Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25547 (GCVE-0-2026-25547)
Vulnerability from cvelistv5 – Published: 2026-02-04 21:51 – Updated: 2026-02-05 14:31
VLAI
EPSS
Title
Uncontrolled Resource Consumption in @isaacs/brace-expansion
Summary
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
Severity
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/isaacs/brace-expansion/securit… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| isaacs | brace-expansion |
Affected:
< 5.0.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T14:24:50.676205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T14:31:38.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "brace-expansion",
"vendor": "isaacs",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:51:17.198Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2"
}
],
"source": {
"advisory": "GHSA-7h2j-956f-4vf2",
"discovery": "UNKNOWN"
},
"title": "Uncontrolled Resource Consumption in @isaacs/brace-expansion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25547",
"datePublished": "2026-02-04T21:51:17.198Z",
"dateReserved": "2026-02-02T19:59:47.376Z",
"dateUpdated": "2026-02-05T14:31:38.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-25547",
"date": "2026-05-25",
"epss": "0.0002",
"percentile": "0.05898"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25547\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-04T22:16:00.813\",\"lastModified\":\"2026-02-05T14:57:20.563\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.2,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25547\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-05T14:24:50.676205Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-05T14:24:51.376Z\"}}], \"cna\": {\"title\": \"Uncontrolled Resource Consumption in @isaacs/brace-expansion\", \"source\": {\"advisory\": \"GHSA-7h2j-956f-4vf2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"isaacs\", \"product\": \"brace-expansion\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.0.1\"}]}], \"references\": [{\"url\": \"https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2\", \"name\": \"https://github.com/isaacs/brace-expansion/security/advisories/GHSA-7h2j-956f-4vf2\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1333\", \"description\": \"CWE-1333: Inefficient Regular Expression Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-04T21:51:17.198Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25547\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-05T14:31:38.349Z\", \"dateReserved\": \"2026-02-02T19:59:47.376Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-04T21:51:17.198Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:21245-1
Vulnerability from csaf_suse - Published: 2026-04-20 13:04 - Updated: 2026-04-20 13:04Summary
Security update for cockpit-tukit
Severity
Important
Notes
Title of the patch: Security update for cockpit-tukit
Description of the patch: This update for cockpit-tukit fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash
a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character
that doesn't appear in the test string can lead to ReDoS (bsc#1258641).
Patchnames: SUSE-SLE-Micro-6.0-673
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cockpit-tukit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cockpit-tukit fixes the following issues:\n\n- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash\n a Node.js process (bsc#1257836).\n- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character\n that doesn\u0027t appear in the test string can lead to ReDoS (bsc#1258641).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-673",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21245-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21245-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621245-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21245-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045906.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257836",
"url": "https://bugzilla.suse.com/1257836"
},
{
"category": "self",
"summary": "SUSE Bug 1258641",
"url": "https://bugzilla.suse.com/1258641"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
}
],
"title": "Security update for cockpit-tukit",
"tracking": {
"current_release_date": "2026-04-20T13:04:05Z",
"generator": {
"date": "2026-04-20T13:04:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21245-1",
"initial_release_date": "2026-04-20T13:04:05Z",
"revision_history": [
{
"date": "2026-04-20T13:04:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch",
"product": {
"name": "cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch",
"product_id": "cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch"
},
"product_reference": "cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T13:04:05Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:cockpit-tukit-0.1.2~git0.647b3e3-2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T13:04:05Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
}
]
}
SUSE-SU-2026:21246-1
Vulnerability from csaf_suse - Published: 2026-04-20 13:04 - Updated: 2026-04-20 13:04Summary
Security update for cockpit-machines
Severity
Important
Notes
Title of the patch: Security update for cockpit-machines
Description of the patch: This update for cockpit-machines fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash
a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character
that doesn't appear in the test string can lead to ReDoS (bsc#1258641).
