedded 7000 Series Processors Unaffected: Q1- 2026 AMD Embedded Ryzen7000,Ryzen8000,Ryzen9000 Windows Chipset driver (72244)
Create a notification for this product.
AMD AMD EPYC™ Embedded 9005 Series Processors Unaffected: Q2-2026 AMD Emb Win Chipset drivers[Venice,Turin,Siena](72501)
Create a notification for this product.
AMD AMD Ryzen™ Embedded 9000 Series Processors Unaffected: Q1- 2026 AMD Embedded Ryzen7000,Ryzen8000,Ryzen9000 Windows Chipset driver (72244)
Create a notification for this product.
AMD AMD EPYC™ 9004 Series Processors Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD EPYC™ 7003 Series Processors Unaffected: AMD Server Software 8.03.14.329
Create a notification for this product.
AMD AMD EPYC™ 7002 Series Processors Unaffected: AMD Server Software 8.03.14.329
Create a notification for this product.
AMD AMD EPYC™ 7001 Series Processors Unaffected: AMD Server Software 8.03.14.329
Create a notification for this product.
AMD AMD EPYC™ 4004 Series Processors Unaffected: AMD Chipset Driver 8.01.20.513
Create a notification for this product.
AMD AMD EPYC™ 9005 Series Processors Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD Instinct™ MI300A Series Processors Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD EPYC™ 9V64H Processor Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD EPYC™ 8004 Series Processors Unaffected: AMD Server Software 8.03.16.641
Create a notification for this product.
AMD AMD EPYC™ 4005 Series Processors Unaffected: AMD Chipset Driver 8.01.20.513
Create a notification for this product.
Date Public
2026-05-15 01:44
Credits
Reported through AMD Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0432",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-16T03:56:10.732Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7035 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7045 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 3000 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000HX Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI 300 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Athlon\u2122 3000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 5000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 7000 Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 7000 WX-Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 9000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 8040 Series Mobile Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 6000 Series Processors with Radeon\u2122 Graphics",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI Max 300 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 AI 400 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Ryzen\u2122 Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R1000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q1 - 2026 AMD Embedded V1000,R1000,R2000,V2000 Windows Chipset driver (72258)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded R2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q1 - 2026 AMD Embedded V1000,R1000,R2000,V2000 Windows Chipset driver (72258)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V1000 Series Processors (formerly codenamed \"Raven Ridge\")",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q1 - 2026 AMD Embedded V1000,R1000,R2000,V2000 Windows Chipset driver (72258)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q1 - 2026 AMD Embedded V1000,R1000,R2000,V2000 Windows Chipset driver (72258)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 8004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q2-2026 AMD Emb Win Chipset drivers[Venice,Turin,Siena](72501)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 8000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q1- 2026 AMD Embedded Ryzen7000,Ryzen8000,Ryzen9000 Windows Chipset driver (72244)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 7000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q1- 2026 AMD Embedded Ryzen7000,Ryzen8000,Ryzen9000 Windows Chipset driver (72244)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 Embedded 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q2-2026 AMD Emb Win Chipset drivers[Venice,Turin,Siena](72501)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Ryzen\u2122 Embedded 9000 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "Q1- 2026 AMD Embedded Ryzen7000,Ryzen8000,Ryzen9000 Windows Chipset driver (72244)"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7003 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.14.329"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7002 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.14.329"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 7001 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.14.329"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 4004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Chipset Driver 8.01.20.513"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 9V64H Processor",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 8004 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Server Software 8.03.16.641"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD EPYC\u2122 4005 Series Processors",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "AMD Chipset Driver 8.01.20.513"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Reported through AMD Bug Bounty Program"
        }
      ],
      "datePublic": "2026-05-15T01:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.\u003cbr\u003e"
            }
          ],
          "value": "Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276  Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T01:46:53.761Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4015.html"
        },
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3047.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2026-0432",
    "datePublished": "2026-05-15T01:46:24.662Z",
    "dateReserved": "2025-12-06T13:53:34.788Z",
    "dateUpdated": "2026-05-16T03:56:10.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0539 (GCVE-0-2026-0539)

