CVE-2026-9106 (GCVE-0-2026-9106)

Vulnerability from cvelistv5 – Published: 2026-06-30 20:21 – Updated: 2026-07-01 15:37
VLAI
Title
UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen
Summary
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
Impacted products
Vendor Product Version
GitHub Enterprise Server Affected: 3.17.0 , ≤ 3.17.16 (semver)
Affected: 3.18.0 , ≤ 3.18.10 (semver)
Affected: 3.19.0 , ≤ 3.19.7 (semver)
Affected: 3.20.0 , ≤ 3.20.3 (semver)
Affected: 3.21.0 , ≤ 3.21.1 (semver)
Affected: 3.16.0 , ≤ 3.16.19 (semver)
Create a notification for this product.
Credits
VAIBHAV SINGH (@vaib25vicky)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9106",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:37:19.373936Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:37:28.521Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Enterprise Server",
          "vendor": "GitHub",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.17.17",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.17.16",
              "status": "affected",
              "version": "3.17.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.18.11",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.18.10",
              "status": "affected",
              "version": "3.18.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.19.8",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.19.7",
              "status": "affected",
              "version": "3.19.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.20.4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.20.3",
              "status": "affected",
              "version": "3.20.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.21.2",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.21.1",
              "status": "affected",
              "version": "3.21.0",
              "versionType": "semver"
            },
            {
              "changes": [
                {
                  "at": "3.16.20",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.16.19",
              "status": "affected",
              "version": "3.16.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "VAIBHAV SINGH (@vaib25vicky)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the \u003ccode\u003emanage_runners:org\u003c/code\u003e scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was  fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was  fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-173",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-173 Action Spoofing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-451",
              "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T13:03:08.700Z",
        "orgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
        "shortName": "GitHub_P"
      },
      "references": [
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.17"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.11"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.8"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.4"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.2"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "82327ea3-741d-41e4-88f8-2cf9e791e760",
    "assignerShortName": "GitHub_P",
    "cveId": "CVE-2026-9106",
    "datePublished": "2026-06-30T20:21:12.484Z",
    "dateReserved": "2026-05-20T17:12:51.109Z",
    "dateUpdated": "2026-07-01T15:37:28.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-9106",
      "date": "2026-07-01",
      "epss": "0.00293",
      "percentile": "0.21047"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-9106\",\"sourceIdentifier\":\"product-cna@github.com\",\"published\":\"2026-06-30T21:16:30.803\",\"lastModified\":\"2026-07-01T19:57:18.920\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was  fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.\"}],\"affected\":[{\"source\":\"product-cna@github.com\",\"affectedData\":[{\"vendor\":\"GitHub\",\"product\":\"Enterprise Server\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"3.17.0\",\"lessThanOrEqual\":\"3.17.16\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.17.17\",\"status\":\"unaffected\"}]},{\"version\":\"3.18.0\",\"lessThanOrEqual\":\"3.18.10\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.18.11\",\"status\":\"unaffected\"}]},{\"version\":\"3.19.0\",\"lessThanOrEqual\":\"3.19.7\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.19.8\",\"status\":\"unaffected\"}]},{\"version\":\"3.20.0\",\"lessThanOrEqual\":\"3.20.3\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.20.4\",\"status\":\"unaffected\"}]},{\"version\":\"3.21.0\",\"lessThanOrEqual\":\"3.21.1\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.21.2\",\"status\":\"unaffected\"}]},{\"version\":\"3.16.0\",\"lessThanOrEqual\":\"3.16.19\",\"versionType\":\"semver\",\"status\":\"affected\",\"changes\":[{\"at\":\"3.16.20\",\"status\":\"unaffected\"}]}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-01T15:37:19.373936Z\",\"id\":\"CVE-2026-9106\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"product-cna@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-451\"}]}],\"references\":[{\"url\":\"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.17\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.11\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.8\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.4\",\"source\":\"product-cna@github.com\"},{\"url\":\"https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.2\",\"source\":\"product-cna@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-9106\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-01T15:37:19.373936Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-01T15:37:23.482Z\"}}], \"cna\": {\"title\": \"UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"VAIBHAV SINGH (@vaib25vicky)\"}], \"impacts\": [{\"capecId\": \"CAPEC-173\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-173 Action Spoofing\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 4.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"GitHub\", \"product\": \"Enterprise Server\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"3.17.17\", \"status\": \"unaffected\"}], \"version\": \"3.17.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.17.16\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.18.11\", \"status\": \"unaffected\"}], \"version\": \"3.18.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.18.10\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.19.8\", \"status\": \"unaffected\"}], \"version\": \"3.19.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.19.7\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.20.4\", \"status\": \"unaffected\"}], \"version\": \"3.20.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.20.3\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.21.2\", \"status\": \"unaffected\"}], \"version\": \"3.21.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.21.1\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.16.20\", \"status\": \"unaffected\"}], \"version\": \"3.16.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"3.16.19\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://docs.github.com/en/enterprise-server@3.17/admin/release-notes#3.17.17\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.18/admin/release-notes#3.18.11\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.19/admin/release-notes#3.19.8\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.20/admin/release-notes#3.20.4\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.21/admin/release-notes#3.21.2\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://docs.github.com/en/enterprise-server@3.16/admin/release-notes#3.16.20\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the manage_runners:org scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was  fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization\u0027s runner management. An attacker could exploit this by creating an OAuth application requesting the \u003ccode\u003emanage_runners:org\u003c/code\u003e scope and directing a victim user to authorize it, as the scope was not displayed on the authorization consent screen. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.22 and was  fixed in versions 3.21.2, 3.20.4, 3.19.8, 3.18.11, 3.17.17, 3.16.20. This vulnerability was reported via the GitHub Bug Bounty program.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-451\", \"description\": \"CWE-451: User Interface (UI) Misrepresentation of Critical Information\"}]}], \"providerMetadata\": {\"orgId\": \"82327ea3-741d-41e4-88f8-2cf9e791e760\", \"shortName\": \"GitHub_P\", \"dateUpdated\": \"2026-07-01T13:03:08.700Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-9106\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-01T15:37:28.521Z\", \"dateReserved\": \"2026-05-20T17:12:51.109Z\", \"assignerOrgId\": \"82327ea3-741d-41e4-88f8-2cf9e791e760\", \"datePublished\": \"2026-06-30T20:21:12.484Z\", \"assignerShortName\": \"GitHub_P\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…