Patchnames: SUSE-SLE-Micro-6.0-670
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cockpit-machines",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cockpit-machines fixes the following issues:\n \n- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash\n a Node.js process (bsc#1257836).\n- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character\n that doesn\u0027t appear in the test string can lead to ReDoS (bsc#1258641).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-670",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21246-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21246-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621246-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21246-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045905.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257836",
"url": "https://bugzilla.suse.com/1257836"
},
{
"category": "self",
"summary": "SUSE Bug 1258641",
"url": "https://bugzilla.suse.com/1258641"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
}
],
"title": "Security update for cockpit-machines",
"tracking": {
"current_release_date": "2026-04-20T13:04:39Z",
"generator": {
"date": "2026-04-20T13:04:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21246-1",
"initial_release_date": "2026-04-20T13:04:39Z",
"revision_history": [
{
"date": "2026-04-20T13:04:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cockpit-machines-305-4.1.noarch",
"product": {
"name": "cockpit-machines-305-4.1.noarch",
"product_id": "cockpit-machines-305-4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-machines-305-4.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch"
},
"product_reference": "cockpit-machines-305-4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T13:04:39Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:cockpit-machines-305-4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T13:04:39Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
}
]
}
SUSE-SU-2026:21253-1
Vulnerability from csaf_suse - Published: 2026-04-16 13:27 - Updated: 2026-04-16 13:27Summary
Security update for cockpit-machines
Severity
Important
Notes
Title of the patch: Security update for cockpit-machines
Description of the patch: This update for cockpit-machines fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash
a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character
that doesn't appear in the test string can lead to ReDoS (bsc#1258641).
Patchnames: SUSE-SLE-Micro-6.1-489
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cockpit-machines",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cockpit-machines fixes the following issues:\n\n- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash\n a Node.js process (bsc#1257836).\n- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character\n that doesn\u0027t appear in the test string can lead to ReDoS (bsc#1258641).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-489",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21253-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21253-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621253-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21253-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045898.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257836",
"url": "https://bugzilla.suse.com/1257836"
},
{
"category": "self",
"summary": "SUSE Bug 1258641",
"url": "https://bugzilla.suse.com/1258641"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
}
],
"title": "Security update for cockpit-machines",
"tracking": {
"current_release_date": "2026-04-16T13:27:41Z",
"generator": {
"date": "2026-04-16T13:27:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21253-1",
"initial_release_date": "2026-04-16T13:27:41Z",
"revision_history": [
{
"date": "2026-04-16T13:27:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cockpit-machines-316-slfo.1.1_3.1.noarch",
"product": {
"name": "cockpit-machines-316-slfo.1.1_3.1.noarch",
"product_id": "cockpit-machines-316-slfo.1.1_3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-machines-316-slfo.1.1_3.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch"
},
"product_reference": "cockpit-machines-316-slfo.1.1_3.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-16T13:27:41Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:cockpit-machines-316-slfo.1.1_3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-16T13:27:41Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
}
]
}
SUSE-SU-2026:21256-1
Vulnerability from csaf_suse - Published: 2026-04-17 20:05 - Updated: 2026-04-17 20:05Summary
Security update for cockpit-podman
Severity
Important
Notes
Title of the patch: Security update for cockpit-podman
Description of the patch: This update for cockpit-podman fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash
a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character
that doesn't appear in the test string can lead to ReDoS (bsc#1258641).
Patchnames: SUSE-SLE-Micro-6.1-492
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cockpit-podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cockpit-podman fixes the following issues:\n\n- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash\n a Node.js process (bsc#1257836).\n- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character\n that doesn\u0027t appear in the test string can lead to ReDoS (bsc#1258641).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-492",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21256-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21256-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621256-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21256-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045895.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257836",
"url": "https://bugzilla.suse.com/1257836"
},
{
"category": "self",
"summary": "SUSE Bug 1258641",
"url": "https://bugzilla.suse.com/1258641"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
}
],
"title": "Security update for cockpit-podman",
"tracking": {
"current_release_date": "2026-04-17T20:05:30Z",
"generator": {
"date": "2026-04-17T20:05:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21256-1",
"initial_release_date": "2026-04-17T20:05:30Z",
"revision_history": [
{
"date": "2026-04-17T20:05:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cockpit-podman-91-slfo.1.1_4.1.noarch",
"product": {
"name": "cockpit-podman-91-slfo.1.1_4.1.noarch",
"product_id": "cockpit-podman-91-slfo.1.1_4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-podman-91-slfo.1.1_4.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch"
},
"product_reference": "cockpit-podman-91-slfo.1.1_4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T20:05:30Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:cockpit-podman-91-slfo.1.1_4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T20:05:30Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
}
]
}
SUSE-SU-2026:21321-1
Vulnerability from csaf_suse - Published: 2026-04-22 13:00 - Updated: 2026-04-22 13:00Summary
Security update for cockpit-podman
Severity
Important
Notes
Title of the patch: Security update for cockpit-podman
Description of the patch: This update for cockpit-podman fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash
a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character
that doesn't appear in the test string can lead to ReDoS (bsc#1258641).
