CVE-2026-24889 (GCVE-0-2026-24889)

Vulnerability from cvelistv5 – Published: 2026-01-28 22:01 – Updated: 2026-01-29 18:00
VLAI?
Title
soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64
Summary
soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-controlled or computed range bounds to `Bytes::slice`, `Vec::slice`, or `Prng::gen_range` may silently operate on incorrect data ranges or generate random numbers from an unintended range, potentially resulting in corrupted contract state. Note that the best practice when using the `soroban-sdk` and building Soroban contracts is to always enable `overflow-checks = true`. The `stellar contract init` tool that prepares the boiler plate for a Soroban contract, as well as all examples and docs, encourage the use of configuring `overflow-checks = true` on `release` profiles so that these arithmetic operations fail rather than silently wrap. Contracts are only impacted if they use `overflow-checks = false` either explicitly or implicitly. It is anticipated the majority of contracts could not be impacted because the best practice encouraged by tooling is to enable `overflow-checks`. The fix available in `25.0.1`, `23.5.1`, and `25.0.2` replaces bare arithmetic with `checked_add` / `checked_sub`, ensuring overflow traps regardless of the `overflow-checks` profile setting. As a workaround, contract workspaces can be configured with a profile available in the GitHub Securtity Advisory to enable overflow checks on the arithmetic operations. This is the best practice when developing Soroban contracts, and the default if using the contract boilerplate generated using `stellar contract init`. Alternatively, contracts can validate range bounds before passing them to `slice` or `gen_range` to ensure the conversions cannot overflow.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE
  • CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
Vendor Product Version
stellar rs-soroban-sdk Affected: < 22.0.9
Affected: >= 23.0.0, < 23.5.1
Affected: >= 25.0.0, < 25.0.2
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-24889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-29T16:01:43.687365Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-29T18:00:47.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rs-soroban-sdk",
          "vendor": "stellar",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 22.0.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 23.0.0, \u003c 23.5.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 25.0.0, \u003c 25.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-controlled or computed range bounds to `Bytes::slice`, `Vec::slice`, or `Prng::gen_range` may silently operate on incorrect data ranges or generate random numbers from an unintended range, potentially resulting in corrupted contract state. Note that the best practice when using the `soroban-sdk` and building Soroban contracts is to always enable `overflow-checks = true`. The `stellar contract init` tool that prepares the boiler plate for a Soroban contract, as well as all examples and docs, encourage the use of configuring `overflow-checks = true` on `release` profiles so that these arithmetic operations fail rather than silently wrap. Contracts are only impacted if they use `overflow-checks = false` either explicitly or implicitly. It is anticipated the majority of contracts could not be impacted because the best practice encouraged by tooling is to enable `overflow-checks`. The fix available in `25.0.1`, `23.5.1`, and `25.0.2` replaces bare arithmetic with `checked_add` / `checked_sub`, ensuring overflow traps regardless of the `overflow-checks` profile setting. As a workaround, contract workspaces can be configured with a profile available in the GitHub Securtity Advisory to enable overflow checks on the arithmetic operations. This is the best practice when developing Soroban contracts, and the default if using the contract boilerplate generated using `stellar contract init`. Alternatively, contracts can validate range bounds before passing them to `slice` or `gen_range` to ensure the conversions cannot overflow."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-28T22:01:00.374Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f"
        },
        {
          "name": "https://github.com/stellar/rs-soroban-sdk/pull/1703",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/stellar/rs-soroban-sdk/pull/1703"
        },
        {
          "name": "https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38"
        },
        {
          "name": "https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e"
        },
        {
