Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0623
Vulnerability from certfr_avis - Published: 2026-05-20 - Updated: 2026-05-21
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service.
Microsoft indique que les vulnérabilités CVE-2026-41091 et CVE-2026-45498 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | azl3 kernel-hwe 6.12.0.0-1 versions antérieures à 6.12.89.1-1 | ||
| Microsoft | N/A | azl3 python-urllib3 2.0.7-4 versions antérieures à 2.0.7-5 | ||
| Microsoft | N/A | Microsoft Malware Protection Engine | ||
| Microsoft | N/A | azl3 vim 9.2.0392-1 versions antérieures à 9.2.0488-1 | ||
| Microsoft | N/A | azl3 kernel 6.6.138.1-1 | ||
| Microsoft | N/A | azl3 openvswitch 3.3.0-2 versions antérieures à 3.3.0-3 | ||
| Microsoft | N/A | Microsoft Defender Antimalware Platform |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 kernel-hwe 6.12.0.0-1 versions ant\u00e9rieures \u00e0 6.12.89.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-urllib3 2.0.7-4 versions ant\u00e9rieures \u00e0 2.0.7-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Malware Protection Engine",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 vim 9.2.0392-1 versions ant\u00e9rieures \u00e0 9.2.0488-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.138.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 openvswitch 3.3.0-2 versions ant\u00e9rieures \u00e0 3.3.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender Antimalware Platform",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-34956",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34956"
},
{
"name": "CVE-2026-45584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45584"
},
{
"name": "CVE-2026-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41091"
},
{
"name": "CVE-2026-46483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46483"
},
{
"name": "CVE-2026-46333",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46333"
},
{
"name": "CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"name": "CVE-2026-45498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45498"
}
],
"initial_release_date": "2026-05-20T00:00:00",
"last_revision_date": "2026-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0623",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-20T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 CVE-2026-46333.",
"revision_date": "2026-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service.\n\nMicrosoft indique que les vuln\u00e9rabilit\u00e9s CVE-2026-41091 et CVE-2026-45498 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46333",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46333"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45498",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498"
},
{
"published_at": "2026-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34956",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34956"
},
{
"published_at": "2026-05-16",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-44431",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44431"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-45584",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584"
},
{
"published_at": "2026-05-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-46483",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-46483"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41091",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091"
}
]
}
CVE-2026-34956 (GCVE-0-2026-34956)
Vulnerability from cvelistv5 – Published: 2026-05-05 15:45 – Updated: 2026-05-06 14:17
VLAI?
EPSS
Title
Openvswitch: open vswitch: denial of service via malformed ftp epasv command
Summary
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.
Severity ?
5.9 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-34956 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2453459 | issue-trackingx_refsource_REDHAT |
Impacted products
40 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Fast Datapath for RHEL 7 |
cpe:/o:redhat:enterprise_linux:7::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 7 |
cpe:/o:redhat:enterprise_linux:7::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 7 |
cpe:/o:redhat:enterprise_linux:7::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 7 |
cpe:/o:redhat:enterprise_linux:7::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 7 |
cpe:/o:redhat:enterprise_linux:7::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 7 |
cpe:/o:redhat:enterprise_linux:7::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 7 |
cpe:/o:redhat:enterprise_linux:7::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 7 |
cpe:/o:redhat:enterprise_linux:7::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 8 |
cpe:/o:redhat:enterprise_linux:8::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Fast Datapath for RHEL 9 |
cpe:/o:redhat:enterprise_linux:9::fastdatapath |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenStack Platform 13 (Queens) |
cpe:/a:redhat:openstack:13 |
|
| Red Hat | Red Hat OpenStack Platform 13 (Queens) |
cpe:/a:redhat:openstack:13 |
|
| Red Hat | Red Hat OpenStack Platform 13 (Queens) |
cpe:/a:redhat:openstack:13 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
Date Public ?
