Vulnerability-Lookup

WID-SEC-W-2026-1183

Vulnerability from csaf_certbund - Published: 2026-04-20 22:00 - Updated: 2026-05-04 22:00

Summary

Red Hat Hardened Images RPMs (jq und pyOpenSSL): Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Red Hat Hardened Images RPMs ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial-of-Service-Zustand verursachen, vertrauliche Informationen offenlegen oder nicht näher spezifizierte Angriffe durchführen, einschließlich potenzieller Codeausführung.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX

CVE-2026-27448

Affected products

Known affected 4 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Red Hat Enterprise Linux Hardened Images RPMs pyOpenSSL Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms_pyopenssl`	Hardened Images RPMs pyOpenSSL

CVE-2026-27459

Affected products

Known affected 4 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Red Hat Enterprise Linux Hardened Images RPMs pyOpenSSL Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms_pyopenssl`	Hardened Images RPMs pyOpenSSL

CVE-2026-39979

Affected products

Known affected 4 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Red Hat Enterprise Linux Hardened Images RPMs jq Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms_jq`	Hardened Images RPMs jq

CVE-2026-40164

Affected products

Known affected 4 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Red Hat Enterprise Linux Hardened Images RPMs jq Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:hardened_images_rpms_jq`	Hardened Images RPMs jq

References

15 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2026:7224	external
https://access.redhat.com/errata/RHSA-2026:8579	external
https://ubuntu.com/security/notices/USN-8202-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:10754	external
https://ubuntu.com/security/notices/USN-8202-2	external
https://access.redhat.com/errata/RHSA-2026:11916	external
https://access.redhat.com/errata/RHSA-2026:11856	external
https://access.redhat.com/errata/RHSA-2026:11996	external
https://access.redhat.com/errata/RHSA-2026:13545	external
https://access.redhat.com/errata/RHSA-2026:13508	external
https://access.redhat.com/errata/RHSA-2026:13512	external
https://access.redhat.com/errata/RHSA-2026:13553	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Red Hat Hardened Images RPMs ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Denial-of-Service-Zustand verursachen, vertrauliche Informationen offenlegen oder nicht n\u00e4her spezifizierte Angriffe durchf\u00fchren, einschlie\u00dflich potenzieller Codeausf\u00fchrung.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1183 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1183.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1183 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1183"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:7224 vom 2026-04-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:7224"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8579 vom 2026-04-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:8579"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8202-1 vom 2026-04-24",
        "url": "https://ubuntu.com/security/notices/USN-8202-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:1582-1 vom 2026-04-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025607.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:10754 vom 2026-04-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:10754"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8202-2 vom 2026-04-28",
        "url": "https://ubuntu.com/security/notices/USN-8202-2"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11916 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:11916"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11856 vom 2026-04-29",
        "url": "https://access.redhat.com/errata/RHSA-2026:11856"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11996 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:11996"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13545 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13545"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13508 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13508"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13512 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13512"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:13553 vom 2026-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2026:13553"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Hardened Images RPMs (jq und pyOpenSSL): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-04T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-05T08:27:20.075+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-1183",
      "initial_release_date": "2026-04-20T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-20T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-27T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-04-29T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Hardened Images RPMs pyOpenSSL",
                "product": {
                  "name": "Red Hat Enterprise Linux Hardened Images RPMs pyOpenSSL",
                  "product_id": "T053017",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:hardened_images_rpms_pyopenssl"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Hardened Images RPMs jq",
                "product": {
                  "name": "Red Hat Enterprise Linux Hardened Images RPMs jq",
                  "product_id": "T053018",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:hardened_images_rpms_jq"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-27448",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T000126",
          "T053017"
        ]
      },
      "release_date": "2026-04-20T22:00:00.000+00:00",
      "title": "CVE-2026-27448"
    },
    {
      "cve": "CVE-2026-27459",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T000126",
          "T053017"
        ]
      },
      "release_date": "2026-04-20T22:00:00.000+00:00",
      "title": "CVE-2026-27459"
    },
    {
      "cve": "CVE-2026-39979",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T000126",
          "T053018"
        ]
      },
      "release_date": "2026-04-20T22:00:00.000+00:00",
      "title": "CVE-2026-39979"
    },
    {
      "cve": "CVE-2026-40164",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T000126",
          "T053018"
        ]
      },
      "release_date": "2026-04-20T22:00:00.000+00:00",
      "title": "CVE-2026-40164"
    }
  ]
}

CVE-2026-27459 (GCVE-0-2026-27459)

Vulnerability from cvelistv5 – Published: 2026-03-17 23:34 – Updated: 2026-03-18 19:52

Title

pyOpenSSL DTLS cookie callback buffer overflow

Summary

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.

Severity ?

