Search

Find a vulnerability

Search criteria

    239 vulnerabilities

    CVE-2026-56003 (GCVE-0-2026-56003)

    Vulnerability from cvelistv5 – Published: 2026-07-08 09:25 – Updated: 2026-07-09 03:55
    VLAI
    Title
    libXfont2 computeProps Property Buffer Heap Buffer Overflow
    Summary
    A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    X.Org libXfont2 Affected: 0 , < 2.0.8 (rpm)
    Create a notification for this product.
    Date Public
    2026-07-08 09:22
    Credits
    Anonymous working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:47.539Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "libXfont2",
              "product": "libXfont2",
              "repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "2.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:x.org:libxfont2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.8",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2026-07-08T09:22:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cpre\u003eA heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.\u003c/pre\u003e"
                }
              ],
              "value": "A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T09:25:41.723Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "libXfont2 computeProps Property Buffer Heap Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-56003",
        "datePublished": "2026-07-08T09:25:41.723Z",
        "dateReserved": "2026-06-18T09:26:55.988Z",
        "dateUpdated": "2026-07-09T03:55:47.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56002 (GCVE-0-2026-56002)

    Vulnerability from cvelistv5 – Published: 2026-07-08 09:12 – Updated: 2026-07-09 03:55
    VLAI
    Title
    libXfont2 PCF Font Parsing Heap Buffer Overflow
    Summary
    A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8  allows attackers authenticated as X client to execute code within the X server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    X.Org libXfont2 Affected: 0 , < 2.0.8 (rpm)
    Create a notification for this product.
    Date Public
    2026-07-08 09:08
    Credits
    Anonymous working with Trend Micro Zero Day Initiative.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:46.745Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "libXfont2",
              "product": "libXfont2",
              "repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "2.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:x.org:libxfont2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.0.8",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with Trend Micro Zero Day Initiative."
            }
          ],
          "datePublic": "2026-07-08T09:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A heap bufferflow in pcfReadFont() due to missing glyph bounds checking\u0026nbsp;in libXfont2 before 2.0.8\u0026nbsp; allows attackers authenticated as X client to execute code within the X server."
                }
              ],
              "value": "A heap bufferflow in pcfReadFont() due to missing glyph bounds checking\u00a0in libXfont2 before 2.0.8\u00a0 allows attackers authenticated as X client to execute code within the X server."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T09:12:51.480Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "libXfont2 PCF Font Parsing Heap Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-56002",
        "datePublished": "2026-07-08T09:12:51.480Z",
        "dateReserved": "2026-06-18T09:26:55.988Z",
        "dateUpdated": "2026-07-09T03:55:46.745Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56001 (GCVE-0-2026-56001)

    Vulnerability from cvelistv5 – Published: 2026-07-08 08:49 – Updated: 2026-07-09 03:55
    VLAI
    Title
    libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow
    Summary
    A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    X.Org libXfont2 Affected: 0 , < 2.0.8 (rpm)
    Create a notification for this product.
    Date Public
    2026-07-08 08:15
    Credits
    Anonymous working with Trend Micro Zero Day Initiative.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56001",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:45.984Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "libXfont2",
              "product": "libXfont2",
              "repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "2.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with Trend Micro Zero Day Initiative."
            }
          ],
          "datePublic": "2026-07-08T08:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont"
                }
              ],
              "value": "A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T08:49:24.706Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-56001",
        "datePublished": "2026-07-08T08:49:24.706Z",
        "dateReserved": "2026-06-18T09:26:55.988Z",
        "dateUpdated": "2026-07-09T03:55:45.984Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55999 (GCVE-0-2026-55999)

    Vulnerability from cvelistv5 – Published: 2026-07-08 08:07 – Updated: 2026-07-09 03:55
    VLAI
    Title
    xorg-server / xwayland glamor font atlas Heap Buffer Overflow
    Summary
    Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based buffer overflow
    Assigner
    Impacted products
    Vendor Product Version
    X.Org xorg-server Affected: 0 , < 21.1.24 (rpm)
    Create a notification for this product.
    X.Org xwayland Affected: 0 , < 24.1.13 (rpm)
    Create a notification for this product.
    Date Public
    2026-07-08 07:51
    Credits
    Anonymous working with Trend Micro Zero Day Initiative.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55999",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T03:55:43.683Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "xorg-server",
              "product": "xorg-server",
              "repo": "https://gitlab.freedesktop.org/xorg/xserver/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "21.1.24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "xwayland",
              "product": "xwayland",
              "repo": "https://gitlab.freedesktop.org/xorg/xserver/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with Trend Micro Zero Day Initiative."
            }
          ],
          "datePublic": "2026-07-08T07:51:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Local attackers with a X connection able to provide PCX fonts to the X \nserver xorg-server before 21.2.24 and xwayland before 24.1.13 could \ncause a heap buffer overflow via SetFont due to missing glyph boundary checks."
                }
              ],
              "value": "Local attackers with a X connection able to provide PCX fonts to the X \nserver xorg-server before 21.2.24 and xwayland before 24.1.13 could \ncause a heap buffer overflow via SetFont due to missing glyph boundary checks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based buffer overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T08:12:17.088Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/fbf7bac22e2c6bd627fb042742a23318263edae1"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2026/07/08/2"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "xorg-server / xwayland glamor font atlas Heap Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-55999",
        "datePublished": "2026-07-08T08:07:11.088Z",
        "dateReserved": "2026-06-18T09:26:55.988Z",
        "dateUpdated": "2026-07-09T03:55:43.683Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56000 (GCVE-0-2026-56000)

