Search
Find a vulnerability
Search criteria
239 vulnerabilities
CVE-2026-56003 (GCVE-0-2026-56003)
Vulnerability from cvelistv5 – Published: 2026-07-08 09:25 – Updated: 2026-07-09 03:55
VLAI
EPSS
VEX
Title
libXfont2 computeProps Property Buffer Heap Buffer Overflow
Summary
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
Date Public
2026-07-08 09:22
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T03:55:47.539Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont/",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:libxfont2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"datePublic": "2026-07-08T09:22:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003eA heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server.\u003c/pre\u003e"
}
],
"value": "A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T09:25:41.723Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 computeProps Property Buffer Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56003",
"datePublished": "2026-07-08T09:25:41.723Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-09T03:55:47.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56002 (GCVE-0-2026-56002)
Vulnerability from cvelistv5 – Published: 2026-07-08 09:12 – Updated: 2026-07-09 03:55
VLAI
EPSS
VEX
Title
libXfont2 PCF Font Parsing Heap Buffer Overflow
Summary
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
Date Public
2026-07-08 09:08
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T03:55:46.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:x.org:libxfont2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative."
}
],
"datePublic": "2026-07-08T09:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap bufferflow in pcfReadFont() due to missing glyph bounds checking\u0026nbsp;in libXfont2 before 2.0.8\u0026nbsp; allows attackers authenticated as X client to execute code within the X server."
}
],
"value": "A heap bufferflow in pcfReadFont() due to missing glyph bounds checking\u00a0in libXfont2 before 2.0.8\u00a0 allows attackers authenticated as X client to execute code within the X server."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T09:12:51.480Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 PCF Font Parsing Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56002",
"datePublished": "2026-07-08T09:12:51.480Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-09T03:55:46.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56001 (GCVE-0-2026-56001)
Vulnerability from cvelistv5 – Published: 2026-07-08 08:49 – Updated: 2026-07-09 03:55
VLAI
EPSS
VEX
Title
libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow
Summary
A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
| https://gitlab.freedesktop.org/xorg/lib/libxfont/… | patch |
Date Public
2026-07-08 08:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T03:55:45.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libXfont2",
"product": "libXfont2",
"repo": "https://gitlab.freedesktop.org/xorg/lib/libxfont",
"vendor": "X.Org",
"versions": [
{
"lessThan": "2.0.8",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative."
}
],
"datePublic": "2026-07-08T08:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont"
}
],
"value": "A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont"
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T08:49:24.706Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/1"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "libXfont2 BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56001",
"datePublished": "2026-07-08T08:49:24.706Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-09T03:55:45.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55999 (GCVE-0-2026-55999)
Vulnerability from cvelistv5 – Published: 2026-07-08 08:07 – Updated: 2026-07-09 03:55
VLAI
EPSS
VEX
Title
xorg-server / xwayland glamor font atlas Heap Buffer Overflow
Summary
Local attackers with a X connection able to provide PCX fonts to the X
server xorg-server before 21.2.24 and xwayland before 24.1.13 could
cause a heap buffer overflow via SetFont due to missing glyph boundary checks.
Severity
8.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | patch |
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | xorg-server |
Affected:
0 , < 21.1.24
(rpm)
|
|
| X.Org | xwayland |
Affected:
0 , < 24.1.13
(rpm)
|
Date Public
2026-07-08 07:51
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T03:55:43.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "xorg-server",
"product": "xorg-server",
"repo": "https://gitlab.freedesktop.org/xorg/xserver/",
"vendor": "X.Org",
"versions": [
{
"lessThan": "21.1.24",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "xwayland",
"repo": "https://gitlab.freedesktop.org/xorg/xserver/",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.13",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative."
}
],
"datePublic": "2026-07-08T07:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local attackers with a X connection able to provide PCX fonts to the X \nserver xorg-server before 21.2.24 and xwayland before 24.1.13 could \ncause a heap buffer overflow via SetFont due to missing glyph boundary checks."
}
],
"value": "Local attackers with a X connection able to provide PCX fonts to the X \nserver xorg-server before 21.2.24 and xwayland before 24.1.13 could \ncause a heap buffer overflow via SetFont due to missing glyph boundary checks."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T08:12:17.088Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/fbf7bac22e2c6bd627fb042742a23318263edae1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "xorg-server / xwayland glamor font atlas Heap Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-55999",
"datePublished": "2026-07-08T08:07:11.088Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-09T03:55:43.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56000 (GCVE-0-2026-56000)
Vulnerability from cvelistv5 – Published: 2026-07-08 07:36 – Updated: 2026-07-08 12:42
VLAI
EPSS
VEX
Title
xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()
Summary
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into potentially reallocated memory.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use after free
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.freedesktop.org/xorg/xserver/-/com… | patch |
| https://www.openwall.com/lists/oss-security/2026/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| X.Org | xorg-x11-server |
Affected:
0 , < 21.1.24
(rpm)
|
|
| X.Org | xwayland |
Affected:
0 , < 24.1.13
(rpmver)
|
Date Public
2026-07-08 07:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T12:41:28.146819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:42:16.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "xorg-x11-server",
"product": "xorg-x11-server",
"repo": "https://gitlab.freedesktop.org/xorg/xserver/",
"vendor": "X.Org",
"versions": [
{
"lessThan": "21.1.24",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "xwayland",
"product": "xwayland",
"repo": "https://gitlab.freedesktop.org/xorg/xserver/",
"vendor": "X.Org",
"versions": [
{
"lessThan": "24.1.13",
"status": "affected",
"version": "0",
"versionType": "rpmver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous working with Trend Micro Zero Day Initiative."