2026-03-31 00:00
Credits
Red Hat would like to thank Seiji Sakurai for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-05T16:36:17.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/03/31/15"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-34956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-06T14:17:23.457705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-06T14:17:37.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.10",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch-selinux-extra-policy",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.11",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.12",
"product": "Fast Datapath for RHEL 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.11",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.12",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.13",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.15",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.16",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch-selinux-extra-policy",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.11",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "ovn2.12",
"product": "Fast Datapath for RHEL 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.0",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.2",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.3",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.4",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.5",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.6",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::fastdatapath"
],
"defaultStatus": "affected",
"packageName": "openvswitch-selinux-extra-policy",
"product": "Fast Datapath for RHEL 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "openvswitch",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch2.17",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.0",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "openvswitch3.1",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "affected",
"packageName": "rhosp13/openstack-neutron-openvswitch-agent",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "affected",
"packageName": "rhosp13/openstack-openvswitch-base",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:13"
],
"defaultStatus": "affected",
"packageName": "rhosp13/openstack-ovn-base",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"packageName": "rhosp-openvswitch",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"packageName": "rhosp-rhel8/openstack-neutron-openvswitch-agent",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "affected",
"packageName": "rhosp-openvswitch",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "affected",
"packageName": "rhosp-rhel9/openstack-neutron-openvswitch-agent",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"packageName": "rhoso-openvswitch",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Seiji Sakurai for reporting this issue."
}
],
"datePublic": "2026-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T15:45:04.638Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-34956"
},
{
"name": "RHBZ#2453459",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453459"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-31T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-31T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Openvswitch: open vswitch: denial of service via malformed ftp epasv command",
"workarounds": [
{
"lang": "en",
"value": "Optionally, avoid using alg=ftp flows. These are not usually configured."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-34956",
"datePublished": "2026-05-05T15:45:04.638Z",
"dateReserved": "2026-03-31T17:43:41.756Z",
"dateUpdated": "2026-05-06T14:17:37.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41091 (GCVE-0-2026-41091)
Vulnerability from cvelistv5 – Published: 2026-05-20 13:09 – Updated: 2026-05-22 22:03
VLAI?
EPSS
Title
Microsoft Defender Elevation of Privilege Vulnerability
Summary
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Severity ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Malware Protection Engine |
Affected:
-
|
Date Public ?
2026-05-19 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41091",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-05-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41091"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T03:55:23.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-41091"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-20T00:00:00.000Z",
"value": "CVE-2026-41091 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Malware Protection Engine",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-19T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Microsoft Defender allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T22:03:59.591Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Defender Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091"
}
],
"title": "Microsoft Defender Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-41091",
"datePublished": "2026-05-20T13:09:13.634Z",
"dateReserved": "2026-04-16T19:12:36.195Z",
"dateUpdated": "2026-05-22T22:03:59.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-44431 (GCVE-0-2026-44431)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:20 – Updated: 2026-05-13 17:17
VLAI?
EPSS
Title
urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
Summary
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/urllib3/urllib3/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44431",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T16:51:26.677054Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T17:17:07.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.23, \u003c 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:20:24.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"source": {
"advisory": "GHSA-qccp-gfcp-xxvc",
"discovery": "UNKNOWN"
},
"title": "urllib3: Sensitive headers forwarded across origins in proxied low-level redirects"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44431",
"datePublished": "2026-05-13T15:20:24.588Z",
"dateReserved": "2026-05-06T14:40:00.954Z",
"dateUpdated": "2026-05-13T17:17:07.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45498 (GCVE-0-2026-45498)
Vulnerability from cvelistv5 – Published: 2026-05-20 13:09 – Updated: 2026-05-22 22:03
VLAI?
EPSS
Title
Microsoft Defender Denial of Service Vulnerability
Summary
Microsoft Defender Denial of Service Vulnerability
Severity ?
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Defender Antimalware Platform |
Affected:
-
|
Date Public ?
2026-05-19 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45498",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-05-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45498"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T03:55:24.429Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-45498"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-20T00:00:00.000Z",
"value": "CVE-2026-45498 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Defender Antimalware Platform",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-19T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Defender Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T22:03:59.011Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Defender Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498"
}
],
"title": "Microsoft Defender Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-45498",
"datePublished": "2026-05-20T13:09:12.903Z",
"dateReserved": "2026-05-12T16:07:22.619Z",
"dateUpdated": "2026-05-22T22:03:59.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45584 (GCVE-0-2026-45584)
Vulnerability from cvelistv5 – Published: 2026-05-20 13:09 – Updated: 2026-05-22 22:04
VLAI?