    Vulnerability from cvelistv5 – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:42
    VLAI
    Title
    xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()
    Summary
    Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    X.Org xorg-x11-server Affected: 0 , < 21.1.24 (rpm)
    Create a notification for this product.
    X.Org xwayland Affected: 0 , < 24.1.13 (rpmver)
    Create a notification for this product.
    Date Public
    2026-07-08 07:30
    Credits
    Anonymous working with Trend Micro Zero Day Initiative.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56000",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:41:28.146819Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:42:16.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "xorg-x11-server",
              "product": "xorg-x11-server",
              "repo": "https://gitlab.freedesktop.org/xorg/xserver/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "21.1.24",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "xwayland",
              "product": "xwayland",
              "repo": "https://gitlab.freedesktop.org/xorg/xserver/",
              "vendor": "X.Org",
              "versions": [
                {
                  "lessThan": "24.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpmver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Anonymous working with Trend Micro Zero Day Initiative."
            }
          ],
          "datePublic": "2026-07-08T07:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to\u0026nbsp;CommonMakeCurrent() pointing into potentially reallocated memory."
                }
              ],
              "value": "Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to\u00a0CommonMakeCurrent() pointing into potentially reallocated memory."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-234",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-234 Hijacking a privileged process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use after free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T08:12:50.380Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2026/07/08/2"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-56000",
        "datePublished": "2026-07-08T07:36:15.357Z",
        "dateReserved": "2026-06-18T09:26:55.988Z",
        "dateUpdated": "2026-07-08T12:42:16.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44938 (GCVE-0-2026-44938)

    Vulnerability from cvelistv5 – Published: 2026-07-07 13:05 – Updated: 2026-07-08 03:56
    VLAI
    Title
    Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent
    Summary
    A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespace. An attacker with git push access to a Fleet-monitored repository could overwrite Pod Security Standards (PSS) enforcement labels on a target namespace. This allows the attacker to weaken admission controls and deploy workloads that PSS policies would otherwise block.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.15.0 , < 0.15.2 (semver)
    Affected: 0.14.0 , < 0.14.6 (semver)
    Affected: 0.13.0 , < 0.13.11 (semver)
    Affected: 0.12.0 , < 0.12.15 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T03:56:44.251Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "github.com/rancher/fleet",
              "product": "Rancher",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.15.2",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.11",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.15",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability has been identified in Fleet\u0027s agent-side deployer, which did not filter security-sensitive keys from \u003ccode\u003enamespaceLabels\u003c/code\u003e in \u003ccode\u003efleet.yaml\u003c/code\u003e (or \u003ccode\u003eBundleDeployment.spec.options.namespaceLabels\u003c/code\u003e) when applying them to the target namespace.\u003c/p\u003e\n\u003cp\u003eAn attacker with \u003ccode\u003egit push\u003c/code\u003e access to a\n Fleet-monitored repository could overwrite Pod Security Standards (PSS)\n enforcement labels on a target namespace. This allows the attacker to \nweaken admission controls and deploy workloads that PSS policies would \notherwise block.\u003c/p\u003e"
                }
              ],
              "value": "A vulnerability has been identified in Fleet\u0027s agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespace.\n\n\n\n\nAn attacker with git push access to a\n Fleet-monitored repository could overwrite Pod Security Standards (PSS)\n enforcement labels on a target namespace. This allows the attacker to \nweaken admission controls and deploy workloads that PSS policies would \notherwise block."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522: Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T13:05:03.344Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44938"
            },
            {
              "url": "https://github.com/advisories/GHSA-864g-863m-vcvq"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44938",
        "datePublished": "2026-07-07T13:05:03.344Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-08T03:56:44.251Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44937 (GCVE-0-2026-44937)

    Vulnerability from cvelistv5 – Published: 2026-07-06 09:52 – Updated: 2026-07-06 12:46
    VLAI
    Title
    SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components
    Summary
    Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side request forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.15.0 , < 0.15.2 (semver)
    Affected: 0.14.0 , < 0.14.6 (semver)
    Affected: 0.13.0 , < 0.13.11 (semver)
    Affected: 0.12.0 , < 0.12.15 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 09:44
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44937",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T12:46:52.400471Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T12:46:59.551Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Fleet",
              "product": "Rancher",
              "repo": "https://github.com/rancher/fleet/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.15.2",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.11",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.15",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-28T09:44:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system."
                }
              ],
              "value": "Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side request forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T09:52:18.659Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/fleet/security/advisories/GHSA-jmf4-m7j9-g72r"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44937",
        "datePublished": "2026-07-06T09:52:18.659Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-06T12:46:59.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44936 (GCVE-0-2026-44936)