}
],
"datePublic": "2026-07-08T07:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to\u0026nbsp;CommonMakeCurrent() pointing into potentially reallocated memory."
}
],
"value": "Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to\u00a0CommonMakeCurrent() pointing into potentially reallocated memory."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use after free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T08:12:50.380Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2026/07/08/2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "xorg-x11-server / xwayland GLX contextTags Use-After-Free in CommonMakeCurrent()",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56000",
"datePublished": "2026-07-08T07:36:15.357Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-08T12:42:16.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44938 (GCVE-0-2026-44938)
Vulnerability from cvelistv5 – Published: 2026-07-07 13:05 – Updated: 2026-07-08 03:56
VLAI
EPSS
VEX
Title
Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent
Summary
A vulnerability has been identified in Fleet's agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespace.
An attacker with git push access to a
Fleet-monitored repository could overwrite Pod Security Standards (PSS)
enforcement labels on a target namespace. This allows the attacker to
weaken admission controls and deploy workloads that PSS policies would
otherwise block.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T03:56:44.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/fleet",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.15.2",
"status": "affected",
"version": "0.15.0",
"versionType": "semver"
},
{
"lessThan": "0.14.6",
"status": "affected",
"version": "0.14.0",
"versionType": "semver"
},
{
"lessThan": "0.13.11",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.12.15",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been identified in Fleet\u0027s agent-side deployer, which did not filter security-sensitive keys from \u003ccode\u003enamespaceLabels\u003c/code\u003e in \u003ccode\u003efleet.yaml\u003c/code\u003e (or \u003ccode\u003eBundleDeployment.spec.options.namespaceLabels\u003c/code\u003e) when applying them to the target namespace.\u003c/p\u003e\n\u003cp\u003eAn attacker with \u003ccode\u003egit push\u003c/code\u003e access to a\n Fleet-monitored repository could overwrite Pod Security Standards (PSS)\n enforcement labels on a target namespace. This allows the attacker to \nweaken admission controls and deploy workloads that PSS policies would \notherwise block.\u003c/p\u003e"
}
],
"value": "A vulnerability has been identified in Fleet\u0027s agent-side deployer, which did not filter security-sensitive keys from namespaceLabels in fleet.yaml (or BundleDeployment.spec.options.namespaceLabels) when applying them to the target namespace.\n\n\n\n\nAn attacker with git push access to a\n Fleet-monitored repository could overwrite Pod Security Standards (PSS)\n enforcement labels on a target namespace. This allows the attacker to \nweaken admission controls and deploy workloads that PSS policies would \notherwise block."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T13:05:03.344Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44938"
},
{
"url": "https://github.com/advisories/GHSA-864g-863m-vcvq"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Fleet has PSS Bypass through addLabelsFromOptions in Fleet Agent",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44938",
"datePublished": "2026-07-07T13:05:03.344Z",
"dateReserved": "2026-05-08T12:29:48.967Z",
"dateUpdated": "2026-07-08T03:56:44.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44937 (GCVE-0-2026-44937)
Vulnerability from cvelistv5 – Published: 2026-07-06 09:52 – Updated: 2026-07-06 12:46
VLAI
EPSS
VEX
Title
SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components
Summary
Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side request forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/fleet/security/advisor… | vendor-advisory |
Impacted products
Date Public
2026-05-28 09:44
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T12:46:52.400471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T12:46:59.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Fleet",
"product": "Rancher",
"repo": "https://github.com/rancher/fleet/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.15.2",
"status": "affected",
"version": "0.15.0",
"versionType": "semver"
},
{
"lessThan": "0.14.6",
"status": "affected",
"version": "0.14.0",
"versionType": "semver"
},
{
"lessThan": "0.13.11",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.12.15",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-05-28T09:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system."
}
],
"value": "Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.5 could be used by remote attackers to cause a denial of service or a downgrade attack on other repositories on the system."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T09:52:18.659Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/fleet/security/advisories/GHSA-jmf4-m7j9-g72r"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SUSE Rancher Fleet had an Unauthenticated Webhook: Regex Injection via Unsanitized Repository URL Components",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44937",
"datePublished": "2026-07-06T09:52:18.659Z",
"dateReserved": "2026-05-08T12:29:48.967Z",
"dateUpdated": "2026-07-06T12:46:59.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44936 (GCVE-0-2026-44936)
Vulnerability from cvelistv5 – Published: 2026-07-06 09:30 – Updated: 2026-07-06 12:47
VLAI
EPSS
VEX
Title
Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml
Summary
Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials.
Severity
5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side request forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/advisories/GHSA-hx4v-cxpf-vh8m | vendor-advisory |
Impacted products
Date Public
2026-05-28 09:28
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T12:47:38.527371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T12:47:45.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Fleet",
"product": "Rancher",
"repo": "https://github.com/rancher/fleet",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.15.2",
"status": "affected",
"version": "0.15.0",
"versionType": "semver"
},
{
"lessThan": "0.14.6",
"status": "affected",
"version": "0.14.0",
"versionType": "semver"
},
{
"lessThan": "0.13.11",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.12.15",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-05-28T09:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing filtering when the \u003ccode\u003ehelmRepoURLRegex\u003c/code\u003e field isn\u0027t set on a \u003ccode\u003eGitRepo\u003c/code\u003e resource in SUSE Rancher Fleet\u0027s bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (\u003ccode\u003eBasicAuth\u003c/code\u003e) to any URL specified in the \u003ccode\u003ehelm.repo\u003c/code\u003e field of a \u003ccode\u003efleet.yaml\u003c/code\u003e file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials."