7.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/pyca/pyopenssl/security/adviso…	x_refsource_CONFIRM
https://github.com/pyca/pyopenssl/commit/57f09bb4…	x_refsource_MISC
https://github.com/pyca/pyopenssl/blob/358cbf29c4…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pyca	pyopenssl	Affected: >= 22.0.0, < 26.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27459",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T19:52:08.536876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T19:52:15.812Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pyopenssl",
          "vendor": "pyca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 22.0.0, \u003c 26.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-17T23:34:28.483Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
        },
        {
          "name": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
        },
        {
          "name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
        }
      ],
      "source": {
        "advisory": "GHSA-5pwr-322w-8jr4",
        "discovery": "UNKNOWN"
      },
      "title": "pyOpenSSL DTLS cookie callback buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27459",
    "datePublished": "2026-03-17T23:34:28.483Z",
    "dateReserved": "2026-02-19T17:25:31.100Z",
    "dateUpdated": "2026-03-18T19:52:15.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-39979 (GCVE-0-2026-39979)

Vulnerability from cvelistv5 – Published: 2026-04-13 22:18 – Updated: 2026-04-14 13:43

Title

jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers

Summary

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/jqlang/jq/security/advisories/…	x_refsource_CONFIRM
https://github.com/jqlang/jq/commit/2f09060afab23…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
jqlang	jq	Affected: < 2f09060afab23fe9390cce7cb860b10416e1bf5f

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-39979",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T13:43:11.607182Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T13:43:15.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jq",
          "vendor": "jqlang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2f09060afab23fe9390cce7cb860b10416e1bf5f"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which reads until a NUL terminator is found rather than respecting the caller-supplied length. This means that when malformed JSON is passed in a non-NUL-terminated buffer, the error construction logic performs an out-of-bounds read past the end of the buffer. The vulnerability is reachable by any libjq consumer calling jv_parse_sized() with untrusted input, and depending on memory layout, can result in memory disclosure or process termination. The issue has been patched in commit 2f09060afab23fe9390cce7cb860b10416e1bf5f."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T22:18:56.252Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jqlang/jq/security/advisories/GHSA-2hhh-px8h-355p"
        },
        {
          "name": "https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jqlang/jq/commit/2f09060afab23fe9390cce7cb860b10416e1bf5f"
        }
      ],
      "source": {
        "advisory": "GHSA-2hhh-px8h-355p",
        "discovery": "UNKNOWN"
      },
      "title": "jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-39979",
    "datePublished": "2026-04-13T22:18:56.252Z",
    "dateReserved": "2026-04-08T00:01:47.628Z",
    "dateUpdated": "2026-04-14T13:43:15.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40164 (GCVE-0-2026-40164)

Vulnerability from cvelistv5 – Published: 2026-04-13 23:40 – Updated: 2026-04-14 19:27

Title

jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed

Summary

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n²) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-328 - Use of Weak Hash
CWE-407 - Inefficient Algorithmic Complexity

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/jqlang/jq/security/advisories/…	x_refsource_CONFIRM
https://github.com/jqlang/jq/commit/0c7d133c3c7e3…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
jqlang	jq	Affected: < 0c7d133c3c7e37c00b6d46b658a02244fdd3c784

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40164",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T19:08:48.249009Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T19:27:38.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jq",
          "vendor": "jqlang",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0c7d133c3c7e37c00b6d46b658a02244fdd3c784"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON object (~100 KB) where all keys hashed to the same bucket, hash table lookups degraded from O(1) to O(n), turning any jq expression into an O(n\u00b2) operation and causing significant CPU exhaustion. This affected common jq use cases such as CI/CD pipelines, web services, and data processing scripts, and was far more practical to exploit than existing heap overflow issues since it required only a small payload. This issue has been patched in commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-328",
              "description": "CWE-328: Use of Weak Hash",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T23:40:12.693Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jqlang/jq/security/advisories/GHSA-wwj8-gxm6-jc29"
        },
        {
          "name": "https://github.com/jqlang/jq/commit/0c7d133c3c7e37c00b6d46b658a02244fdd3c784",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/jqlang/jq/commit/0c7d133c3c7e37c00b6d46b658a02244fdd3c784"
        }
      ],
      "source": {
        "advisory": "GHSA-wwj8-gxm6-jc29",
        "discovery": "UNKNOWN"
      },
      "title": "jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40164",
    "datePublished": "2026-04-13T23:40:12.693Z",
    "dateReserved": "2026-04-09T19:31:56.014Z",
    "dateUpdated": "2026-04-14T19:27:38.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27448 (GCVE-0-2026-27448)

Vulnerability from cvelistv5 – Published: 2026-03-17 23:24 – Updated: 2026-03-18 20:18

Title

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

Summary

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.

Severity ?

1.7 (Low)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

CWE

CWE-636 - Not Failing Securely ('Failing Open')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/pyca/pyopenssl/security/adviso…	x_refsource_CONFIRM
https://github.com/pyca/pyopenssl/commit/d41a8147…	x_refsource_MISC
https://github.com/pyca/pyopenssl/blob/358cbf29c4…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pyca	pyopenssl	Affected: >= 0.14.0, < 26.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27448",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-18T20:17:52.492201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-18T20:18:08.768Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pyopenssl",
          "vendor": "pyca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.14.0, \u003c 26.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 1.7,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-636",
              "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-17T23:24:30.661Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424"
        },
        {
          "name": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"
        },
        {
          "name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27"
        }
      ],
      "source": {
        "advisory": "GHSA-vp96-hxj8-p424",
        "discovery": "UNKNOWN"
      },
      "title": "pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27448",
    "datePublished": "2026-03-17T23:24:30.661Z",
    "dateReserved": "2026-02-19T17:25:31.100Z",
    "dateUpdated": "2026-03-18T20:18:08.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1183

CVE-2026-27459 (GCVE-0-2026-27459)

CVE-2026-39979 (GCVE-0-2026-39979)

CVE-2026-40164 (GCVE-0-2026-40164)

CVE-2026-27448 (GCVE-0-2026-27448)

Tags

Sightings

Nomenclature