    Vulnerability from cvelistv5 – Published: 2026-07-06 09:30 – Updated: 2026-07-06 12:47
    VLAI
    Title
    Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml
    Summary
    Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side request forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.15.0 , < 0.15.2 (semver)
    Affected: 0.14.0 , < 0.14.6 (semver)
    Affected: 0.13.0 , < 0.13.11 (semver)
    Affected: 0.12.0 , < 0.12.15 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 09:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T12:47:38.527371Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T12:47:45.102Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Fleet",
              "product": "Rancher",
              "repo": "https://github.com/rancher/fleet",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.15.2",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.11",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.15",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-28T09:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing filtering when the \u003ccode\u003ehelmRepoURLRegex\u003c/code\u003e field isn\u0027t set on a \u003ccode\u003eGitRepo\u003c/code\u003e resource in SUSE Rancher Fleet\u0027s bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (\u003ccode\u003eBasicAuth\u003c/code\u003e) to any URL specified in the \u003ccode\u003ehelm.repo\u003c/code\u003e field of a \u003ccode\u003efleet.yaml\u003c/code\u003e file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials."
                }
              ],
              "value": "Missing filtering when the helmRepoURLRegex field isn\u0027t set on a GitRepo resource in SUSE Rancher Fleet\u0027s bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side request forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T09:30:20.688Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/advisories/GHSA-hx4v-cxpf-vh8m"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44936",
        "datePublished": "2026-07-06T09:30:20.688Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-06T12:47:45.102Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44934 (GCVE-0-2026-44934)

    Vulnerability from cvelistv5 – Published: 2026-07-06 08:45 – Updated: 2026-07-06 18:53
    VLAI
    Title
    Exposed tokens in SUSE Rancher AI Agent logs
    Summary
    A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-215 - Insertion of sensitive information into debugging code
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 1.0.0 , < 1.0.2 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 08:53
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:53:12.072112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:53:22.226Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher AI Agent",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher-ai-agent",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.0.2",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "loglevel set to DEBUG"
                }
              ],
              "value": "loglevel set to DEBUG"
            }
          ],
          "datePublic": "2026-05-28T08:53:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials."
                }
              ],
              "value": "A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-215",
                  "description": "CWE-215 Insertion of sensitive information into debugging code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T08:53:57.978Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher-ai-agent/security/advisories/GHSA-5r2r-h824-fr5v"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Exposed tokens in SUSE Rancher AI Agent logs",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44934",
        "datePublished": "2026-07-06T08:45:26.864Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-06T18:53:22.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44935 (GCVE-0-2026-44935)

    Vulnerability from cvelistv5 – Published: 2026-07-02 16:00 – Updated: 2026-07-03 03:56
    VLAI
    Title
    Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
    Summary
    Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1287 - Improper validation of specified type of input
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.15.0 , < 0.15.2 (semver)
    Affected: 0.14.0 , < 0.14.6 (semver)
    Affected: 0.13.0 , < 0.13.11 (semver)
    Affected: 0.12.0 , < 0.12.15 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 15:26
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-03T03:56:15.397Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Fleett",
              "product": "Rancher",
              "repo": "https://github.com/rancher/fleet/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.15.2",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.6",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.11",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.12.15",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-28T15:26:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cbr\u003eMissing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.\u003c/div\u003e"
                }
              ],
              "value": "Missing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1287",
                  "description": "CWE-1287 Improper validation of specified type of input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T16:01:11.745Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/fleet/security/advisories/GHSA-xr65-5cpm-g36x"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44935",
        "datePublished": "2026-07-02T16:00:06.751Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-07-03T03:56:15.397Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44941 (GCVE-0-2026-44941)

    Vulnerability from cvelistv5 – Published: 2026-07-02 15:19 – Updated: 2026-07-07 13:14
    VLAI
    Title
    libzypp path traversal via "keyhint" in repomd.xml
    Summary
    A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative path traversal
    Assigner
    Impacted products
    Vendor Product Version
    SUSE libzypp Affected: 0 , < 17.38.12 (rpm)
    Create a notification for this product.
    Date Public
    2026-06-05 15:15
    Credits
    Trung Nguyen <trungnh@cystack.net>
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44941",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-03T03:56:15.064595Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T13:14:20.403Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "libzypp",
              "product": "libzypp",
              "repo": "https://github.com/openSUSE/libzypp/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "17.38.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Trung Nguyen \u003ctrungnh@cystack.net\u003e"
            }
          ],
          "datePublic": "2026-06-05T15:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A relative path traversal in the \"keyhint\" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root."
                }
              ],
              "value": "A relative path traversal in the \"keyhint\" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative path traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T15:19:05.302Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1267426"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/openSUSE/libzypp/commit/294b1bad442d089ca671c5c03adc8031e3b29e04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "libzypp path traversal via \"keyhint\" in repomd.xml",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44941",
        "datePublished": "2026-07-02T15:19:05.302Z",
        "dateReserved": "2026-05-08T12:29:48.968Z",
        "dateUpdated": "2026-07-07T13:14:20.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-56004 (GCVE-0-2026-56004)