}
],
"value": "Missing filtering when the helmRepoURLRegex field isn\u0027t set on a GitRepo resource in SUSE Rancher Fleet\u0027s bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials (BasicAuth) to any URL specified in the helm.repo field of a fleet.yaml file, allowing attackers able to push to fleet monitored git repos to leak helm access credentials."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side request forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T09:30:20.688Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/advisories/GHSA-hx4v-cxpf-vh8m"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rancher Fleet SSRF in Bundle Reader via Unvalidated Helm Repository URL in fleet.yaml",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44936",
"datePublished": "2026-07-06T09:30:20.688Z",
"dateReserved": "2026-05-08T12:29:48.967Z",
"dateUpdated": "2026-07-06T12:47:45.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44934 (GCVE-0-2026-44934)
Vulnerability from cvelistv5 – Published: 2026-07-06 08:45 – Updated: 2026-07-06 18:53
VLAI
EPSS
VEX
Title
Exposed tokens in SUSE Rancher AI Agent logs
Summary
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-215 - Insertion of sensitive information into debugging code
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/rancher-ai-agent/secur… | vendor-advisory |
Date Public
2026-05-28 08:53
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T18:53:12.072112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T18:53:22.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Rancher AI Agent",
"product": "Rancher",
"repo": "https://github.com/rancher/rancher-ai-agent",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.0.2",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "loglevel set to DEBUG"
}
],
"value": "loglevel set to DEBUG"
}
],
"datePublic": "2026-05-28T08:53:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials."
}
],
"value": "A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-215",
"description": "CWE-215 Insertion of sensitive information into debugging code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T08:53:57.978Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/rancher-ai-agent/security/advisories/GHSA-5r2r-h824-fr5v"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Exposed tokens in SUSE Rancher AI Agent logs",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44934",
"datePublished": "2026-07-06T08:45:26.864Z",
"dateReserved": "2026-05-08T12:29:48.967Z",
"dateUpdated": "2026-07-06T18:53:22.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44935 (GCVE-0-2026-44935)
Vulnerability from cvelistv5 – Published: 2026-07-02 16:00 – Updated: 2026-07-03 03:56
VLAI
EPSS
VEX
Title
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
Summary
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
Severity
9.9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper validation of specified type of input
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/fleet/security/advisor… | vendor-advisory |
Impacted products
Date Public
2026-05-28 15:26
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T03:56:15.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Fleett",
"product": "Rancher",
"repo": "https://github.com/rancher/fleet/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.15.2",
"status": "affected",
"version": "0.15.0",
"versionType": "semver"
},
{
"lessThan": "0.14.6",
"status": "affected",
"version": "0.14.0",
"versionType": "semver"
},
{
"lessThan": "0.13.11",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.12.15",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-05-28T15:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003eMissing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.\u003c/div\u003e"
}
],
"value": "Missing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper validation of specified type of input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T16:01:11.745Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/fleet/security/advisories/GHSA-xr65-5cpm-g36x"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44935",
"datePublished": "2026-07-02T16:00:06.751Z",
"dateReserved": "2026-05-08T12:29:48.967Z",
"dateUpdated": "2026-07-03T03:56:15.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44941 (GCVE-0-2026-44941)
Vulnerability from cvelistv5 – Published: 2026-07-02 15:19 – Updated: 2026-07-07 13:14
VLAI
EPSS
VEX
Title
libzypp path traversal via "keyhint" in repomd.xml
Summary
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative path traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1267426 | issue-tracking |
| https://github.com/openSUSE/libzypp/commit/294b1b… | patch |
Date Public
2026-06-05 15:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-03T03:56:15.064595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T13:14:20.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libzypp",
"product": "libzypp",
"repo": "https://github.com/openSUSE/libzypp/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "17.38.12",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Trung Nguyen \u003ctrungnh@cystack.net\u003e"
}
],
"datePublic": "2026-06-05T15:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A relative path traversal in the \"keyhint\" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root."
