CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
CVE-2026-6553 (GCVE-0-2026-6553)
Vulnerability from cvelistv5 – Published: 2026-04-21 10:04 – Updated: 2026-04-21 13:20
VLAI
Title
TYPO3 CMS Stores Cleartext Password in User Settings Module
Summary
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.
Severity
CWE
- CWE-312 - Cleartext storage of sensitive information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://typo3.org/security/advisory/typo3-core-sa… | vendor-advisory |
| https://github.com/TYPO3/typo3/commit/9a6e913f707… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T13:20:11.733627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T13:20:23.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "typo3/cms-backend",
"product": "TYPO3 CMS",
"repo": "https://github.com/TYPO3/typo3",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "14.3.0",
"status": "affected",
"version": "14.2.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.3.0",
"versionStartIncluding": "14.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Martin Clewing"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Garvin Hicking"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stefan B\u00fcrk"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Oliver Hader"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Changing backend users\u0027 passwords via the user settings module results in storing the cleartext password in the \u003ccode\u003euc\u003c/code\u003e and \u003ccode\u003euser_settings\u003c/code\u003e fields of the \u003ccode\u003ebe_users\u003c/code\u003e database table. This issue affects TYPO3 CMS version 14.2.0."
}
],
"value": "Changing backend users\u0027 passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext storage of sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T10:08:27.342Z",
"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"shortName": "TYPO3"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005"
},
{
"name": "Git commit of main branch",
"tags": [
"patch"
],
"url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TYPO3 CMS Stores Cleartext Password in User Settings Module",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"assignerShortName": "TYPO3",
"cveId": "CVE-2026-6553",
"datePublished": "2026-04-21T10:04:02.525Z",
"dateReserved": "2026-04-17T21:40:53.165Z",
"dateUpdated": "2026-04-21T13:20:23.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6598 (GCVE-0-2026-6598)
Vulnerability from cvelistv5 – Published: 2026-04-20 02:45 – Updated: 2026-04-20 16:19
VLAI
Title
langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file
Summary
A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settings leads to cleartext storage in a file or on disk. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/358233 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/358233/cti | signaturepermissions-required |
| https://vuldb.com/submit/791921 | third-party-advisory |
| https://gist.github.com/chenhouser2025/77adb3486c… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| langflow-ai | langflow |
Affected:
1.8.0
Affected: 1.8.1 Affected: 1.8.2 Affected: 1.8.3 cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T16:19:05.997149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T16:19:18.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*"
],
"modules": [
"Project Creation Endpoint"
],
"product": "langflow",
"vendor": "langflow-ai",
"versions": [
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.8.2"
},
{
"status": "affected",
"version": "1.8.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-f (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settings leads to cleartext storage in a file or on disk. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T02:45:15.874Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358233 | langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358233"
},
{
"name": "VDB-358233 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358233/cti"
},
{
"name": "Submit #791921 | Langflow \u003c= 1.8.3 CWE-311: Missing Encryption of Sensitive Data",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/791921"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/chenhouser2025/77adb3486c06c635ae4b09a3eaf90213"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-19T15:52:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6598",
"datePublished": "2026-04-20T02:45:15.874Z",
"dateReserved": "2026-04-19T13:47:03.207Z",
"dateUpdated": "2026-04-20T16:19:18.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6796 (GCVE-0-2026-6796)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:30 – Updated: 2026-04-21 20:40
VLAI
Title
Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file
Summary
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/358490 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/358490/cti | signaturepermissions-required |
| https://vuldb.com/submit/794797 | third-party-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T20:40:22.690878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:40:36.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*"
],
"modules": [
"Failed Login Handler"
],
"product": "PublicCMS",
"vendor": "Sanluan",
"versions": [
{
"status": "affected",
"version": "6.202506.a"
},
{
"status": "affected",
"version": "6.202506.b"
},
{
"status": "affected",
"version": "6.202506.c"
},
{
"status": "affected",
"version": "6.202506.d"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LeyNn3H (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:30:18.556Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358490 | Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358490"
},
{
"name": "VDB-358490 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358490/cti"
},
{
"name": "Submit #794797 | PublicCMS V6.202506.d Insertion of Sensitive Information Into Log Code",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/794797"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-21T16:40:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6796",
"datePublished": "2026-04-21T20:30:18.556Z",
"dateReserved": "2026-04-21T14:35:38.865Z",
"dateUpdated": "2026-04-21T20:40:36.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7163 (GCVE-0-2026-7163)
Vulnerability from cvelistv5 – Published: 2026-04-30 13:18 – Updated: 2026-05-19 08:09
VLAI
Title
Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure
Summary
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub.
The credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace.
The affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected.
This issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode.
Successful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters.
Severity
6.1 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:11511 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11512 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12116 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12337 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:18584 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:18585 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-7163 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2463152 | issue-trackingx_refsource_REDHAT |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | multicluster engine for Kubernetes 2.10 |
Unaffected:
1776983527 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.10::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.11 |
Unaffected:
1776987609 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.11::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.7 |
Unaffected:
1777205801 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.7::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.7 |
Unaffected:
1777205772 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.7::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.9 |
Unaffected:
1778464111 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.9::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.9 |
Unaffected:
1778464072 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.9::el9 |
Date Public
2026-04-30 12:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:35:04.958346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:35:15.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776983527",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776987609",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el8"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-8-rhel8",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777205801",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777205772",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el8"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-8-rhel8",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778464111",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778464072",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Nick Carboni (Red Hat), Omer Vishlitzky (Red Hat), and Riccardo Piccoli (Red Hat)."