EPSS
Title
Microsoft Defender Remote Code Execution Vulnerability
Summary
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Malware Protection Engine |
Affected:
-
|
Date Public ?
2026-05-19 14:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T03:55:25.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Malware Protection Engine",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:malware_protection_engine:*:*:*:*:*:*:*:*",
"versionStartIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-05-19T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T22:04:32.208Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Defender Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584"
}
],
"title": "Microsoft Defender Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-45584",
"datePublished": "2026-05-20T13:09:44.329Z",
"dateReserved": "2026-05-12T19:55:45.729Z",
"dateUpdated": "2026-05-22T22:04:32.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46333 (GCVE-0-2026-46333)
Vulnerability from cvelistv5 – Published: 2026-05-15 12:58 – Updated: 2026-05-23 16:07
VLAI?
EPSS
Title
ptrace: slightly saner 'get_dumpable()' logic
Summary
In the Linux kernel, the following vulnerability has been resolved:
ptrace: slightly saner 'get_dumpable()' logic
The 'dumpability' of a task is fundamentally about the memory image of
the task - the concept comes from whether it can core dump or not - and
makes no sense when you don't have an associated mm.
And almost all users do in fact use it only for the case where the task
has a mm pointer.
But we have one odd special case: ptrace_may_access() uses 'dumpable' to
check various other things entirely independently of the MM (typically
explicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for
threads that no longer have a VM (and maybe never did, like most kernel
threads).
It's not what this flag was designed for, but it is what it is.
The ptrace code does check that the uid/gid matches, so you do have to
be uid-0 to see kernel thread details, but this means that the
traditional "drop capabilities" model doesn't make any difference for
this all.
Make it all make a *bit* more sense by saying that if you don't have a
MM pointer, we'll use a cached "last dumpability" flag if the thread
ever had a MM (it will be zero for kernel threads since it is never
set), and require a proper CAP_SYS_PTRACE capability to override.
Severity ?
7.1 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6
(git)
Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 15b828a46f305ae9f05a7c16914b3ce273474205 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 4709234fd1b95136ceb789f639b1e7ea5de1b181 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 8f907d345bae8f4b3f004c5abc56bf2dfb851ea7 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 2a93a4fac7b6051d3be7cd1b015fe7320cd0404d (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 01363cb3fbd0238ffdeb09f53e9039c9edf8a730 (git) Affected: bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 , < 31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a (git) Affected: d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12 (git) Affected: 03eed7afbc09e061f66b448daf7863174c3dc3f3 (git) Affected: e45692fa1aea06676449b63ef3c2b6e1e72b7578 (git) Affected: 694a95fa6dae4991f16cda333d897ea063021fed (git) Affected: 3.16.52 , < 3.17 (semver) Affected: 4.4.40 , < 4.5 (semver) Affected: 4.8.16 , < 4.9 (semver) Affected: 4.9.1 , < 4.10 (semver) |
|
| Linux | Linux |
Affected:
4.10
Unaffected: 0 , < 4.10 (semver) Unaffected: 5.10.256 , ≤ 5.10.* (semver) Unaffected: 5.15.207 , ≤ 5.15.* (semver) Unaffected: 6.1.173 , ≤ 6.1.* (semver) Unaffected: 6.6.139 , ≤ 6.6.* (semver) Unaffected: 6.12.89 , ≤ 6.12.* (semver) Unaffected: 6.18.31 , ≤ 6.18.* (semver) Unaffected: 7.0.8 , ≤ 7.0.* (semver) Unaffected: 7.1-rc4 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-20T18:47:13.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/15/9"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00032.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00035.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/20/14"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/20/16"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46333",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T03:55:24.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/sched.h",
"kernel/exit.c",
"kernel/ptrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "15b828a46f305ae9f05a7c16914b3ce273474205",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "4709234fd1b95136ceb789f639b1e7ea5de1b181",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "8f907d345bae8f4b3f004c5abc56bf2dfb851ea7",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "2a93a4fac7b6051d3be7cd1b015fe7320cd0404d",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "01363cb3fbd0238ffdeb09f53e9039c9edf8a730",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"lessThan": "31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a",