}
],
"value": "A relative path traversal in the \"keyhint\" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative path traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:19:05.302Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1267426"
},
{
"tags": [
"patch"
],
"url": "https://github.com/openSUSE/libzypp/commit/294b1bad442d089ca671c5c03adc8031e3b29e04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "libzypp path traversal via \"keyhint\" in repomd.xml",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44941",
"datePublished": "2026-07-02T15:19:05.302Z",
"dateReserved": "2026-05-08T12:29:48.968Z",
"dateUpdated": "2026-07-07T13:14:20.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56004 (GCVE-0-2026-56004)
Vulnerability from cvelistv5 – Published: 2026-07-02 14:54 – Updated: 2026-07-02 16:11
VLAI
EPSS
VEX
Title
obs-service-tar_scm: command injection via mercurial handler
Summary
A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/openSUSE/obs-service-tar_scm/p… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openSUSE | buildservice |
Affected:
0 , < 0.12.4
(rpm)
|
Date Public
2026-07-01 13:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T16:11:22.259324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T16:11:28.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "obs-service-tar_scm",
"product": "buildservice",
"repo": "https://github.com/openSUSE/obs-service-tar_scm",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "0.12.4",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Maxime Rinaudo of Fenrisk (www.fenrisk.com \u003chttp://www.fenrisk.com\u003e)"
}
],
"datePublic": "2026-07-01T13:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services"
}
],
"value": "A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:21:08.665Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/openSUSE/obs-service-tar_scm/pull/552/changes/bcf29d318c671c45fe87dd9f995a4a0c78ecedd7"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "obs-service-tar_scm: command injection via mercurial handler",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-56004",
"datePublished": "2026-07-02T14:54:02.119Z",
"dateReserved": "2026-06-18T09:26:55.988Z",
"dateUpdated": "2026-07-02T16:11:28.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44948 (GCVE-0-2026-44948)
Vulnerability from cvelistv5 – Published: 2026-06-30 15:12 – Updated: 2026-06-30 16:00
VLAI
EPSS
VEX
Title
Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler
Summary
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative path traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/fleet/security/advisor… | vendor-advisory |
Impacted products
Date Public
2026-06-29 15:08
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T15:59:49.142430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T16:00:33.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Fleet",
"product": "Rancher",
"repo": "https://github.com/rancher/fleet/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.12.16",
"status": "affected",
"version": "0.12.0",
"versionType": "semver"
},
{
"lessThan": "0.13.12",
"status": "affected",
"version": "0.13.0",
"versionType": "semver"
},
{
"lessThan": "0.14.7",
"status": "affected",
"version": "0.14.0",
"versionType": "semver"
},
{
"lessThan": "0.15.3",
"status": "affected",
"version": "0.15.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sergey Kanibor"
}
],
"datePublic": "2026-06-29T15:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal vulnerability was found in Fleet\u0027s ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service."
}
],
"value": "A path traversal vulnerability was found in Fleet\u0027s ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative path traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T15:12:17.346Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44948",
"datePublished": "2026-06-30T15:12:17.346Z",
"dateReserved": "2026-05-08T12:29:48.969Z",
"dateUpdated": "2026-06-30T16:00:33.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44949 (GCVE-0-2026-44949)
Vulnerability from cvelistv5 – Published: 2026-06-30 14:41 – Updated: 2026-06-30 15:10
VLAI
EPSS
VEX
Title
Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook
Summary
A Rancher FleetWorkspace admission path allowed side effects to occur in
the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to
the in-cluster rancher-webhook service
could submit a crafted admission payload and cause workspace-related
Kubernetes objects to be created with attacker-chosen identity data.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/webhook/security/advis… | vendor-advisory |
Impacted products
Date Public
2026-06-29 14:27
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T15:10:07.132296Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T15:10:17.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Webhook",
"product": "Rancher",
"repo": "https://github.com/rancher/webhook/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.7.10",
"status": "affected",
"version": "0.7.0",
"versionType": "semver"
},
{
"lessThan": "0.8.7",
"status": "affected",
"version": "0.8.0",
"versionType": "semver"
},
{
"lessThan": "0.9.6",
"status": "affected",
"version": "0.9.0",
"versionType": "semver"
},
{
"lessThan": "0.10.7",
"status": "affected",
"version": "0.10.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-06-29T14:27:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster \u003ccode\u003erancher-webhook\u003c/code\u003e service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data."
}
],
"value": "A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster rancher-webhook service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T14:41:34.007Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/webhook/security/advisories/GHSA-h83p-cq95-vph4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44949",
"datePublished": "2026-06-30T14:41:34.007Z",
"dateReserved": "2026-05-08T12:29:48.969Z",
"dateUpdated": "2026-06-30T15:10:17.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44947 (GCVE-0-2026-44947)
Vulnerability from cvelistv5 – Published: 2026-06-30 14:21 – Updated: 2026-06-30 15:03
VLAI
EPSS
VEX
Title
Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
Summary
A missing clean-up in the legacy Project Role Template Binding (PRTB)
reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security
Admission (PSA) permissions after an administrator removes those
permissions from a RoleTemplate.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-281 - Improper preservation of permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/rancher/security/advis… | vendor-advisory |
Impacted products
Date Public
2026-06-29 14:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T15:03:37.236401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T15:03:44.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Rancher",
"product": "Rancher",
"repo": "https://github.com/rancher/rancher/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.13.7",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
},
{
"lessThan": "2.14.3",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Isaac David"
}
],
"datePublic": "2026-06-29T14:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."