}
],
"datePublic": "2026-04-30T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub. \n\nThe credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace.\n\nThe affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected.\nThis issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode.\n\nSuccessful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T08:09:21.769Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:11511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11511"
},
{
"name": "RHSA-2026:11512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11512"
},
{
"name": "RHSA-2026:12116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12116"
},
{
"name": "RHSA-2026:12337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12337"
},
{
"name": "RHSA-2026:18584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18584"
},
{
"name": "RHSA-2026:18585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18585"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-7163"
},
{
"name": "RHBZ#2463152",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463152"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-27T04:18:06.534Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-30T12:00:00.000Z",
"value": "Made public."
}
],
"title": "Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-312: Cleartext Storage of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-7163",
"datePublished": "2026-04-30T13:18:49.088Z",
"dateReserved": "2026-04-27T04:21:23.911Z",
"dateUpdated": "2026-05-19T08:09:21.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8596 (GCVE-0-2026-8596)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:35 – Updated: 2026-05-16 03:56
VLAI
Title
Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path
Summary
Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path.
To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK.
Severity
CWE
- CWE-312 - Cleartext storage of sensitive information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/aws/sagemaker-python-sdk/relea… | patch |
| https://github.com/aws/sagemaker-python-sdk/relea… | patch |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/aws/sagemaker-python-sdk/secur… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Amazon SageMaker Python SDK | AWS |
Affected:
2.199.0 , ≤ 2.257.1
(custom)
Affected: 3.0.0 , ≤ 3.7.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:21.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWS",
"vendor": "Amazon SageMaker Python SDK",
"versions": [
{
"lessThanOrEqual": "2.257.1",
"status": "affected",
"version": "2.199.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.7.1",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon_sagemaker_python_sdk:aws:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.257.1",
"versionStartIncluding": "2.199.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:amazon_sagemaker_python_sdk:aws:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path.\u003c/p\u003e\u003cp\u003eTo remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK.\u003c/p\u003e"
}
],
"value": "Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path.\n\n\n\nTo remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext storage of sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:51:41.804Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.257.2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.8.0"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-031-aws/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7hh5-prp2-mfh5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-8596",
"datePublished": "2026-05-14T19:35:51.421Z",
"dateReserved": "2026-05-14T13:39:22.096Z",
"dateUpdated": "2026-05-16T03:56:21.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9274 (GCVE-0-2026-9274)
Vulnerability from cvelistv5 – Published: 2026-05-25 09:19 – Updated: 2026-05-26 14:42
VLAI
Title
Information Exposure Vulnerability in CP-Plus Wi-Fi Camera
Summary
This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device.
Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.
Severity
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cert-in.org.in/s2cMainServlet?pageid=… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CP Plus | Wi-Fi Camera CP-E38Q, CP-E48Q, CP-E25Q, CP-E35Q, CP-E45Q, CP-E28Q, CP-E21Q, CP-E31Q, CP-E41Q, CP-E24Q, CP-Z43Q, CP-E34Q, CP-E44Q, CP-T31Q, CP-V48Q, CP-V41Q, CP-Z45Q |
Affected:
v02.21.031 or below
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9274",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T14:34:46.327904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T14:42:56.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wi-Fi Camera CP-E38Q, CP-E48Q, CP-E25Q, CP-E35Q, CP-E45Q, CP-E28Q, CP-E21Q, CP-E31Q, CP-E41Q, CP-E24Q, CP-Z43Q, CP-E34Q, CP-E44Q, CP-T31Q, CP-V48Q, CP-V41Q, CP-Z45Q",
"vendor": "CP Plus",
"versions": [
{
"status": "affected",
"version": "v02.21.031 or below"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cp_plus:wi-fi_camera_cp-e38q_cp-e48q_cp-e25q_cp-e35q_cp-e45q_cp-e28q_cp-e21q_cp-e31q_cp-e41q_cp-e24q_cp-z43q_cp-e34q_cp-e44q_cp-t31q_cp-v48q_cp-v41q_cp-z45q:v02.21.031_or_below:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "This vulnerability is reported by Mohsin Quresh."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. \n\u003cbr\u003e\n\u003cbr\u003eSuccessful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. \n\n\n\nSuccessful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T09:19:04.664Z",
"orgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"shortName": "CERT-In"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01\u0026VLCODE=CIVN-2026-0266"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade CP Plus Wi-Fi Camera to the latest firmware version v02.21.041 through OTA using the Ezykam+ mobile application.\u003cdiv\u003ehttps://cpplusworld.com/products/ezyhome/ezykam\u0026nbsp;\u003c/div\u003e"
}
],
"value": "Upgrade CP Plus Wi-Fi Camera to the latest firmware version v02.21.041 through OTA using the Ezykam+ mobile application.https://cpplusworld.com/products/ezyhome/ezykam"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Exposure Vulnerability in CP-Plus Wi-Fi Camera",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "66834db9-ab24-42b4-be80-296b2e40335c",
"assignerShortName": "CERT-In",
"cveId": "CVE-2026-9274",
"datePublished": "2026-05-25T09:19:04.664Z",
"dateReserved": "2026-05-22T11:57:54.666Z",
"dateUpdated": "2026-05-26T14:42:56.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.