          "name": "https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462"
        },
        {
          "name": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9"
        },
        {
          "name": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1"
        },
        {
          "name": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2"
        }
      ],
      "source": {
        "advisory": "GHSA-96xm-fv9w-pf3f",
        "discovery": "UNKNOWN"
      },
      "title": "soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-24889",
    "datePublished": "2026-01-28T22:01:00.374Z",
    "dateReserved": "2026-01-27T19:35:20.528Z",
    "dateUpdated": "2026-01-29T18:00:47.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-24889\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-28T22:15:56.700\",\"lastModified\":\"2026-03-02T18:28:26.323\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-controlled or computed range bounds to `Bytes::slice`, `Vec::slice`, or `Prng::gen_range` may silently operate on incorrect data ranges or generate random numbers from an unintended range, potentially resulting in corrupted contract state. Note that the best practice when using the `soroban-sdk` and building Soroban contracts is to always enable `overflow-checks = true`. The `stellar contract init` tool that prepares the boiler plate for a Soroban contract, as well as all examples and docs, encourage the use of configuring `overflow-checks = true` on `release` profiles so that these arithmetic operations fail rather than silently wrap. Contracts are only impacted if they use `overflow-checks = false` either explicitly or implicitly. It is anticipated the majority of contracts could not be impacted because the best practice encouraged by tooling is to enable `overflow-checks`. The fix available in `25.0.1`, `23.5.1`, and `25.0.2` replaces bare arithmetic with `checked_add` / `checked_sub`, ensuring overflow traps regardless of the `overflow-checks` profile setting. As a workaround, contract workspaces can be configured with a profile available in the GitHub Securtity Advisory to enable overflow checks on the arithmetic operations. This is the best practice when developing Soroban contracts, and the default if using the contract boilerplate generated using `stellar contract init`. Alternatively, contracts can validate range bounds before passing them to `slice` or `gen_range` to ensure the conversions cannot overflow.\"},{\"lang\":\"es\",\"value\":\"`soroban-sdk` es un SDK de Rust para contratos Soroban. El desbordamiento aritm\u00e9tico puede activarse en los m\u00e9todos `Bytes::slice`, `Vec::slice` y `Prng::gen_range` (para `u64`) en el `soroban-sdk` en versiones hasta la `25.0.1`, `23.5.1` y `25.0.2` inclusive. Los contratos que pasan l\u00edmites de rango controlados por el usuario o calculados a `Bytes::slice`, `Vec::slice` o `Prng::gen_range` pueden operar silenciosamente en rangos de datos incorrectos o generar n\u00fameros aleatorios de un rango no deseado, lo que podr\u00eda resultar en un estado de contrato corrupto. Tenga en cuenta que la mejor pr\u00e1ctica al usar el `soroban-sdk` y construir contratos Soroban es habilitar siempre `overflow-checks = true`. La herramienta `stellar contract init` que prepara el c\u00f3digo base para un contrato Soroban, as\u00ed como todos los ejemplos y la documentaci\u00f3n, fomentan el uso de configurar `overflow-checks = true` en perfiles de `release` para que estas operaciones aritm\u00e9ticas fallen en lugar de envolverse silenciosamente. Los contratos solo se ven afectados si usan `overflow-checks = false` ya sea expl\u00edcita o impl\u00edcitamente. Se anticipa que la mayor\u00eda de los contratos no se ver\u00edan afectados porque la mejor pr\u00e1ctica fomentada por las herramientas es habilitar `overflow-checks`. La correcci\u00f3n disponible en `25.0.1`, `23.5.1` y `25.0.2` reemplaza la aritm\u00e9tica b\u00e1sica con `checked_add` / `checked_sub`, asegurando que los desbordamientos se intercepten independientemente de la configuraci\u00f3n del perfil `overflow-checks`. Como soluci\u00f3n alternativa, los espacios de trabajo de contratos pueden configurarse con un perfil disponible en el Aviso de Seguridad de GitHub para habilitar las comprobaciones de desbordamiento en las operaciones aritm\u00e9ticas. Esta es la mejor pr\u00e1ctica al desarrollar contratos Soroban, y el valor predeterminado si se utiliza el c\u00f3digo base del contrato generado con `stellar contract init`. Alternativamente, los contratos pueden validar los l\u00edmites de rango antes de pasarlos a `slice` o `gen_range` para asegurar que las conversiones no puedan desbordarse.