}
],
"value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper preservation of permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T14:21:01.291Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-c4rp-wgqc-mfhc"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44947",
"datePublished": "2026-06-30T14:21:01.291Z",
"dateReserved": "2026-05-08T12:29:48.969Z",
"dateUpdated": "2026-06-30T15:03:44.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44946 (GCVE-0-2026-44946)
Vulnerability from cvelistv5 – Published: 2026-06-30 12:14 – Updated: 2026-07-01 03:55
VLAI
EPSS
VEX
Title
SAML Authentication Replay in Rancher
Summary
A SAML authentication replay vulnerability in Rancher's Assertion
Consumer Service (ACS) handler did not enforce
one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-294 - Authentication bypass by capture-replay
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/rancher/security/advis… | vendor-advisory |
Impacted products
Date Public
2026-06-29 12:07
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T03:55:46.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Rancher",
"product": "Rancher",
"repo": "https://github.com/rancher/rancher/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.14.3",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
},
{
"lessThan": "2.13.7",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
},
{
"lessThan": "2.12.11",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.15",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Corban Villa corban.villa@berkeley.edu of a U.C. Berkeley security research project by: Austin Chu, Sohee Kim, and Corban Villa"
}
],
"datePublic": "2026-06-29T12:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SAML authentication replay vulnerability in Rancher\u0027s Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,\u0026nbsp; \u0026nbsp;"
}
],
"value": "A SAML authentication replay vulnerability in Rancher\u0027s Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,"
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication bypass by capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:14:54.269Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-c5jm-xcmq-9j95"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAML Authentication Replay in Rancher",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44946",
"datePublished": "2026-06-30T12:14:54.269Z",
"dateReserved": "2026-05-08T12:29:48.969Z",
"dateUpdated": "2026-07-01T03:55:46.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41053 (GCVE-0-2026-41053)
Vulnerability from cvelistv5 – Published: 2026-06-30 11:38 – Updated: 2026-07-01 03:55
VLAI
EPSS
VEX
Title
Over-inclusive team membership expansion in GitHub App authentication provider for Rancher
Summary
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-303 - Incorrect implementation of authentication algorithm
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/rancher/security/advis… | vendor-advisory |
Impacted products
Date Public
2026-05-28 11:31
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T03:55:47.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"github auth provider"
],
"packageName": "Rancher",
"product": "Rancher",
"repo": "https://github.com/rancher/rancher/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.14.2",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
},
{
"lessThan": "2.13.6",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-05-28T11:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2."
}
],
"value": "Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-303",
"description": "CWE-303 Incorrect implementation of authentication algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T11:38:25.060Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-4j6x-2764-m8gh"
}
],
"source": {
"defect": [
"secsys_codex@163.com"
],
"discovery": "UNKNOWN"
},
"title": "Over-inclusive team membership expansion in GitHub App authentication provider for Rancher",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41053",
"datePublished": "2026-06-30T11:38:25.060Z",
"dateReserved": "2026-04-16T13:37:50.680Z",
"dateUpdated": "2026-07-01T03:55:47.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41052 (GCVE-0-2026-41052)
Vulnerability from cvelistv5 – Published: 2026-06-29 15:41 – Updated: 2026-06-30 03:55
VLAI
EPSS
VEX
Title
Rancher Privilege Escalation from Project Owner to Host
Summary
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication bypass by primary weakness
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/rancher/security/advis… | vendor-advisory |
Impacted products
Date Public
2026-05-28 11:14
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:55:34.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Rancher",
"product": "Rancher",
"repo": "https://github.com/rancher/rancher/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.12.10",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.13.6",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
},
{
"lessThan": "2.14.2",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Radtke Benedikt \u003cRadtke@iabg.de\u003e - github.com/Trolldemorted and Munier Marc \u003cMunier@iabg.de\u003e - github.com/mmunier"
}
],
"datePublic": "2026-05-28T11:14:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege handling could be used by users with\u0026nbsp;Project Owner role to escalate privileges, in Rancher versions\u0026nbsp;2.14 before 2.14.2,\u0026nbsp;2.13 before 2.13.6, and\u0026nbsp;2.12 before 2.12.10."
}
],
"value": "Improper privilege handling could be used by users with\u00a0Project Owner role to escalate privileges, in Rancher versions\u00a02.14 before 2.14.2,\u00a02.13 before 2.13.6, and\u00a02.12 before 2.12.10."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication bypass by primary weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T15:41:56.394Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-vx8h-4prv-g744"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rancher Privilege Escalation from Project Owner to Host",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41052",
"datePublished": "2026-06-29T15:41:56.394Z",
"dateReserved": "2026-04-16T13:37:50.680Z",
"dateUpdated": "2026-06-30T03:55:34.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25707 (GCVE-0-2026-25707)
Vulnerability from cvelistv5 – Published: 2026-06-29 10:04 – Updated: 2026-06-30 03:55
VLAI
EPSS
VEX
Title
Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp
Summary
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative path traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1259802 | issue-tracking |
| https://github.com/openSUSE/libzypp/commit/f09fed… | patch |
Date Public
2026-05-28 09:56
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:55:33.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libzypp",
"product": "libzypp",
"repo": "https://github.com/openSUSE/libzypp",
"vendor": "SUSE",
"versions": [
{
"lessThan": "17.38.10",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Andres of SUSE"
}
],
"datePublic": "2026-05-28T09:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation."
}
],
"value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation."
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative path traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T10:04:59.223Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1259802"
},
{
"tags": [
"patch"
],
"url": "https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-25707",
"datePublished": "2026-06-29T10:04:59.223Z",
"dateReserved": "2026-02-05T15:37:24.184Z",
"dateUpdated": "2026-06-30T03:55:33.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41049 (GCVE-0-2026-41049)
Vulnerability from cvelistv5 – Published: 2026-06-22 15:32 – Updated: 2026-07-08 05:55
VLAI
EPSS
VEX
Title
Caching of Authentication allows Authentication Bypass between users in qSnapper
Summary
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.opensuse.org/2026/05/26/qsnapper… | third-party-advisory |
| https://github.com/presire/qSnapper/releases/tag/v1.3.3 | vendor-advisory |
| https://bugzilla.suse.com/show_bug.cgi?id=1262218 | issue-tracking |
Impacted products
Date Public
2026-05-26 15:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:25:21.586546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:25:30.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "qsnapper",
"product": "qSnapper",
"repo": "https://github.com/presire/qSnapper",
"vendor": "presire",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "1.2.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2026-05-26T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect caching of authentication between different users of the\u0026nbsp; qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them."