Vulnerability from cvelistv5 – Published: 2026-04-22 13:02 – Updated: 2026-04-22 14:09
VLAI
Title
Local Privilege Escalation in pcvisit service client
Summary
Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
URL Tags
https://www.pcvisit.de/kundenbereich/release-notes release-notes
https://labs.infoguard.ch/advisories/cve-2026-053… third-party-advisorytechnical-description
Impacted products
Vendor Product Version
pcvisit pcvisit Remote Host Modul Affected: 22.6.22.1329 , < 25.12.3.1745 (custom)
Unaffected: 0 , < 22.6.22.1329 (custom)
Unaffected: 25.12.3.1745
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:06:45.464940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:09:01.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "pcvisit Remote Host Modul",
          "vendor": "pcvisit",
          "versions": [
            {
              "lessThan": "25.12.3.1745",
              "status": "affected",
              "version": "22.6.22.1329",
              "versionType": "custom"
            },
            {
              "lessThan": "22.6.22.1329",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "25.12.3.1745"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after\u0026nbsp;22.6.22.1329 and was fixed in 25.12.3.1745."
            }
          ],
          "value": "Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\\SYSTEM privileges on boot. This issue affects all versions after\u00a022.6.22.1329 and was fixed in 25.12.3.1745."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T13:02:01.750Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://www.pcvisit.de/kundenbereich/release-notes"
        },
        {
          "tags": [
            "third-party-advisory",
            "technical-description"
          ],
          "url": "https://labs.infoguard.ch/advisories/cve-2026-0539_pcvisit_local-privilege-escalation/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Local Privilege Escalation in pcvisit service client",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2026-0539",
    "datePublished": "2026-04-22T13:02:01.750Z",
    "dateReserved": "2025-12-23T13:06:22.032Z",
    "dateUpdated": "2026-04-22T14:09:01.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0705 (GCVE-0-2026-0705)

Vulnerability from cvelistv5 – Published: 2026-01-27 16:43 – Updated: 2026-01-27 18:22
VLAI
Summary
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Acronis Acronis Cloud Manager Affected: unspecified , < 6.4.25342.354 (semver)
Create a notification for this product.
Credits
@satz4797 (https://hackerone.com/satz4797)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-27T18:20:23.866068Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-27T18:22:08.142Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Acronis Cloud Manager",
          "vendor": "Acronis",
          "versions": [
            {
              "lessThan": "6.4.25342.354",
              "status": "affected",
              "version": "unspecified",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "@satz4797 (https://hackerone.com/satz4797)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-27T16:43:42.575Z",
        "orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
        "shortName": "Acronis"
      },
      "references": [
        {
          "name": "SEC-7316",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security-advisory.acronis.com/advisories/SEC-7316"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
    "assignerShortName": "Acronis",
    "cveId": "CVE-2026-0705",
    "datePublished": "2026-01-27T16:43:42.575Z",
    "dateReserved": "2026-01-08T02:16:38.875Z",
    "dateUpdated": "2026-01-27T18:22:08.142Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11931 (GCVE-0-2026-11931)

