Vulnerability-Lookup

WID-SEC-W-2026-0935

Vulnerability from csaf_certbund - Published: 2026-03-31 22:00 - Updated: 2026-05-04 22:00

Summary

Red Hat Ansible Automation Platform: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform für die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX

CVE-2025-69223

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2025-69873

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-25639

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-25990

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-29074

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-30827

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-30922

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-26007

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-1615

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-28498

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2026-28802

Affected products

Known affected 7 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IBM App Connect Enterprise IBM	`cpe:/a:ibm:app_connect_enterprise:-`	—
Red Hat Ansible Automation Platform <2.5 Red Hat / Ansible Automation Platform		<2.5
Red Hat Ansible Automation Platform <2.6 Red Hat / Ansible Automation Platform		<2.6
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

24 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2026:6308	external
https://access.redhat.com/errata/RHSA-2026:6309	external
https://access.redhat.com/errata/RHSA-2026:6404	external
https://access.redhat.com/errata/RHSA-2026:6278	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3215.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:5910	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:8218	external
https://www.ibm.com/support/pages/node/7269544	external
https://access.redhat.com/errata/RHSA-2026:8490	external
https://access.redhat.com/errata/RHSA-2026:8437	external
https://access.redhat.com/errata/RHSA-2026:10184	external
https://access.redhat.com/errata/RHSA-2026:10093	external
https://access.redhat.com/errata/RHSA-2026:12176	external
https://access.redhat.com/errata/RHSA-2026:11916	external
https://access.redhat.com/errata/RHSA-2026:11856	external
http://linux.oracle.com/errata/ELSA-2026-12176.html	external
https://access.redhat.com/errata/RHSA-2026:13553	external
https://access.redhat.com/errata/RHSA-2026:13508	external
https://access.redhat.com/errata/RHSA-2026:13512	external
https://access.redhat.com/errata/RHSA-2026:13545	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Ansible Automation Platform ist eine End-to-End-Automatisierungsplattform f\u00fcr die Systemkonfiguration, die Softwarebereitstellung und die Orchestrierung erweiterter Workflows.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Ansible Automation Platform ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0935 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0935.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0935 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0935"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2026-03-31",
        "url": "https://access.redhat.com/errata/RHSA-2026:6308"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory vom 2026-03-31",
        "url": "https://access.redhat.com/errata/RHSA-2026:6309"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:6404 vom 2026-04-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:6404"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:6278 vom 2026-04-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:6278"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3215 vom 2026-04-01",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3215.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20929-1 vom 2026-04-01",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025088.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:5910 vom 2026-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:5910"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21021-1 vom 2026-04-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025209.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8218 vom 2026-04-15",
        "url": "https://access.redhat.com/errata/RHSA-2026:8218"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7269544 vom 2026-04-15",
        "url": "https://www.ibm.com/support/pages/node/7269544"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8490 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8490"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8437 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8437"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:10184 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:10184"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:10093 vom 2026-04-29",
        "url": "https://access.redhat.com/errata/RHSA-2026:10093"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12176 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12176"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11916 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:11916"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11856 vom 2026-04-29",
        "url": "https://access.redhat.com/errata/RHSA-2026:11856"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-12176 vom 2026-05-01",
        "url": "http://linux.oracle.com/errata/ELSA-2026-12176.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13553 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13553"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13508 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13508"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13512 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13512"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13545 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13545"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Ansible Automation Platform: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-04T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-05T08:26:56.596+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0935",
      "initial_release_date": "2026-03-31T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-31T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-01T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat, Amazon und SUSE aufgenommen"
        },
        {
          "date": "2026-04-12T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-04-14T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-16T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-28T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM App Connect Enterprise",
            "product": {
              "name": "IBM App Connect Enterprise",
              "product_id": "T051349",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:app_connect_enterprise:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.5",
                "product": {
                  "name": "Red Hat Ansible Automation Platform \u003c2.5",
                  "product_id": "T052317"
                }
              },
              {
                "category": "product_version",
                "name": "2.5",
                "product": {
                  "name": "Red Hat Ansible Automation Platform 2.5",
                  "product_id": "T052317-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ansible_automation_platform:2.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.6",
                "product": {
                  "name": "Red Hat Ansible Automation Platform \u003c2.6",
                  "product_id": "T052318"
                }
              },
              {
                "category": "product_version",
                "name": "2.6",
                "product": {
                  "name": "Red Hat Ansible Automation Platform 2.6",
                  "product_id": "T052318-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:ansible_automation_platform:2.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Ansible Automation Platform"
          },
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-69223",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2025-69223"
    },
    {
      "cve": "CVE-2025-69873",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2025-69873"
    },
    {
      "cve": "CVE-2026-25639",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-25639"
    },
    {
      "cve": "CVE-2026-25990",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-25990"
    },
    {
      "cve": "CVE-2026-29074",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-29074"
    },
    {
      "cve": "CVE-2026-30827",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-30827"
    },
    {
      "cve": "CVE-2026-30922",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-30922"
    },
    {
      "cve": "CVE-2026-26007",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-26007"
    },
    {
      "cve": "CVE-2026-1615",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-1615"
    },
    {
      "cve": "CVE-2026-28498",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-28498"
    },
    {
      "cve": "CVE-2026-28802",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T051349",
          "T052317",
          "T052318",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2026-03-31T22:00:00.000+00:00",
      "title": "CVE-2026-28802"
    }
  ]
}