    Vulnerability from cvelistv5 – Published: 2026-07-02 14:54 – Updated: 2026-07-02 16:11
    VLAI
    Title
    obs-service-tar_scm: command injection via mercurial handler
    Summary
    A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    openSUSE buildservice Affected: 0 , < 0.12.4 (rpm)
    Create a notification for this product.
    Date Public
    2026-07-01 13:04
    Credits
    Maxime Rinaudo of Fenrisk (www.fenrisk.com <http://www.fenrisk.com>)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-56004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T16:11:22.259324Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T16:11:28.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "obs-service-tar_scm",
              "product": "buildservice",
              "repo": "https://github.com/openSUSE/obs-service-tar_scm",
              "vendor": "openSUSE",
              "versions": [
                {
                  "lessThan": "0.12.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Maxime Rinaudo of Fenrisk (www.fenrisk.com \u003chttp://www.fenrisk.com\u003e)"
            }
          ],
          "datePublic": "2026-07-01T13:04:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services"
                }
              ],
              "value": "A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T15:21:08.665Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/openSUSE/obs-service-tar_scm/pull/552/changes/bcf29d318c671c45fe87dd9f995a4a0c78ecedd7"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "obs-service-tar_scm: command injection via mercurial handler",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-56004",
        "datePublished": "2026-07-02T14:54:02.119Z",
        "dateReserved": "2026-06-18T09:26:55.988Z",
        "dateUpdated": "2026-07-02T16:11:28.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44948 (GCVE-0-2026-44948)

    Vulnerability from cvelistv5 – Published: 2026-06-30 15:12 – Updated: 2026-06-30 16:00
    VLAI
    Title
    Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler
    Summary
    A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative path traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.12.0 , < 0.12.16 (semver)
    Affected: 0.13.0 , < 0.13.12 (semver)
    Affected: 0.14.0 , < 0.14.7 (semver)
    Affected: 0.15.0 , < 0.15.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 15:08
    Credits
    Sergey Kanibor
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44948",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T15:59:49.142430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T16:00:33.240Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Fleet",
              "product": "Rancher",
              "repo": "https://github.com/rancher/fleet/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.12.16",
                  "status": "affected",
                  "version": "0.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.13.12",
                  "status": "affected",
                  "version": "0.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.14.7",
                  "status": "affected",
                  "version": "0.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.15.3",
                  "status": "affected",
                  "version": "0.15.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sergey Kanibor"
            }
          ],
          "datePublic": "2026-06-29T15:08:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A path traversal vulnerability was found in Fleet\u0027s ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service."
                }
              ],
              "value": "A path traversal vulnerability was found in Fleet\u0027s ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative path traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T15:12:17.346Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44948",
        "datePublished": "2026-06-30T15:12:17.346Z",
        "dateReserved": "2026-05-08T12:29:48.969Z",
        "dateUpdated": "2026-06-30T16:00:33.240Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44949 (GCVE-0-2026-44949)

    Vulnerability from cvelistv5 – Published: 2026-06-30 14:41 – Updated: 2026-06-30 15:10
    VLAI
    Title
    Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook
    Summary
    A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submit a crafted admission payload and cause workspace-related Kubernetes objects to be created with attacker-chosen identity data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 0.7.0 , < 0.7.10 (semver)
    Affected: 0.8.0 , < 0.8.7 (semver)
    Affected: 0.9.0 , < 0.9.6 (semver)
    Affected: 0.10.0 , < 0.10.7 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 14:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44949",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T15:10:07.132296Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:10:17.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Webhook",
              "product": "Rancher",
              "repo": "https://github.com/rancher/webhook/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.7.10",
                  "status": "affected",
                  "version": "0.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.8.7",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.9.6",
                  "status": "affected",
                  "version": "0.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "0.10.7",
                  "status": "affected",
                  "version": "0.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-06-29T14:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster \u003ccode\u003erancher-webhook\u003c/code\u003e service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data."
                }
              ],
              "value": "A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster rancher-webhook service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:41:34.007Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/webhook/security/advisories/GHSA-h83p-cq95-vph4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44949",
        "datePublished": "2026-06-30T14:41:34.007Z",
        "dateReserved": "2026-05-08T12:29:48.969Z",
        "dateUpdated": "2026-06-30T15:10:17.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44947 (GCVE-0-2026-44947)

    Vulnerability from cvelistv5 – Published: 2026-06-30 14:21 – Updated: 2026-06-30 15:03
    VLAI
    Title
    Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
    Summary
    A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Improper preservation of permissions
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.13.0 , < 2.13.7 (semver)
    Affected: 2.14.0 , < 2.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 14:20
    Credits
    Isaac David
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44947",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T15:03:37.236401Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T15:03:44.276Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.13.7",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.14.3",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Isaac David"
            }
          ],
          "datePublic": "2026-06-29T14:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."
                }
              ],
              "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281 Improper preservation of permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T14:21:01.291Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-c4rp-wgqc-mfhc"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44947",
        "datePublished": "2026-06-30T14:21:01.291Z",
        "dateReserved": "2026-05-08T12:29:48.969Z",
        "dateUpdated": "2026-06-30T15:03:44.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44946 (GCVE-0-2026-44946)