}
],
"value": "Incorrect caching of authentication between different users of the\u00a0 qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T05:55:01.962Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1262218"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Caching of Authentication allows Authentication Bypass between users in qSnapper",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41049",
"datePublished": "2026-06-22T15:32:59.192Z",
"dateReserved": "2026-04-16T13:37:50.679Z",
"dateUpdated": "2026-07-08T05:55:01.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41048 (GCVE-0-2026-41048)
Vulnerability from cvelistv5 – Published: 2026-06-22 15:31 – Updated: 2026-07-07 09:31
VLAI
EPSS
VEX
Title
Caching of Authentication allows Authentication Bypass in qSnapper
Summary
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.opensuse.org/2026/05/26/qsnapper… | third-party-advisory |
| https://github.com/presire/qSnapper/releases/tag/v1.3.3 | vendor-advisory |
| https://bugzilla.suse.com/show_bug.cgi?id=1262218 | issue-tracking |
Impacted products
Date Public
2026-05-26 15:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:24:42.461147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:24:59.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "qsnapper",
"product": "qSnapper",
"repo": "https://github.com/presire/qSnapper",
"vendor": "presire",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "1.2.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2026-05-26T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like \"restore from snapshot\" even if only allowed to do \"delete snapshot\"."
}
],
"value": "Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like \"restore from snapshot\" even if only allowed to do \"delete snapshot\"."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T09:31:37.959Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1262218"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Caching of Authentication allows Authentication Bypass in qSnapper",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41048",
"datePublished": "2026-06-22T15:31:14.606Z",
"dateReserved": "2026-04-16T13:37:50.679Z",
"dateUpdated": "2026-07-07T09:31:37.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41047 (GCVE-0-2026-41047)
Vulnerability from cvelistv5 – Published: 2026-06-22 15:25 – Updated: 2026-06-22 16:24
VLAI
EPSS
VEX
Title
Information leak via “diff” methods in qSnapper
Summary
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing authentication for critical function
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.opensuse.org/2026/05/26/qsnapper… | third-party-advisory |
| https://github.com/presire/qSnapper/releases/tag/v1.3.3 | vendor-advisory |
| https://bugzilla.suse.com/show_bug.cgi?id=1261890 | issue-tracking |
Date Public
2026-05-26 15:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:24:13.803772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:24:23.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "qsnapper",
"product": "qSnapper",
"repo": "https://github.com/presire/qSnapper",
"vendor": "presire",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2026-05-26T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of authentication when using the \"snapshot diff\" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information."
}
],
"value": "Lack of authentication when using the \"snapshot diff\" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing authentication for critical function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:25:12.478Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-info-leak"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1261890"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Information leak via \u201cdiff\u201d methods in qSnapper",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41047",
"datePublished": "2026-06-22T15:25:12.478Z",
"dateReserved": "2026-04-16T13:37:50.679Z",
"dateUpdated": "2026-06-22T16:24:23.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41046 (GCVE-0-2026-41046)
Vulnerability from cvelistv5 – Published: 2026-06-22 15:20 – Updated: 2026-06-22 16:23
VLAI
EPSS
VEX
Title
path traversal via `config` parameter in qSnapper
Summary
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative path traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.opensuse.org/2026/05/26/qsnapper… | third-party-advisory |
| https://github.com/presire/qSnapper/releases/tag/v1.3.3 | vendor-advisory |
| https://bugzilla.suse.com/show_bug.cgi?id=1261889 | issue-tracking |
Date Public
2026-05-26 15:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:23:42.492038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:23:53.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "qsnapper",
"product": "qSnapper",
"repo": "https://github.com/presire/qSnapper",
"vendor": "presire",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2026-05-26T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal attack when using a \"configName\" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root."
}
],
"value": "A path traversal attack when using a \"configName\" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root."
}
],
"impacts": [
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17 Using Malicious Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative path traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:20:30.872Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-path-traversal"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1261889"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "path traversal via `config` parameter in qSnapper",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41046",
"datePublished": "2026-06-22T15:20:30.872Z",
"dateReserved": "2026-04-16T13:37:50.679Z",
"dateUpdated": "2026-06-22T16:23:53.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41045 (GCVE-0-2026-41045)
Vulnerability from cvelistv5 – Published: 2026-06-22 15:16 – Updated: 2026-06-22 16:23
VLAI
EPSS
VEX
Title
Weak polkit authentication check in qSnapper
Summary
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-367 - Time-of-check time-of-use (TOCTOU) race condition
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security.opensuse.org/2026/05/26/qsnapper… | third-party-advisory |
| https://github.com/presire/qSnapper/releases/tag/v1.3.3 | vendor-advisory |
| https://bugzilla.suse.com/show_bug.cgi?id=1261795 | issue-tracking |
Date Public
2026-05-26 15:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:23:09.435199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T16:23:19.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "qsnapper",
"product": "qSnapper",
"repo": "https://github.com/presire/qSnapper",
"vendor": "presire",
"versions": [
{
"lessThan": "1.3.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2026-05-26T15:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user."