CVE-2026-30922 (GCVE-0-2026-30922)

Vulnerability from cvelistv5 – Published: 2026-03-18 02:29 – Updated: 2026-05-01 16:21

Title

pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

Summary

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/pyasn1/pyasn1/security/advisor…	x_refsource_CONFIRM
https://github.com/pyasn1/pyasn1/commit/25ad481c1…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pyasn1	pyasn1	Affected: < 0.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-30922",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T20:16:18.738732Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T20:17:53.102Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-01T16:21:04.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/03/20/4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pyasn1",
          "vendor": "pyasn1",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with \"Indefinite Length\" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T02:29:45.857Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
        },
        {
          "name": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
        }
      ],
      "source": {
        "advisory": "GHSA-jr27-m4p2-rc6r",
        "discovery": "UNKNOWN"
      },
      "title": "pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-30922",
    "datePublished": "2026-03-18T02:29:45.857Z",
    "dateReserved": "2026-03-07T16:40:05.884Z",
    "dateUpdated": "2026-05-01T16:21:04.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25990 (GCVE-0-2026-25990)

Vulnerability from cvelistv5 – Published: 2026-02-11 20:53 – Updated: 2026-04-30 20:15

Title

Pillow has an out-of-bounds write when loading PSD images

Summary

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.

Severity ?

8.6 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/python-pillow/Pillow/security/…	x_refsource_CONFIRM
https://github.com/python-pillow/Pillow/commit/90…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
python-pillow	Pillow	Affected: >= 10.3.0, < 12.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T21:21:01.646207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T21:30:18.982Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-12T04:45:38.394Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/12/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pillow",
          "vendor": "python-pillow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.3.0, \u003c 12.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T20:15:07.397Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
        },
        {
          "name": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
        }
      ],
      "source": {
        "advisory": "GHSA-cfh3-3jmp-rvhc",
        "discovery": "UNKNOWN"
      },
      "title": "Pillow has an out-of-bounds write when loading PSD images"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25990",
    "datePublished": "2026-02-11T20:53:52.524Z",
    "dateReserved": "2026-02-09T17:41:55.858Z",
    "dateUpdated": "2026-04-30T20:15:07.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25639 (GCVE-0-2026-25639)

Vulnerability from cvelistv5 – Published: 2026-02-09 20:11 – Updated: 2026-02-18 17:16

Title

Axios affected by Denial of Service via __proto__ Key in mergeConfig

Summary

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

GitHub_M

References

7 references

URL	Tags
https://github.com/axios/axios/security/advisorie…	x_refsource_CONFIRM
https://github.com/axios/axios/pull/7369	x_refsource_MISC
https://github.com/axios/axios/pull/7388	x_refsource_MISC
https://github.com/axios/axios/commit/28c721588c7…	x_refsource_MISC
https://github.com/axios/axios/commit/d7ff1409c68…	x_refsource_MISC
https://github.com/axios/axios/releases/tag/v0.30.3	x_refsource_MISC
https://github.com/axios/axios/releases/tag/v1.13.5	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
axios	axios	Affected: >= 1.0.0, < 1.13.5 Affected: < 0.30.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25639",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-10T15:39:46.394625Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-10T15:59:44.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.13.5"
            },
            {
              "status": "affected",
              "version": "\u003c 0.30.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-18T17:16:16.391Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
        },
        {
          "name": "https://github.com/axios/axios/pull/7369",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/pull/7369"
        },
        {
          "name": "https://github.com/axios/axios/pull/7388",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/pull/7388"
        },
        {
          "name": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
        },
        {
          "name": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/d7ff1409c68168d3057fc3891f911b2b92616f9e"
        },
        {
          "name": "https://github.com/axios/axios/releases/tag/v0.30.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/releases/tag/v0.30.3"
        },
        {
          "name": "https://github.com/axios/axios/releases/tag/v1.13.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/releases/tag/v1.13.5"
        }
      ],
      "source": {
        "advisory": "GHSA-43fc-jf86-j433",
        "discovery": "UNKNOWN"
      },
      "title": "Axios affected by Denial of Service via __proto__ Key in mergeConfig"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25639",
    "datePublished": "2026-02-09T20:11:22.374Z",
    "dateReserved": "2026-02-04T05:15:41.791Z",
    "dateUpdated": "2026-02-18T17:16:16.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-69223 (GCVE-0-2025-69223)