Patchnames: SUSE-SLE-Micro-6.0-685
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cockpit-podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cockpit-podman fixes the following issues:\n\n- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive resource consumption and crash\n a Node.js process (bsc#1257836).\n- CVE-2026-26996: minimatch: processing of glob pattern containing repeated wildcards followed by a literal character\n that doesn\u0027t appear in the test string can lead to ReDoS (bsc#1258641).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-685",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21321-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21321-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621321-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21321-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045996.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257836",
"url": "https://bugzilla.suse.com/1257836"
},
{
"category": "self",
"summary": "SUSE Bug 1258641",
"url": "https://bugzilla.suse.com/1258641"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
}
],
"title": "Security update for cockpit-podman",
"tracking": {
"current_release_date": "2026-04-22T13:00:02Z",
"generator": {
"date": "2026-04-22T13:00:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21321-1",
"initial_release_date": "2026-04-22T13:00:02Z",
"revision_history": [
{
"date": "2026-04-22T13:00:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cockpit-podman-83-3.1.noarch",
"product": {
"name": "cockpit-podman-83-3.1.noarch",
"product_id": "cockpit-podman-83-3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-podman-83-3.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch"
},
"product_reference": "cockpit-podman-83-3.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-22T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:cockpit-podman-83-3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-22T13:00:02Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
}
]
}
WID-SEC-W-2026-0526
Vulnerability from csaf_certbund - Published: 2026-02-25 23:00 - Updated: 2026-03-03 23:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Daten zu manipulieren, und um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.23
IBM / App Connect Enterprise
|
<12.0.12.23 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.0.6.2
IBM / App Connect Enterprise
|
<13.0.6.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.23
IBM / App Connect Enterprise
|
<12.0.12.23 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.0.6.2
IBM / App Connect Enterprise
|
<13.0.6.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.23
IBM / App Connect Enterprise
|
<12.0.12.23 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.0.6.2
IBM / App Connect Enterprise
|
<13.0.6.2 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise <12.0.12.23
IBM / App Connect Enterprise
|
<12.0.12.23 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM App Connect Enterprise <13.0.6.2
IBM / App Connect Enterprise
|
<13.0.6.2 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Daten zu manipulieren, und um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0526 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0526.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0526 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0526"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7261765 vom 2026-02-25",
"url": "https://www.ibm.com/support/pages/node/7261765"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262274 vom 2026-03-02",
"url": "https://www.ibm.com/support/pages/node/7262274"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262442 vom 2026-03-03",
"url": "https://www.ibm.com/support/pages/node/7262442"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-03T23:00:00.000+00:00",
"generator": {
"date": "2026-03-04T10:42:21.256+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0526",
"initial_release_date": "2026-02-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-02T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-03T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.6.2",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.6.2",
"product_id": "T051233"
}
},
{
"category": "product_version",
"name": "13.0.6.2",
"product": {
"name": "IBM App Connect Enterprise 13.0.6.2",
"product_id": "T051233-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.6.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.23",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.23",
"product_id": "T051234"
}
},
{
"category": "product_version",
"name": "12.0.12.23",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.23",
"product_id": "T051234-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.23"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61140",
"product_status": {
"known_affected": [
"T051234",
"T032495",
"T051233"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2026-24001",
"product_status": {
"known_affected": [
"T051234",
"T032495",
"T051233"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-24001"
},
{
"cve": "CVE-2026-25128",
"product_status": {
"known_affected": [
"T051234",
"T032495",
"T051233"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-25128"
},
{
"cve": "CVE-2026-25547",
"product_status": {
"known_affected": [
"T051234",
"T032495",
"T051233"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2026-25547"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…