}
],
"value": "A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:16:37.631Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-polkit-bypass"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1261795"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Weak polkit authentication check in qSnapper",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41045",
"datePublished": "2026-06-22T15:16:37.631Z",
"dateReserved": "2026-04-16T13:37:50.679Z",
"dateUpdated": "2026-06-22T16:23:19.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44939 (GCVE-0-2026-44939)
Vulnerability from cvelistv5 – Published: 2026-06-19 12:13 – Updated: 2026-06-24 03:56
VLAI
EPSS
VEX
Title
Command injection through unsanitized YAML parameter in Rancher
Summary
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-95 - Improper neutralization of directives in dynamically evaluated code ('eval injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rancher/rancher/security/advis… | vendor-advisory |
Impacted products
Date Public
2026-05-27 16:36
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T03:56:15.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Rancher",
"product": "Rancher",
"repo": "https://github.com/rancher/rancher/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.14.2",
"status": "affected",
"version": "2.14.0",
"versionType": "semver"
},
{
"lessThan": "2.13.6",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
},
{
"lessThan": "2.12.10",
"status": "affected",
"version": "2.12.0",
"versionType": "semver"
},
{
"lessThan": "2.11.14",
"status": "affected",
"version": "2.11.0",
"versionType": "semver"
},
{
"lessThan": "2.10.12",
"status": "affected",
"version": "2.10.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-05-27T16:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint \u003ccode\u003e/v3/import/{token}_{clusterId}.yaml\u003c/code\u003e through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."
}
],
"value": "A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95 Improper neutralization of directives in dynamically evaluated code (\u0027eval injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T12:13:39.936Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/rancher/rancher/security/advisories/GHSA-mhc6-2gfq-xx62"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection through unsanitized YAML parameter in Rancher",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44939",
"datePublished": "2026-06-19T12:13:39.936Z",
"dateReserved": "2026-05-08T12:29:48.967Z",
"dateUpdated": "2026-06-24T03:56:15.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44942 (GCVE-0-2026-44942)
Vulnerability from cvelistv5 – Published: 2026-06-18 09:57 – Updated: 2026-06-18 12:09
VLAI
EPSS
VEX
Title
libzypp .repo files can have an optional path which can lead to path traversal attacks
Summary
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-24 - Path traversal: '../filedir'
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1267874 | issue-tracking |
| https://www.suse.com/security/cve/CVE-2026-44942.html | vendor-advisory |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-18T12:05:47.827082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T12:09:37.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"repo parsing"
],
"packageName": "libzypp",
"product": "libzypp",
"repo": "https://github.com/opensuse/libzypp",
"vendor": "SUSE",
"versions": [
{
"lessThan": "17.38.13",
"status": "affected",
"version": "17.0.0",
"versionType": "semver"
},
{
"lessThan": "16.22.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Andres"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."
}
],
"value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T09:57:12.821Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1267874"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.suse.com/security/cve/CVE-2026-44942.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "libzypp .repo files can have an optional path which can lead to path traversal attacks",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44942",
"datePublished": "2026-06-18T09:57:12.821Z",
"dateReserved": "2026-05-08T12:29:48.968Z",
"dateUpdated": "2026-06-18T12:09:37.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-71261 (GCVE-0-2025-71261)
Vulnerability from cvelistv5 – Published: 2026-06-16 15:42 – Updated: 2026-06-16 17:52
VLAI
EPSS
VEX
Title
Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
Summary
An attacker with network-level access between the SUSE Virtualization
and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it
to bypass TLS as a security control.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/harvester/harvester/security/a… | vendor-advisory |
Date Public
2026-06-16 15:38
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-16T17:52:23.783748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T17:52:30.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"SUSE Virtualization (Harvester) Rancher integration mechanism"
],
"packageName": "Harvester",
"product": "Harvester",
"repo": "https://github.com/harvester/harvester/",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-16T15:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker with network-level access between the SUSE Virtualization \nand Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it \nto bypass TLS as a security control."