Vulnerability from cvelistv5 – Published: 2026-01-05 22:00 – Updated: 2026-01-06 19:04

Title

AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

Summary

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory. This issue is fixed in version 3.13.3.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/aio-libs/aiohttp/security/advi…	x_refsource_CONFIRM
https://github.com/aio-libs/aiohttp/commit/2b920c…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
aio-libs	aiohttp	Affected: < 3.13.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-69223",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T14:26:17.561184Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T19:04:01.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aiohttp",
          "vendor": "aio-libs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.13.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host\u0027s memory. This issue is fixed in version 3.13.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-409",
              "description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T22:00:17.715Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg"
        },
        {
          "name": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a"
        }
      ],
      "source": {
        "advisory": "GHSA-6mq8-rvhq-8wgg",
        "discovery": "UNKNOWN"
      },
      "title": "AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-69223",
    "datePublished": "2026-01-05T22:00:17.715Z",
    "dateReserved": "2025-12-29T20:45:58.699Z",
    "dateUpdated": "2026-01-06T19:04:01.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-29074 (GCVE-0-2026-29074)

Vulnerability from cvelistv5 – Published: 2026-03-06 07:23 – Updated: 2026-03-06 16:05

Title

SVGO: DoS through entity expansion in DOCTYPE (Billion Laughs)

Summary

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory. This issue has been patched in versions 2.8.1, 3.3.3, and 4.0.1.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/svg/svgo/security/advisories/G…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
svg	svgo	Affected: >= 2.1.0, < 2.8.1 Affected: >= 3.0.0, < 3.3.3 Affected: = 4.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-29074",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T15:59:57.009864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T16:05:10.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "svgo",
          "vendor": "svg",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.1.0, \u003c 2.8.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.3.3"
            },
            {
              "status": "affected",
              "version": "= 4.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file (811 bytes) stalling the application and even crashing the Node.js process with JavaScript heap out of memory. This issue has been patched in versions 2.8.1, 3.3.3, and 4.0.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-776",
              "description": "CWE-776: Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T07:23:05.716Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
        }
      ],
      "source": {
        "advisory": "GHSA-xpqw-6gx7-v673",
        "discovery": "UNKNOWN"
      },
      "title": "SVGO: DoS through entity expansion in DOCTYPE (Billion Laughs)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-29074",
    "datePublished": "2026-03-06T07:23:05.716Z",
    "dateReserved": "2026-03-03T20:51:43.482Z",
    "dateUpdated": "2026-03-06T16:05:10.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-69873 (GCVE-0-2025-69873)

Vulnerability from cvelistv5 – Published: 2026-02-11 00:00 – Updated: 2026-03-03 17:25

Summary

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.

Severity ?

2.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-1333 - Inefficient Regular Expression Complexity

Assigner

mitre

References

6 references

URL	Tags
https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
https://github.com/EthanKim88/ethan-cve-disclosur…
https://github.com/github/advisory-database/pull/6991
https://github.com/ajv-validator/ajv/pull/2588
https://github.com/ajv-validator/ajv/releases/tag…
https://github.com/ajv-validator/ajv/pull/2590

Impacted products

1 product

Vendor	Product	Version
ajv.js	ajv	Affected: 0 , < 6.14.0 (semver) Affected: 7.0.0 , < 8.17.2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-69873",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T15:13:03.482882Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T17:25:31.651Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ajv",
          "vendor": "ajv.js",
          "versions": [
            {
              "lessThan": "6.14.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.17.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.17.2",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-02T20:22:25.698Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6"
        },
        {
          "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
        },
        {
          "url": "https://github.com/github/advisory-database/pull/6991"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/pull/2588"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/pull/2590"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-69873",
    "datePublished": "2026-02-11T00:00:00.000Z",
    "dateReserved": "2026-01-09T00:00:00.000Z",
    "dateUpdated": "2026-03-03T17:25:31.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28802 (GCVE-0-2026-28802)

Vulnerability from cvelistv5 – Published: 2026-03-06 06:44 – Updated: 2026-03-06 16:05

Title

Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Summary

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7.