Vulnerability from cvelistv5 – Published: 2026-06-15 18:33 – Updated: 2026-06-15 20:08
VLAI
Title
Insecure Permissions on Authentication Token Cache File in Kiro IDE
Summary
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600). To remediate this issue, users should upgrade to Kiro IDE version 0.11.133 or later. After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh. Users operating in a multi-user environment can invalidate existing tokens by reauthenticating.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect default permissions
Assigner
Impacted products
Vendor Product Version
AWS Kiro IDE Affected: 0 , < 0.11.133 (custom)
Create a notification for this product.
Date Public
2026-06-15 18:18
Credits
BeyondTrust Phantom Labs
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-15T20:08:01.322028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-15T20:08:12.566Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux",
            "MacOS"
          ],
          "product": "Kiro IDE",
          "vendor": "AWS",
          "versions": [
            {
              "lessThan": "0.11.133",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:aws:kiro_ide:*:*:linux:*:*:*:*:*",
                  "versionEndExcluding": "0.11.133",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:aws:kiro_ide:*:*:macos:*:*:*:*:*",
                  "versionEndExcluding": "0.11.133",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "BeyondTrust Phantom Labs"
        }
      ],
      "datePublic": "2026-06-15T18:18:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIncorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600).\u003c/p\u003e\u003cp\u003eTo remediate this issue, users should upgrade to Kiro IDE version 0.11.133 or later. After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh. Users operating in a multi-user environment can invalidate existing tokens by reauthenticating.\u003c/p\u003e"
            }
          ],
          "value": "Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600).\n\n\n\nTo remediate this issue, users should upgrade to Kiro IDE version 0.11.133 or later. After upgrading and restarting the application, the cache file permissions are automatically updated on the next token refresh. Users operating in a multi-user environment can invalidate existing tokens by reauthenticating."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-1",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect default permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-15T18:33:27.898Z",
        "orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "shortName": "AMZN"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://kiro.dev/changelog/ide/0-11/#patch-0-11-133"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://aws.amazon.com/security/security-bulletins/2026-045-aws/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insecure Permissions on Authentication Token Cache File in Kiro IDE",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
    "assignerShortName": "AMZN",
    "cveId": "CVE-2026-11931",
    "datePublished": "2026-06-15T18:33:27.898Z",
    "dateReserved": "2026-06-10T18:47:16.836Z",
    "dateUpdated": "2026-06-15T20:08:12.566Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12602 (GCVE-0-2026-12602)

Vulnerability from cvelistv5 – Published: 2026-06-22 12:34 – Updated: 2026-06-22 15:52
VLAI
Title
Incorrect permissions in ArubaSign by Aruba
Summary
Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive permissions for the ‘Everyone’ group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect default permissions
Assigner
Impacted products
Vendor Product Version
Aruba ArubaSign Affected: 0 , < 4.6.6 (custom)
Create a notification for this product.
Date Public
2026-06-22 12:31
Credits
Andrea Intilangelo (acme)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-12602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T15:52:10.919361Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T15:52:23.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ArubaSign",
          "vendor": "Aruba",
          "versions": [
            {
              "lessThan": "4.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrea Intilangelo (acme)"
        }
      ],
      "datePublic": "2026-06-22T12:31:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software\u2019s default installation, whereby the main executable and other programme files located in C:\\Program Files have excessive permissions for the \u2018Everyone\u2019 group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity."
            }
          ],
          "value": "Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software\u2019s default installation, whereby the main executable and other programme files located in C:\\Program Files have excessive permissions for the \u2018Everyone\u2019 group. This could allow an unprivileged user to replace the main executable and/or its components with a malicious file, thereby enabling the execution of arbitrary code. In the worst-case scenario, if the malicious code is executed with elevated privileges (such as those of Administrator or SYSTEM), the attacker could escalate privileges and gain full control of the system, compromising both security and data integrity."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect default permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T12:34:49.092Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/incorrect-permissions-arubasign-aruba"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "No solution has been reported as yet."
            }
          ],
          "value": "No solution has been reported as yet."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Incorrect permissions in ArubaSign by Aruba",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2026-12602",
    "datePublished": "2026-06-22T12:34:49.092Z",
    "dateReserved": "2026-06-18T11:18:05.156Z",
    "dateUpdated": "2026-06-22T15:52:23.747Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12823 (GCVE-0-2026-12823)