    Vulnerability from cvelistv5 – Published: 2026-06-30 12:14 – Updated: 2026-07-01 03:55
    VLAI
    Title
    SAML Authentication Replay in Rancher
    Summary
    A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication bypass by capture-replay
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.14.0 , < 2.14.3 (semver)
    Affected: 2.13.0 , < 2.13.7 (semver)
    Affected: 2.12.0 , < 2.12.11 (semver)
    Affected: 2.11.0 , < 2.11.15 (semver)
    Create a notification for this product.
    Date Public
    2026-06-29 12:07
    Credits
    Corban Villa corban.villa@berkeley.edu of a U.C. Berkeley security research project by: Austin Chu, Sohee Kim, and Corban Villa
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44946",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T03:55:46.881Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.14.3",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.7",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.12.11",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.15",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Corban Villa corban.villa@berkeley.edu of a U.C. Berkeley security research project by: Austin Chu, Sohee Kim, and Corban Villa"
            }
          ],
          "datePublic": "2026-06-29T12:07:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A SAML authentication replay vulnerability in Rancher\u0027s Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,\u0026nbsp; \u0026nbsp;"
                }
              ],
              "value": "A SAML authentication replay vulnerability in Rancher\u0027s Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication bypass by capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T12:14:54.269Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-c5jm-xcmq-9j95"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SAML Authentication Replay in Rancher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44946",
        "datePublished": "2026-06-30T12:14:54.269Z",
        "dateReserved": "2026-05-08T12:29:48.969Z",
        "dateUpdated": "2026-07-01T03:55:46.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41053 (GCVE-0-2026-41053)

    Vulnerability from cvelistv5 – Published: 2026-06-30 11:38 – Updated: 2026-07-01 03:55
    VLAI
    Title
    Over-inclusive team membership expansion in GitHub App authentication provider for Rancher
    Summary
    Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-303 - Incorrect implementation of authentication algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.14.0 , < 2.14.2 (semver)
    Affected: 2.13.0 , < 2.13.6 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 11:31
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41053",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-30T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T03:55:47.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "github auth provider"
              ],
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.14.2",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.6",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-28T11:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2."
                }
              ],
              "value": "Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-303",
                  "description": "CWE-303 Incorrect implementation of authentication algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-30T11:38:25.060Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-4j6x-2764-m8gh"
            }
          ],
          "source": {
            "defect": [
              "secsys_codex@163.com"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Over-inclusive team membership expansion in GitHub App authentication provider for Rancher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41053",
        "datePublished": "2026-06-30T11:38:25.060Z",
        "dateReserved": "2026-04-16T13:37:50.680Z",
        "dateUpdated": "2026-07-01T03:55:47.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41052 (GCVE-0-2026-41052)

    Vulnerability from cvelistv5 – Published: 2026-06-29 15:41 – Updated: 2026-06-30 03:55
    VLAI
    Title
    Rancher Privilege Escalation from Project Owner to Host
    Summary
    Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication bypass by primary weakness
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.12.0 , < 2.12.10 (semver)
    Affected: 2.13.0 , < 2.13.6 (semver)
    Affected: 2.14.0 , < 2.14.2 (semver)
    Create a notification for this product.
    Date Public
    2026-05-28 11:14
    Credits
    Radtke Benedikt <Radtke@iabg.de> - github.com/Trolldemorted and Munier Marc <Munier@iabg.de> - github.com/mmunier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41052",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:55:34.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.12.10",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.6",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.14.2",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Radtke Benedikt \u003cRadtke@iabg.de\u003e - github.com/Trolldemorted and Munier Marc \u003cMunier@iabg.de\u003e - github.com/mmunier"
            }
          ],
          "datePublic": "2026-05-28T11:14:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper privilege handling could be used by users with\u0026nbsp;Project Owner role to escalate privileges, in Rancher versions\u0026nbsp;2.14 before 2.14.2,\u0026nbsp;2.13 before 2.13.6, and\u0026nbsp;2.12 before 2.12.10."
                }
              ],
              "value": "Improper privilege handling could be used by users with\u00a0Project Owner role to escalate privileges, in Rancher versions\u00a02.14 before 2.14.2,\u00a02.13 before 2.13.6, and\u00a02.12 before 2.12.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 Authentication bypass by primary weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T15:41:56.394Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-vx8h-4prv-g744"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Rancher Privilege Escalation from Project Owner to Host",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41052",
        "datePublished": "2026-06-29T15:41:56.394Z",
        "dateReserved": "2026-04-16T13:37:50.680Z",
        "dateUpdated": "2026-06-30T03:55:34.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25707 (GCVE-0-2026-25707)

    Vulnerability from cvelistv5 – Published: 2026-06-29 10:04 – Updated: 2026-06-30 03:55
    VLAI
    Title
    Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp
    Summary
    A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative path traversal
    Assigner
    Impacted products
    Vendor Product Version
    SUSE libzypp Affected: 0 , < 17.38.10 (rpm)
    Create a notification for this product.
    Date Public
    2026-05-28 09:56
    Credits
    Michael Andres of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25707",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-29T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:55:33.471Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "libzypp",
              "product": "libzypp",
              "repo": "https://github.com/openSUSE/libzypp",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "17.38.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Andres of SUSE"
            }
          ],
          "datePublic": "2026-05-28T09:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation."
                }
              ],
              "value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-165",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-165 File Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative path traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-29T10:04:59.223Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1259802"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-25707",
        "datePublished": "2026-06-29T10:04:59.223Z",
        "dateReserved": "2026-02-05T15:37:24.184Z",
        "dateUpdated": "2026-06-30T03:55:33.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41049 (GCVE-0-2026-41049)