Severity ?

7.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/authlib/authlib/security/advis…	x_refsource_CONFIRM
https://github.com/authlib/authlib/commit/a61c2ac…	x_refsource_MISC
https://github.com/authlib/authlib/commit/b87c32e…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
authlib	authlib	Affected: >= 1.6.5, < 1.6.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28802",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T16:00:04.267898Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T16:05:35.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "authlib",
          "vendor": "authlib",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.6.5, \u003c 1.6.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T06:44:26.402Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
        },
        {
          "name": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
        },
        {
          "name": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
        }
      ],
      "source": {
        "advisory": "GHSA-7wc2-qxgw-g8gg",
        "discovery": "UNKNOWN"
      },
      "title": "Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28802",
    "datePublished": "2026-03-06T06:44:26.402Z",
    "dateReserved": "2026-03-03T14:25:19.246Z",
    "dateUpdated": "2026-03-06T16:05:35.082Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-30827 (GCVE-0-2026-30827)

Vulnerability from cvelistv5 – Published: 2026-03-07 05:19 – Updated: 2026-03-09 20:44

Title

express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers)

Summary

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking (/56 by default) to all addresses that net.isIPv6() returns true for. This includes IPv4-mapped IPv6 addresses (::ffff:x.x.x.x), which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all IPv4-mapped addresses are zero, a /56 (or any /32 to /80) subnet mask produces the same network key (::/56) for every IPv4 client. This collapses all IPv4 traffic into a single rate-limit bucket: one client exhausting the limit causes HTTP 429 for all other IPv4 clients. This issue has been patched in versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/express-rate-limit/express-rat…	x_refsource_CONFIRM
https://github.com/express-rate-limit/express-rat…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
express-rate-limit	express-rate-limit	Affected: >= 8.0.0, < 8.0.2 Affected: >= 8.1.0, < 8.1.1 Affected: >= 8.2.0, < 8.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-30827",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T20:40:59.712815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T20:44:25.979Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "express-rate-limit",
          "vendor": "express-rate-limit",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 8.0.0, \u003c 8.0.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0, \u003c 8.1.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0, \u003c 8.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking (/56 by default) to all addresses that net.isIPv6() returns true for. This includes IPv4-mapped IPv6 addresses (::ffff:x.x.x.x), which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all IPv4-mapped addresses are zero, a /56 (or any /32 to /80) subnet mask produces the same network key (::/56) for every IPv4 client. This collapses all IPv4 traffic into a single rate-limit bucket: one client exhausting the limit causes HTTP 429 for all other IPv4 clients. This issue has been patched in versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-07T05:19:53.932Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/express-rate-limit/express-rate-limit/security/advisories/GHSA-46wh-pxpv-q5gq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/express-rate-limit/express-rate-limit/security/advisories/GHSA-46wh-pxpv-q5gq"
        },
        {
          "name": "https://github.com/express-rate-limit/express-rate-limit/commit/14e53888cdfd1b9798faf5b634c4206409e27fc4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/express-rate-limit/express-rate-limit/commit/14e53888cdfd1b9798faf5b634c4206409e27fc4"
        }
      ],
      "source": {
        "advisory": "GHSA-46wh-pxpv-q5gq",
        "discovery": "UNKNOWN"
      },
      "title": "express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-30827",
    "datePublished": "2026-03-07T05:19:08.206Z",
    "dateReserved": "2026-03-05T21:06:44.606Z",
    "dateUpdated": "2026-03-09T20:44:25.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-28498 (GCVE-0-2026-28498)

Vulnerability from cvelistv5 – Published: 2026-03-16 18:03 – Updated: 2026-03-16 18:14

Title

Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding

Summary

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CWE

CWE-354 - Improper Validation of Integrity Check Value
CWE-573 - Improper Following of Specification by Caller