Vulnerability from cvelistv5 – Published: 2026-06-21 23:45 – Updated: 2026-07-03 04:05
VLAI
Title
Browserbase Skills Autobrowse Trace Artifact default permission
Summary
A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The first version of the CVE listed Browserbase itself as affected product. This was incorrect as this issue does affect browserbase/skills instead. The vendor was contacted early about this disclosure.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
Browserbase Skills Affected: 20260526
    cpe:2.3:a:browserbase:skills:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
vaibhavnarkhede (VulDB User) vaibhavnarkhede (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-12823",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T14:02:23.565503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T14:19:20.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:browserbase:skills:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Autobrowse Trace Artifact Handler"
          ],
          "product": "Skills",
          "vendor": "Browserbase",
          "versions": [
            {
              "status": "affected",
              "version": "20260526"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "vaibhavnarkhede (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "vaibhavnarkhede (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The first version of the CVE listed Browserbase itself as affected product. This was incorrect as this issue does affect browserbase/skills instead. The vendor was contacted early about this disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-03T04:05:07.713Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-372613 | Browserbase Skills Autobrowse Trace Artifact default permission",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/372613"
        },
        {
          "name": "VDB-372613 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/372613/cti"
        },
        {
          "name": "CVE-2026-12823 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-12823"
        },
        {
          "name": "Submit #837600 | Browserbase Browserbase Skills latest main branch prior to fix (tested May 2026) Information Disclosure / Insecure File Permissions",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/837600"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-12823%20-%20Browserbase%20Skills%20Autobrowse%20Trace%20Artifact%20Insecure%20File%20Permissions/Advisory.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-12823%20-%20Browserbase%20Skills%20Autobrowse%20Trace%20Artifact%20Insecure%20File%20Permissions/poc.sh"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-03T06:09:55.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Browserbase Skills Autobrowse Trace Artifact default permission"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-12823",
    "datePublished": "2026-06-21T23:45:08.247Z",
    "dateReserved": "2026-06-21T13:17:40.650Z",
    "dateUpdated": "2026-07-03T04:05:07.713Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2026 (GCVE-0-2026-2026)

Vulnerability from cvelistv5 – Published: 2026-02-13 16:14 – Updated: 2026-02-13 16:58
VLAI
Title
Improper Access Control Allows Denial of Service
Summary
A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
Vendor Product Version
Tenable Agent Affected: 11.1.0 , < 11.1.2 (semver)
Affected: 0 , < 11.0.4 (semver)
Create a notification for this product.
Date Public
2026-02-12 19:00
Credits
Lockheed Martin Red Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2026",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-13T16:58:49.586878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-13T16:58:59.807Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows"
          ],
          "product": "Agent",
          "vendor": "Tenable",
          "versions": [
            {
              "lessThan": "11.1.2",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.0.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*",
                  "versionEndExcluding": "11.1.2",
                  "versionStartIncluding": "11.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:tenable:agent:*:*:windows:*:*:*:*:*",
                  "versionEndExcluding": "11.0.4",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Lockheed Martin Red Team"
        }
      ],
      "datePublic": "2026-02-12T19:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."
            }
          ],
          "value": "A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "PROOF_OF_CONCEPT",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276 Incorrect Default Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T16:14:23.789Z",
        "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
        "shortName": "tenable"
      },
      "references": [
        {
          "url": "https://www.tenable.com/security/tns-2026-05"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal (\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/nessus)\"\u003ehttps://www.tenable.com/downloads/nessus)\u003c/a\u003e.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Tenable has released Nessus Agent 11.0.4 and 11.1.2 to address these issues. The installation files can be obtained from the Tenable Downloads Portal ( https://www.tenable.com/downloads/nessus) ."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Improper Access Control Allows Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
    "assignerShortName": "tenable",
    "cveId": "CVE-2026-2026",
    "datePublished": "2026-02-13T16:14:23.789Z",
    "dateReserved": "2026-02-05T21:05:54.081Z",
    "dateUpdated": "2026-02-13T16:58:59.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-1

Phases: Architecture and Design, Operation

Description:

  • The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Mitigation ID: MIT-46

Phase: Architecture and Design

Strategy: Separation of Privilege

Description:

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs

In applications, particularly web applications, access to functionality is mitigated by an authorization framework. This framework maps Access Control Lists (ACLs) to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application, or can run queries for data that they otherwise not supposed to.

CAPEC-127: Directory Indexing

An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.

CAPEC-81: Web Server Logs Tampering

Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.

Back to CWE stats page