    Vulnerability from cvelistv5 – Published: 2026-06-22 15:32 – Updated: 2026-07-08 05:55
    VLAI
    Title
    Caching of Authentication allows Authentication Bypass between users in qSnapper
    Summary
    Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    presire qSnapper Affected: 1.2.1 , < 1.3.3 (semver)
    Create a notification for this product.
    Date Public
    2026-05-26 15:09
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:25:21.586546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:25:30.308Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "qsnapper",
              "product": "qSnapper",
              "repo": "https://github.com/presire/qSnapper",
              "vendor": "presire",
              "versions": [
                {
                  "lessThan": "1.3.3",
                  "status": "affected",
                  "version": "1.2.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2026-05-26T15:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect caching of authentication between different users of the\u0026nbsp; qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them."
                }
              ],
              "value": "Incorrect caching of authentication between different users of the\u00a0 qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T05:55:01.962Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1262218"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Caching of Authentication allows Authentication Bypass between users in qSnapper",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41049",
        "datePublished": "2026-06-22T15:32:59.192Z",
        "dateReserved": "2026-04-16T13:37:50.679Z",
        "dateUpdated": "2026-07-08T05:55:01.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41048 (GCVE-0-2026-41048)

    Vulnerability from cvelistv5 – Published: 2026-06-22 15:31 – Updated: 2026-07-07 09:31
    VLAI
    Title
    Caching of Authentication allows Authentication Bypass in qSnapper
    Summary
    Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    presire qSnapper Affected: 1.2.1 , < 1.3.3 (semver)
    Create a notification for this product.
    Date Public
    2026-05-26 15:09
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41048",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:24:42.461147Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:24:59.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "qsnapper",
              "product": "qSnapper",
              "repo": "https://github.com/presire/qSnapper",
              "vendor": "presire",
              "versions": [
                {
                  "lessThan": "1.3.3",
                  "status": "affected",
                  "version": "1.2.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2026-05-26T15:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like \"restore from snapshot\" even if only allowed to do \"delete snapshot\"."
                }
              ],
              "value": "Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like \"restore from snapshot\" even if only allowed to do \"delete snapshot\"."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T09:31:37.959Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1262218"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Caching of Authentication allows Authentication Bypass in qSnapper",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41048",
        "datePublished": "2026-06-22T15:31:14.606Z",
        "dateReserved": "2026-04-16T13:37:50.679Z",
        "dateUpdated": "2026-07-07T09:31:37.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41047 (GCVE-0-2026-41047)

    Vulnerability from cvelistv5 – Published: 2026-06-22 15:25 – Updated: 2026-06-22 16:24
    VLAI
    Title
    Information leak via “diff” methods in qSnapper
    Summary
    Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    Impacted products
    Vendor Product Version
    presire qSnapper Affected: 0 , < 1.3.3 (semver)
    Create a notification for this product.
    Date Public
    2026-05-26 15:09
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41047",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:24:13.803772Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:24:23.656Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "qsnapper",
              "product": "qSnapper",
              "repo": "https://github.com/presire/qSnapper",
              "vendor": "presire",
              "versions": [
                {
                  "lessThan": "1.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2026-05-26T15:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Lack of authentication when using the \"snapshot diff\" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information."
                }
              ],
              "value": "Lack of authentication when using the \"snapshot diff\" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-54",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-54 Query System for Information"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T15:25:12.478Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-info-leak"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1261890"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Information leak via \u201cdiff\u201d methods in qSnapper",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41047",
        "datePublished": "2026-06-22T15:25:12.478Z",
        "dateReserved": "2026-04-16T13:37:50.679Z",
        "dateUpdated": "2026-06-22T16:24:23.656Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41046 (GCVE-0-2026-41046)

    Vulnerability from cvelistv5 – Published: 2026-06-22 15:20 – Updated: 2026-06-22 16:23
    VLAI
    Title
    path traversal via `config` parameter in qSnapper
    Summary
    A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative path traversal
    Assigner
    Impacted products
    Vendor Product Version
    presire qSnapper Affected: 0 , < 1.3.3 (semver)
    Create a notification for this product.
    Date Public
    2026-05-26 15:09
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:23:42.492038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:23:53.645Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "qsnapper",
              "product": "qSnapper",
              "repo": "https://github.com/presire/qSnapper",
              "vendor": "presire",
              "versions": [
                {
                  "lessThan": "1.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2026-05-26T15:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A path traversal attack when using a \"configName\" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root."
                }
              ],
              "value": "A path traversal attack when using a \"configName\" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-17",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-17 Using Malicious Files"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative path traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T15:20:30.872Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-path-traversal"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1261889"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "path traversal via `config` parameter in qSnapper",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41046",
        "datePublished": "2026-06-22T15:20:30.872Z",
        "dateReserved": "2026-04-16T13:37:50.679Z",
        "dateUpdated": "2026-06-22T16:23:53.645Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41045 (GCVE-0-2026-41045)