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stellar:rs-soroban-sdk:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"22.0.9\",\"matchCriteriaId\":\"A32F427A-2783-4BC4-8179-FA068687C74E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stellar:rs-soroban-sdk:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"23.0.0\",\"versionEndExcluding\":\"23.5.1\",\"matchCriteriaId\":\"007E2769-15DD-4508-90C5-B1FB89034D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stellar:rs-soroban-sdk:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"25.0.0\",\"versionEndExcluding\":\"25.0.2\",\"matchCriteriaId\":\"FE6977E5-17FB-4A06-BCF5-5ED52DFA5522\"}]}]}],\"references\":[{\"url\":\"https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/stellar/rs-soroban-sdk/pull/1703\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\",\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-24889\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-29T16:01:43.687365Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-29T16:01:49.029Z\"}}], \"cna\": {\"title\": \"soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64\", \"source\": {\"advisory\": \"GHSA-96xm-fv9w-pf3f\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"stellar\", \"product\": \"rs-soroban-sdk\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 22.0.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 23.0.0, \u003c 23.5.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 25.0.0, \u003c 25.0.2\"}]}], \"references\": [{\"url\": \"https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f\", \"name\": \"https://github.com/stellar/rs-soroban-sdk/security/advisories/GHSA-96xm-fv9w-pf3f\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/stellar/rs-soroban-sdk/pull/1703\", \"name\": \"https://github.com/stellar/rs-soroban-sdk/pull/1703\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38\", \"name\": \"https://github.com/stellar/rs-soroban-sdk/commit/3890521426d71bb4d892b21f5a283a1e836cfa38\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e\", \"name\": \"https://github.com/stellar/rs-soroban-sdk/commit/59fcef437260ed4da42d1efb357137a5c166c02e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462\", \"name\": \"https://github.com/stellar/rs-soroban-sdk/commit/c2757c6d774dbb28b34a0b77ffe282e59f0f8462\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9\", \"name\": \"https://github.com/stellar/rs-soroban-sdk/releases/tag/v22.0.9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1\", \"name\": \"https://github.com/stellar/rs-soroban-sdk/releases/tag/v23.5.1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2\", \"name\": \"https://github.com/stellar/rs-soroban-sdk/releases/tag/v25.0.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass user-controlled or computed range bounds to `Bytes::slice`, `Vec::slice`, or `Prng::gen_range` may silently operate on incorrect data ranges or generate random numbers from an unintended range, potentially resulting in corrupted contract state. Note that the best practice when using the `soroban-sdk` and building Soroban contracts is to always enable `overflow-checks = true`. The `stellar contract init` tool that prepares the boiler plate for a Soroban contract, as well as all examples and docs, encourage the use of configuring `overflow-checks = true` on `release` profiles so that these arithmetic operations fail rather than silently wrap. Contracts are only impacted if they use `overflow-checks = false` either explicitly or implicitly. It is anticipated the majority of contracts could not be impacted because the best practice encouraged by tooling is to enable `overflow-checks`. The fix available in `25.0.1`, `23.5.1`, and `25.0.2` replaces bare arithmetic with `checked_add` / `checked_sub`, ensuring overflow traps regardless of the `overflow-checks` profile setting. As a workaround, contract workspaces can be configured with a profile available in the GitHub Securtity Advisory to enable overflow checks on the arithmetic operations. This is the best practice when developing Soroban contracts, and the default if using the contract boilerplate generated using `stellar contract init`. Alternatively, contracts can validate range bounds before passing them to `slice` or `gen_range` to ensure the conversions cannot overflow.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-28T22:01:00.374Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-24889\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-29T18:00:47.472Z\", \"dateReserved\": \"2026-01-27T19:35:20.528Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-28T22:01:00.374Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.