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/authlib/authlib/security/advis…	x_refsource_CONFIRM
https://github.com/authlib/authlib/commit/b9bb2b2…	x_refsource_MISC
https://github.com/authlib/authlib/releases/tag/v1.6.9	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
authlib	authlib	Affected: < 1.6.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-28498",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-16T18:14:21.039703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-16T18:14:42.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "authlib",
          "vendor": "authlib",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a library-level vulnerability was identified in the Authlib Python library concerning the validation of OpenID Connect (OIDC) ID Tokens. Specifically, the internal hash verification logic (_verify_hash) responsible for validating the at_hash (Access Token Hash) and c_hash (Authorization Code Hash) claims exhibits a fail-open behavior when encountering an unsupported or unknown cryptographic algorithm. This flaw allows an attacker to bypass mandatory integrity protections by supplying a forged ID Token with a deliberately unrecognized alg header parameter. The library intercepts the unsupported state and silently returns True (validation passed), inherently violating fundamental cryptographic design principles and direct OIDC specifications. This issue has been patched in version 1.6.9."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "CWE-354: Improper Validation of Integrity Check Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-573",
              "description": "CWE-573: Improper Following of Specification by Caller",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T18:03:28.821Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
        },
        {
          "name": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b"
        },
        {
          "name": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
        }
      ],
      "source": {
        "advisory": "GHSA-m344-f55w-2m6j",
        "discovery": "UNKNOWN"
      },
      "title": "Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-28498",
    "datePublished": "2026-03-16T18:03:28.821Z",
    "dateReserved": "2026-02-27T20:57:47.708Z",
    "dateUpdated": "2026-03-16T18:14:42.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1615 (GCVE-0-2026-1615)

Vulnerability from cvelistv5 – Published: 2026-02-09 05:00 – Updated: 2026-04-07 13:08

Summary

Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

CWE

CWE-94 - Arbitrary Code Injection

Assigner

snyk

References

4 references

URL	Tags
https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJAR…
https://github.com/dchester/jsonpath/blob/c1dd8ec…
https://github.com/dchester/jsonpath/commit/b6111…

Impacted products

2 products

Vendor	Product	Version
n/a	jsonpath	Affected: 0 , < 1.3.0 (semver)
n/a	org.webjars.npm:jsonpath	Affected: 0 , < * (semver)

Credits

Nick Copi

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1615",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-09T16:07:07.143690Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-09T16:07:32.556Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jsonpath",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.npm:jsonpath",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nick Copi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of the package jsonpath before 1.3.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
            "version": "3.1"
          },
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "PROOF_OF_CONCEPT",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Arbitrary Code Injection",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T13:08:50.705Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219"
        },
        {
          "url": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243"
        },
        {
          "url": "https://github.com/dchester/jsonpath/commit/b61111f07ac1a8d0f3133b5fc51438ecb76a6c39"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2026-1615",
    "datePublished": "2026-02-09T05:00:09.050Z",
    "dateReserved": "2026-01-29T13:07:32.703Z",
    "dateUpdated": "2026-04-07T13:08:50.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26007 (GCVE-0-2026-26007)

Vulnerability from cvelistv5 – Published: 2026-02-10 21:42 – Updated: 2026-02-11 21:28

Title

cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-345 - Insufficient Verification of Data Authenticity

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/pyca/cryptography/security/adv…	x_refsource_CONFIRM
https://github.com/pyca/cryptography/commit/0eebb…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pyca	cryptography	Affected: < 46.0.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-10T23:14:21.776Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/02/10/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T21:28:38.864657Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T21:28:47.345Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cryptography",
          "vendor": "pyca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 46.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-10T21:42:56.471Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
        },
        {
          "name": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
        }
      ],
      "source": {
        "advisory": "GHSA-r6ph-v2qm-q3c2",
        "discovery": "UNKNOWN"
      },
      "title": "cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26007",
    "datePublished": "2026-02-10T21:42:56.471Z",
    "dateReserved": "2026-02-09T21:36:29.552Z",
    "dateUpdated": "2026-02-11T21:28:47.345Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0935

CVE-2026-30922 (GCVE-0-2026-30922)

CVE-2026-25990 (GCVE-0-2026-25990)

CVE-2026-25639 (GCVE-0-2026-25639)

CVE-2025-69223 (GCVE-0-2025-69223)

CVE-2026-29074 (GCVE-0-2026-29074)

CVE-2025-69873 (GCVE-0-2025-69873)

CVE-2026-28802 (GCVE-0-2026-28802)

CVE-2026-30827 (GCVE-0-2026-30827)

CVE-2026-28498 (GCVE-0-2026-28498)

CVE-2026-1615 (GCVE-0-2026-1615)

CVE-2026-26007 (GCVE-0-2026-26007)

Tags

Sightings

Nomenclature