    Vulnerability from cvelistv5 – Published: 2026-06-22 15:16 – Updated: 2026-06-22 16:23
    VLAI
    Title
    Weak polkit authentication check in qSnapper
    Summary
    A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check time-of-use (TOCTOU) race condition
    Assigner
    Impacted products
    Vendor Product Version
    presire qSnapper Affected: 0 , < 1.3.3 (semver)
    Create a notification for this product.
    Date Public
    2026-05-26 15:09
    Credits
    Matthias Gerstner of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41045",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:23:09.435199Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:23:19.149Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "qsnapper",
              "product": "qSnapper",
              "repo": "https://github.com/presire/qSnapper",
              "vendor": "presire",
              "versions": [
                {
                  "lessThan": "1.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Matthias Gerstner of SUSE"
            }
          ],
          "datePublic": "2026-05-26T15:09:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user."
                }
              ],
              "value": "A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-22T15:16:37.631Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-polkit-bypass"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1261795"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Weak polkit authentication check in qSnapper",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41045",
        "datePublished": "2026-06-22T15:16:37.631Z",
        "dateReserved": "2026-04-16T13:37:50.679Z",
        "dateUpdated": "2026-06-22T16:23:19.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44939 (GCVE-0-2026-44939)

    Vulnerability from cvelistv5 – Published: 2026-06-19 12:13 – Updated: 2026-06-24 03:56
    VLAI
    Title
    Command injection through unsanitized YAML parameter in Rancher
    Summary
    A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-95 - Improper neutralization of directives in dynamically evaluated code ('eval injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Rancher Affected: 2.14.0 , < 2.14.2 (semver)
    Affected: 2.13.0 , < 2.13.6 (semver)
    Affected: 2.12.0 , < 2.12.10 (semver)
    Affected: 2.11.0 , < 2.11.14 (semver)
    Affected: 2.10.0 , < 2.10.12 (semver)
    Create a notification for this product.
    Date Public
    2026-05-27 16:36
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44939",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:15.304Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Rancher",
              "product": "Rancher",
              "repo": "https://github.com/rancher/rancher/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "2.14.2",
                  "status": "affected",
                  "version": "2.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.13.6",
                  "status": "affected",
                  "version": "2.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.12.10",
                  "status": "affected",
                  "version": "2.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.11.14",
                  "status": "affected",
                  "version": "2.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.10.12",
                  "status": "affected",
                  "version": "2.10.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2026-05-27T16:36:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint  \u003ccode\u003e/v3/import/{token}_{clusterId}.yaml\u003c/code\u003e through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."
                }
              ],
              "value": "A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint  /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-95",
                  "description": "CWE-95 Improper neutralization of directives in dynamically evaluated code (\u0027eval injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T12:13:39.936Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mhc6-2gfq-xx62"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command injection through unsanitized YAML parameter in Rancher",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44939",
        "datePublished": "2026-06-19T12:13:39.936Z",
        "dateReserved": "2026-05-08T12:29:48.967Z",
        "dateUpdated": "2026-06-24T03:56:15.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44942 (GCVE-0-2026-44942)

    Vulnerability from cvelistv5 – Published: 2026-06-18 09:57 – Updated: 2026-06-18 12:09
    VLAI
    Title
    libzypp .repo files can have an optional path which can lead to path traversal attacks
    Summary
    A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-24 - Path traversal: '../filedir'
    Assigner
    Impacted products
    Vendor Product Version
    SUSE libzypp Affected: 17.0.0 , < 17.38.13 (semver)
    Affected: 0 , < 16.22.19 (semver)
    Create a notification for this product.
    Credits
    Michael Andres
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44942",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T12:05:47.827082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T12:09:37.292Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "repo parsing"
              ],
              "packageName": "libzypp",
              "product": "libzypp",
              "repo": "https://github.com/opensuse/libzypp",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "17.38.13",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "16.22.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Michael Andres"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."
                }
              ],
              "value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-24",
                  "description": "CWE-24 Path traversal: \u0027../filedir\u0027",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T09:57:12.821Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1267874"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.suse.com/security/cve/CVE-2026-44942.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "libzypp .repo files can have an optional path which can lead to path traversal attacks",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44942",
        "datePublished": "2026-06-18T09:57:12.821Z",
        "dateReserved": "2026-05-08T12:29:48.968Z",
        "dateUpdated": "2026-06-18T12:09:37.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-71261 (GCVE-0-2025-71261)

    Vulnerability from cvelistv5 – Published: 2026-06-16 15:42 – Updated: 2026-06-16 17:52
    VLAI
    Title
    Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
    Summary
    An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE Harvester Affected: 0 , < 1.8 (custom)
    Create a notification for this product.
    Date Public
    2026-06-16 15:38
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-71261",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T17:52:23.783748Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T17:52:30.747Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "SUSE Virtualization (Harvester) Rancher integration mechanism"
              ],
              "packageName": "Harvester",
              "product": "Harvester",
              "repo": "https://github.com/harvester/harvester/",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-06-16T15:38:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An attacker with network-level access between the SUSE Virtualization \nand Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it \nto bypass TLS as a security control."
                }
              ],
              "value": "An attacker with network-level access between the SUSE Virtualization \nand Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it \nto bypass TLS as a security control."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-94",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-94 Adversary in the Middle (AiTM)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T15:42:32.446Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/harvester/harvester/security/advisories/GHSA-pgh9-mpwc-8jjf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Harvester\u0027s SUSE Virtualization Registration Client Vulnerable to MITM and DOS",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2025-71261",
        "datePublished": "2026-06-16T15:42:32.446Z",
        "dateReserved": "2026-03-03T12:54:04.008Z",
        "dateUpdated": "2026-06-16T17:52:30.747Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44932 (GCVE-0-2026-44932)