}
],
"value": "An attacker with network-level access between the SUSE Virtualization \nand Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it \nto bypass TLS as a security control."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T15:42:32.446Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/harvester/harvester/security/advisories/GHSA-pgh9-mpwc-8jjf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Harvester\u0027s SUSE Virtualization Registration Client Vulnerable to MITM and DOS",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-71261",
"datePublished": "2026-06-16T15:42:32.446Z",
"dateReserved": "2026-03-03T12:54:04.008Z",
"dateUpdated": "2026-06-16T17:52:30.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44932 (GCVE-0-2026-44932)
Vulnerability from cvelistv5 – Published: 2026-06-16 15:26 – Updated: 2026-06-18 03:55
VLAI
EPSS
VEX
Title
indirect remote shell command injection via unsanitized DHCP options in wicked
Summary
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1265221 | issue-tracking |
| https://github.com/openSUSE/wicked/releases/tag/v… | release-notes |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
| https://lists.suse.com/pipermail/sle-security-upd… | vendor-advisory |
Date Public
2026-06-10 15:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T03:55:34.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/openSUSE/wicked",
"defaultStatus": "unaffected",
"modules": [
"dhcp handling"
],
"packageName": "wicked",
"product": "wicked",
"repo": "https://github.com/openSUSE/wicked",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.6.79",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wolfgang Frisch using Claude Opus"
}
],
"datePublic": "2026-06-10T15:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003ePassing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.\u003c/div\u003e"
}
],
"value": "Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T15:26:51.919Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1265221"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/openSUSE/wicked/releases/tag/version-0.6.79"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026688.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026689.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026690.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026691.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "indirect remote shell command injection via unsanitized DHCP options in wicked",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44932",
"datePublished": "2026-06-16T15:26:51.919Z",
"dateReserved": "2026-05-08T12:29:48.966Z",
"dateUpdated": "2026-06-18T03:55:34.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41054 (GCVE-0-2026-41054)
Vulnerability from cvelistv5 – Published: 2026-05-20 08:56 – Updated: 2026-06-05 11:06
VLAI
EPSS
VEX
Title
Missing exit out of permission check in haveged could lead to root exploit
Summary
In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
8 references
Impacted products
34 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | Container suse/sle-micro-rancher/5.3:latest |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Container suse/sle-micro-rancher/5.4:latest |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Container suse/sle-micro/5.5:latest |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-BYOS |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-BYOS-Azure |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-BYOS-EC2 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-BYOS-GCE |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-Hardened |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-Hardened-BYOS |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-Hardened-BYOS-Azure |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-Hardened-BYOS-EC2 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-Hardened-BYOS-GCE |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | Image SLES15-SP4-SAP-Hardened-GCE |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Desktop 15 SP7 |
Affected:
? , < 1.9.14-150600.11.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP7 |
Affected:
? , < 1.9.14-150600.11.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Module for Basesystem 15 SP7 |
Affected:
? , < 1.9.14-150600.11.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP7 |
Affected:
? , < 1.9.14-150600.11.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP7 |
Affected:
? , < 1.9.14-150600.11.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Micro 5.3 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Micro 5.4 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Micro 5.5 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP4-LTSS |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP5-LTSS |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server 15 SP6-LTSS |
Affected:
? , < 1.9.14-150600.11.6.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP4 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP5 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Linux Enterprise Server for SAP Applications 15 SP6 |
Affected:
? , < 1.9.14-150600.11.6.1
(custom)
|
|
| SUSE | SUSE Manager Proxy LTS 4.3 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Manager Retail Branch Server LTS 4.3 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
|
| SUSE | SUSE Manager Server LTS 4.3 |
Affected:
? , < 1.9.14-150400.3.11.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-06-05T11:06:34.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/19/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/19/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/19/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/20/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/17"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/22/1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T03:55:33.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Container suse/sle-micro-rancher/5.3:latest",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Container suse/sle-micro-rancher/5.3:latest",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Container suse/sle-micro-rancher/5.4:latest",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Container suse/sle-micro-rancher/5.4:latest",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Container suse/sle-micro/5.5:latest",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Container suse/sle-micro/5.5:latest",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-Hardened",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-Hardened",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-Hardened-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-Hardened-BYOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "Image SLES15-SP4-SAP-Hardened-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "Image SLES15-SP4-SAP-Hardened-GCE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Desktop 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Desktop 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Desktop 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Server 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Server 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Server 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Micro 5.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Micro 5.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Micro 5.4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Micro 5.4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Micro 5.5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Micro 5.5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150600.11.6.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Manager Proxy LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Manager Proxy LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Manager Proxy LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Manager Retail Branch Server LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Manager Retail Branch Server LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Manager Retail Branch Server LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged",
"product": "SUSE Manager Server LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "haveged-devel",
"product": "SUSE Manager Server LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libhavege2",
"product": "SUSE Manager Server LTS 4.3",
"vendor": "SUSE",
"versions": [
{
"lessThan": "1.9.14-150400.3.11.1",
"status": "affected",
"version": "?",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dirk Mueller of SUSE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cpre\u003eIn `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.\u003c/pre\u003e\u003c/div\u003e"
}
],
"value": "In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T08:56:14.466Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41054"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Missing exit out of permission check in haveged could lead to root exploit",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-41054",
"datePublished": "2026-05-20T08:56:14.466Z",
"dateReserved": "2026-04-16T13:37:50.680Z",
"dateUpdated": "2026-06-05T11:06:34.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44933 (GCVE-0-2026-44933)
Vulnerability from cvelistv5 – Published: 2026-05-20 08:51 – Updated: 2026-05-21 03:55
VLAI
EPSS
VEX
Title
Path Traversal in Plugin Loading in libzypp
Summary
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-35 - Path traversal: '.../...//'
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise |
Affected:
17.38.8 , < 17.38.9
(semver)
|
|
| SUSE | openSUSE |
Affected:
17.38.8 , < 17.38.9
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T03:55:32.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "libzypp",
"product": "SUSE Linux Enterprise",
"vendor": "SUSE",
"versions": [
{
"lessThan": "17.38.9",
"status": "affected",
"version": "17.38.8",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "libzypp",
"product": "openSUSE",
"vendor": "SUSE",
"versions": [
{
"lessThan": "17.38.9",
"status": "affected",
"version": "17.38.8",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dirk Mueller of SUSE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cpre\u003e`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.\u003c/pre\u003e"
}
],
"value": "`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35 Path traversal: \u0027.../...//\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T08:51:12.770Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44933"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Path Traversal in Plugin Loading in libzypp",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2026-44933",
"datePublished": "2026-05-20T08:51:12.770Z",
"dateReserved": "2026-05-08T12:29:48.966Z",
"dateUpdated": "2026-05-21T03:55:32.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}