"status": "affected",
"version": "bfedb589252c01fa505ac9f6f2a3d5d68d707ef4",
"versionType": "git"
},
{
"status": "affected",
"version": "d5b3e840dbf6dd2c0f30b5982b6f5ecd49e46b12",
"versionType": "git"
},
{
"status": "affected",
"version": "03eed7afbc09e061f66b448daf7863174c3dc3f3",
"versionType": "git"
},
{
"status": "affected",
"version": "e45692fa1aea06676449b63ef3c2b6e1e72b7578",
"versionType": "git"
},
{
"status": "affected",
"version": "694a95fa6dae4991f16cda333d897ea063021fed",
"versionType": "git"
},
{
"lessThan": "3.17",
"status": "affected",
"version": "3.16.52",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.40",
"versionType": "semver"
},
{
"lessThan": "4.9",
"status": "affected",
"version": "4.8.16",
"versionType": "semver"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.1",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/sched.h",
"kernel/exit.c",
"kernel/ptrace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.256",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.207",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.173",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.89",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.31",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1-rc4",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.256",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.207",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.173",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.139",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.89",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.31",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.8",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1-rc4",
"versionStartIncluding": "4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.8.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:07:12.401Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/93d4ba49d18e3d7fb41a9927c2d0cca5e9dfefd6"
},
{
"url": "https://git.kernel.org/stable/c/15b828a46f305ae9f05a7c16914b3ce273474205"
},
{
"url": "https://git.kernel.org/stable/c/4709234fd1b95136ceb789f639b1e7ea5de1b181"
},
{
"url": "https://git.kernel.org/stable/c/8f907d345bae8f4b3f004c5abc56bf2dfb851ea7"
},
{
"url": "https://git.kernel.org/stable/c/6e5b51e74a40d377bcd3081dd33fbaa0e1aa7e3d"
},
{
"url": "https://git.kernel.org/stable/c/2a93a4fac7b6051d3be7cd1b015fe7320cd0404d"
},
{
"url": "https://git.kernel.org/stable/c/01363cb3fbd0238ffdeb09f53e9039c9edf8a730"
},
{
"url": "https://git.kernel.org/stable/c/31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a"
}
],
"title": "ptrace: slightly saner \u0027get_dumpable()\u0027 logic",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-46333",
"datePublished": "2026-05-15T12:58:44.599Z",
"dateReserved": "2026-05-13T15:03:33.113Z",
"dateUpdated": "2026-05-23T16:07:12.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46483 (GCVE-0-2026-46483)
Vulnerability from cvelistv5 – Published: 2026-05-15 14:57 – Updated: 2026-05-15 15:57
VLAI?
EPSS
Title
Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag
Summary
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in
runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user's context. This vulnerability is fixed in 9.2.0479.
Severity ?
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/vim/vim/security/advisories/GH… | x_refsource_CONFIRM |
| https://github.com/vim/vim/commit/3fb5e58fbc63d86… | x_refsource_MISC |
| https://github.com/vim/vim/releases/tag/v9.2.0479 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T15:56:10.744324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T15:57:39.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vim",
"vendor": "vim",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.479"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in\nruntime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(tartail) without the {special} flag, allowing a crafted archive filename to trigger Vim cmdline-special expansion and execute shell commands in the user\u0027s context. This vulnerability is fixed in 9.2.0479."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T14:57:31.872Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w"
},
{
"name": "https://github.com/vim/vim/commit/3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/commit/3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1"
},
{
"name": "https://github.com/vim/vim/releases/tag/v9.2.0479",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vim/vim/releases/tag/v9.2.0479"
}
],
"source": {
"advisory": "GHSA-2fpv-9ff7-xg5w",
"discovery": "UNKNOWN"
},
"title": "Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46483",
"datePublished": "2026-05-15T14:57:31.872Z",
"dateReserved": "2026-05-14T18:06:06.810Z",
"dateUpdated": "2026-05-15T15:57:39.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…