    Vulnerability from cvelistv5 – Published: 2026-06-16 15:26 – Updated: 2026-06-18 03:55
    VLAI
    Title
    indirect remote shell command injection via unsanitized DHCP options in wicked
    Summary
    Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    SUSE wicked Affected: 0 , < 0.6.79 (semver)
    Create a notification for this product.
    Date Public
    2026-06-10 15:15
    Credits
    Wolfgang Frisch using Claude Opus
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44932",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-17T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T03:55:34.354Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/openSUSE/wicked",
              "defaultStatus": "unaffected",
              "modules": [
                "dhcp handling"
              ],
              "packageName": "wicked",
              "product": "wicked",
              "repo": "https://github.com/openSUSE/wicked",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "0.6.79",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Wolfgang Frisch using Claude Opus"
            }
          ],
          "datePublic": "2026-06-10T15:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003ePassing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.\u003c/div\u003e"
                }
              ],
              "value": "Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T15:26:51.919Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1265221"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://github.com/openSUSE/wicked/releases/tag/version-0.6.79"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026688.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026689.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026690.html"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026691.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "indirect remote shell command injection via unsanitized DHCP options in wicked",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44932",
        "datePublished": "2026-06-16T15:26:51.919Z",
        "dateReserved": "2026-05-08T12:29:48.966Z",
        "dateUpdated": "2026-06-18T03:55:34.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41054 (GCVE-0-2026-41054)

    Vulnerability from cvelistv5 – Published: 2026-05-20 08:56 – Updated: 2026-06-05 11:06
    VLAI
    Title
    Missing exit out of permission check in haveged could lead to root exploit
    Summary
    In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    SUSE Container suse/sle-micro-rancher/5.3:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Container suse/sle-micro-rancher/5.4:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Container suse/sle-micro/5.5:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6-LTSS Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Proxy LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Retail Branch Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    SUSE SUSE Manager Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
    Create a notification for this product.
    Credits
    Dirk Mueller of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-05T11:06:34.200Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/3"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/4"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/19/5"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/20/1"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/21/17"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/22/1"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00005.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41054",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T03:55:33.848Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro-rancher/5.3:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro-rancher/5.3:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro-rancher/5.4:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro-rancher/5.4:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Container suse/sle-micro/5.5:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Container suse/sle-micro/5.5:latest",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "Image SLES15-SP4-SAP-Hardened-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "Image SLES15-SP4-SAP-Hardened-GCE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Desktop 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Micro 5.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Micro 5.5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150600.11.6.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Proxy LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Retail Branch Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "haveged-devel",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libhavege2",
              "product": "SUSE Manager Server LTS 4.3",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "1.9.14-150400.3.11.1",
                  "status": "affected",
                  "version": "?",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dirk Mueller of SUSE"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cpre\u003eIn `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.\u003c/pre\u003e\u003c/div\u003e"
                }
              ],
              "value": "In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305: Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T08:56:14.466Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41054"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Missing exit out of permission check in haveged could lead to root exploit",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-41054",
        "datePublished": "2026-05-20T08:56:14.466Z",
        "dateReserved": "2026-04-16T13:37:50.680Z",
        "dateUpdated": "2026-06-05T11:06:34.200Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44933 (GCVE-0-2026-44933)

    Vulnerability from cvelistv5 – Published: 2026-05-20 08:51 – Updated: 2026-05-21 03:55
    VLAI
    Title
    Path Traversal in Plugin Loading in libzypp
    Summary
    `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-35 - Path traversal: '.../...//'
    Assigner
    Impacted products
    Vendor Product Version
    SUSE SUSE Linux Enterprise Affected: 17.38.8 , < 17.38.9 (semver)
    Create a notification for this product.
    SUSE openSUSE Affected: 17.38.8 , < 17.38.9 (semver)
    Create a notification for this product.
    Credits
    Dirk Mueller of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-44933",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T03:55:32.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "libzypp",
              "product": "SUSE Linux Enterprise",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "17.38.9",
                  "status": "affected",
                  "version": "17.38.8",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "packageName": "libzypp",
              "product": "openSUSE",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "17.38.9",
                  "status": "affected",
                  "version": "17.38.8",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dirk Mueller of SUSE"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cpre\u003e`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.\u003c/pre\u003e"
                }
              ],
              "value": "`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-35",
                  "description": "CWE-35 Path traversal: \u0027.../...//\u0027",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T08:51:12.770Z",
            "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
            "shortName": "suse"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44933"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "Path Traversal in Plugin Loading in libzypp",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "assignerShortName": "suse",
        "cveId": "CVE-2026-44933",
        "datePublished": "2026-05-20T08:51:12.770Z",
        "dateReserved": "2026-05-08T12:29:48.966Z",
        "dateUpdated": "2026-05-21T03:55:32.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }