{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used."
    }
  ],
  "id": "CVE-2026-33750",
  "lastModified": "2026-03-30T13:26:29.793",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-27T15:16:57.297",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/issues/98"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/pull/95"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/pull/96"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/pull/97"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-33750.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
    "tracking": {
      "current_release_date": "2026-04-02T01:39:52.000Z",
      "generator": {
        "date": "2026-04-02T07:12:24.031Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-33750",
      "initial_release_date": "2026-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-03-31T01:02:19.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-03-31T15:05:32.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        },
        {
          "date": "2026-04-01T01:57:59.000Z",
          "legacy_version": "3",
          "number": "3",
          "summary": "Information published."
        },
        {
          "date": "2026-04-02T01:39:52.000Z",
          "legacy_version": "4",
          "number": "4",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "azl3 python-tensorboard 2.16.2-6",
                "product": {
                  "name": "azl3 python-tensorboard 2.16.2-6",
                  "product_id": "5"
                }
              },
              {
                "category": "product_version_range",
                "name": "cbl2 python-tensorboard 2.11.0-3",
                "product": {
                  "name": "cbl2 python-tensorboard 2.11.0-3",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "python-tensorboard"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 nodejs18 18.20.3-11",
                "product": {
                  "name": "\u003ccbl2 nodejs18 18.20.3-11",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 nodejs18 18.20.3-11",
                "product": {
                  "name": "cbl2 nodejs18 18.20.3-11",
                  "product_id": "20894"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 nodejs18 18.20.3-12",
                "product": {
                  "name": "\u003ccbl2 nodejs18 18.20.3-12",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 nodejs18 18.20.3-12",
                "product": {
                  "name": "cbl2 nodejs18 18.20.3-12",
                  "product_id": "21130"
                }
              }
            ],
            "category": "product_name",
            "name": "nodejs18"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 reaper 3.1.1-22",
                "product": {
                  "name": "cbl2 reaper 3.1.1-22",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "reaper"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
          "product_id": "17084-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 nodejs18 18.20.3-11 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 nodejs18 18.20.3-11 as a component of CBL Mariner 2.0",
          "product_id": "20894-17086"
        },
        "product_reference": "20894",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
          "product_id": "17086-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 reaper 3.1.1-22 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 nodejs18 18.20.3-12 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 nodejs18 18.20.3-12 as a component of CBL Mariner 2.0",
          "product_id": "21130-17086"
        },
        "product_reference": "21130",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33750",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "general",
          "text": "GitHub_M",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "20894-17086",
          "21130-17086"
        ],
        "known_affected": [
          "17084-5",
          "17086-2",
          "17086-4",
          "17086-3",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-33750.json"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "date": "2026-03-31T01:02:19.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17084-5"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-31T01:02:19.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-4"
          ]
        },
        {
          "category": "none_available",
          "date": "2026-03-31T01:02:19.000Z",
          "details": "There is no fix available for this vulnerability as of now",
          "product_ids": [
            "17086-3"
          ]
        },
        {
          "category": "vendor_fix",
          "date": "2026-03-31T01:02:19.000Z",
          "details": "18.20.3-12:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-2",
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 6.5,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17084-5",
            "17086-2",
            "17086-4",
            "17086-3",
            "17086-1"
          ]
        }
      ],
      "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"
    }
  ]
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "brace-expansion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "5.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "brace-expansion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "brace-expansion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "brace-expansion"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-26T18:29:42Z",
    "nvd_published_at": "2026-03-27T15:16:57Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory.\n\nThe loop in question:\n\nhttps://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184\n\n`test()` is one of\n\nhttps://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113\n\nThe increment is computed as `Math.abs(0) = 0`, so the loop variable never advances. On a test machine, the process hangs for about 3.5 seconds and allocates roughly 1.9 GB of memory before throwing a `RangeError`. Setting max to any value has no effect because the limit is only checked at the output combination step, not during sequence generation.\n\nThis affects any application that passes untrusted strings to expand(), or by error sets a step value of `0`. That includes tools built on minimatch/glob that resolve patterns from CLI arguments or config files. The input needed is just 10 bytes.\n\n### Patches\n\n\nUpgrade to versions\n- 5.0.5+\n\nA step increment of 0 is now sanitized to 1, which matches bash behavior.\n\n### Workarounds\n\nSanitize strings passed to `expand()` to ensure a step value of `0` is not used.",
  "id": "GHSA-f886-m6hf-6m8v",
  "modified": "2026-03-27T21:38:55Z",
  "published": "2026-03-26T18:29:42Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33750"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/issues/98"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/pull/95"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/pull/96"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/pull/97"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/juliangruber/brace-expansion"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113"
    },
    {
      "type": "WEB",
      "url": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 nodejs18 18.20.3-12 versions ant\u00e9rieures \u00e0 18.20.3-12",
      "product": {
        "name": "CBL Mariner",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 telegraf 1.31.0-17 versions ant\u00e9rieures \u00e0 1.31.0-17",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 ocaml 4.13.1-3 versions ant\u00e9rieures \u00e0 4.13.1-3",
      "product": {
        "name": "CBL Mariner",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 ocaml 5.1.1-2 versions ant\u00e9rieures \u00e0 5.1.1-2",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 flannel 0.24.2-26 versions ant\u00e9rieures \u00e0 0.24.2-26",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 trident 0.21.0-1 versions ant\u00e9rieures \u00e0 0.22.0-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 bind 9.20.18-1 versions ant\u00e9rieures \u00e0 9.20.21-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 systemd-bootstrap 250.3-14 versions ant\u00e9rieures \u00e0 250.3-14",
      "product": {
        "name": "CBL Mariner",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 telegraf 1.29.4-22 versions ant\u00e9rieures \u00e0 1.29.4-22",
      "product": {
        "name": "CBL Mariner",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libssh 0.10.6-6 versions ant\u00e9rieures \u00e0 0.10.6-6",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-33542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33542"
    },
    {
      "name": "CVE-2026-29111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29111"
    },
    {
      "name": "CVE-2026-34353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34353"
    },
    {
      "name": "CVE-2026-0966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0966"
    },
    {
      "name": "CVE-2026-3119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3119"
    },
    {
      "name": "CVE-2026-33750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
    },
    {
      "name": "CVE-2026-33055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
    },
    {
      "name": "CVE-2026-0964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0964"
    },
    {
      "name": "CVE-2026-3104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3104"
    },
    {
      "name": "CVE-2026-33056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
    },
    {
      "name": "CVE-2026-32241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32241"
    },
    {
      "name": "CVE-2026-0965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
    },
    {
      "name": "CVE-2026-1519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
    },
    {
      "name": "CVE-2026-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
    },
    {
      "name": "CVE-2026-3591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3591"
    }
  ],
  "initial_release_date": "2026-04-01T00:00:00",
  "last_revision_date": "2026-04-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0386",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2026-03-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33056",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33056"
    },
    {
      "published_at": "2026-03-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-29111",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-29111"
    },
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-0964",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0964"
    },
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-34353",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34353"
    },
    {
      "published_at": "2026-03-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-3591",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3591"
    },
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-0966",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0966"
    },
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-0967",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0967"
    },
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33750",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33750"
    },
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-0965",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0965"
    },
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33542",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33542"
    },
    {
      "published_at": "2026-03-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-33055",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33055"
    },
    {
      "published_at": "2026-03-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-1519",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-1519"
    },
    {
      "published_at": "2026-03-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-3119",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3119"
    },
    {
      "published_at": "2026-03-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-3104",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3104"
    },
    {
      "published_at": "2026-03-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32241",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32241"
    }
  ]
}