Vulnerability-Lookup

WID-SEC-W-2026-1871

Vulnerability from csaf_certbund - Published: 2026-06-09 22:00 - Updated: 2026-06-11 22:00

Summary

FreeBSD Project FreeBSD OS: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: FreeBSD ist ein Open Source Betriebssystem aus der BSD Familie und gehört damit zu den Unix Derivaten.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in FreeBSD Project FreeBSD OS ausnutzen, um erweiterte Rechte zu erlangen – möglicherweise sogar Administratorrechte –, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder andere, nicht näher definierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2026-10846

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-45256

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-45257

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-45258

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-45259

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-49412

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-49413

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-49414

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-49416

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

CVE-2026-49417

Affected products

Known affected 4 products

Product	Identifier	Version	Remediation
FreeBSD Project FreeBSD OS <15.0 FreeBSD Project / FreeBSD OS		<15.0
FreeBSD Project FreeBSD OS <15.1 FreeBSD Project / FreeBSD OS		<15.1
FreeBSD Project FreeBSD OS <14.3 FreeBSD Project / FreeBSD OS		<14.3
FreeBSD Project FreeBSD OS <14.4 FreeBSD Project / FreeBSD OS		<14.4

References

12 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://security.FreeBSD.org/advisories/FreeBSD-S…	external
https://bumsrake.de/	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FreeBSD ist ein Open Source Betriebssystem aus der BSD Familie und geh\u00f6rt damit zu den Unix Derivaten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in FreeBSD Project FreeBSD OS ausnutzen, um erweiterte Rechte zu erlangen \u2013 m\u00f6glicherweise sogar Administratorrechte \u2013, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, Daten zu manipulieren oder andere, nicht n\u00e4her definierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1871 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1871.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1871 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1871"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:25.thr vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:25.thr.asc"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:26.ktls vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:26.ktls.asc"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:27.sound vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:27.sound.asc"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:28.capsicum vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:28.capsicum.asc"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:29.ip6_multicast vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:29.ip6_multicast.asc"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:30.linux vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:30.linux.asc"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:32.elf vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:32.elf.asc"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:34.vt vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:34.vt.asc"
      },
      {
        "category": "external",
        "summary": "FreeBSD Security Advisory FreeBSD-SA-26:36.ldns vom 2026-06-09",
        "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-26:36.ldns.asc"
      },
      {
        "category": "external",
        "summary": "Writeup \"Bumsrakete\" for FreeBSD-SA-26:26.ktls",
        "url": "https://bumsrake.de/"
      }
    ],
    "source_lang": "en-US",
    "title": "FreeBSD Project FreeBSD OS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-11T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-12T07:40:54.662+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1871",
      "initial_release_date": "2026-06-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-06-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-06-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-35991"
        },
        {
          "date": "2026-06-11T22:00:00.000+00:00",
          "number": "3",
          "summary": "PoC f\u00fcr CVE-2026-45257 aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c15.1",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c15.1",
                  "product_id": "T055200"
                }
              },
              {
                "category": "product_version",
                "name": "15.1",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS 15.1",
                  "product_id": "T055200-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:15.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.0",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c15.0",
                  "product_id": "T055201"
                }
              },
              {
                "category": "product_version",
                "name": "15",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS 15.0",
                  "product_id": "T055201-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:15.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c14.4",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c14.4",
                  "product_id": "T055202"
                }
              },
              {
                "category": "product_version",
                "name": "14.4",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS 14.4",
                  "product_id": "T055202-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:14.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c14.3",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS \u003c14.3",
                  "product_id": "T055203"
                }
              },
              {
                "category": "product_version",
                "name": "14.3",
                "product": {
                  "name": "FreeBSD Project FreeBSD OS 14.3",
                  "product_id": "T055203-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:freebsd:freebsd:14.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeBSD OS"
          }
        ],
        "category": "vendor",
        "name": "FreeBSD Project"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-10846",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-10846"
    },
    {
      "cve": "CVE-2026-45256",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45256"
    },
    {
      "cve": "CVE-2026-45257",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45257"
    },
    {
      "cve": "CVE-2026-45258",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45258"
    },
    {
      "cve": "CVE-2026-45259",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-45259"
    },
    {
      "cve": "CVE-2026-49412",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-49412"
    },
    {
      "cve": "CVE-2026-49413",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-49413"
    },
    {
      "cve": "CVE-2026-49414",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-49414"
    },
    {
      "cve": "CVE-2026-49416",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-49416"
    },
    {
      "cve": "CVE-2026-49417",
      "product_status": {
        "known_affected": [
          "T055201",
          "T055200",
          "T055203",
          "T055202"
        ]
      },
      "release_date": "2026-06-09T22:00:00.000+00:00",
      "title": "CVE-2026-49417"
    }
  ]
}

CVE-2026-10846 (GCVE-0-2026-10846)

Vulnerability from cvelistv5 – Published: 2026-06-10 06:37 – Updated: 2026-06-10 14:45

Title

Insufficient verification that responses belong to a query

Summary

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability.

Severity

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-346 - Origin Validation Error

Assigner

NLnet Labs

References

2 references

URL	Tags
https://www.nlnetlabs.nl/downloads/ldns/CVE-2026-…	vendor-advisory
http://www.openwall.com/lists/oss-security/2026/06/10/2

Impacted products

1 product

Vendor	Product	Version
NLnet Labs	ldns	Affected: 1.2.0 , < 1.9.1 (semver)

Date Public

2026-06-10 00:00

Credits

Pablo Ruiz from 'codecome.ai'

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-10T11:15:23.130Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/10/2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-10846",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T14:43:35.371858Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T14:45:59.412Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ldns",
          "vendor": "NLnet Labs",
          "versions": [
            {
              "lessThan": "1.9.1",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pablo Ruiz from \u0027codecome.ai\u0027"
        }
      ],
      "datePublic": "2026-06-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "Applications directly or indirectly using the ldns_send_buffer function for (stub) resolving"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346 Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T14:28:54.993Z",
        "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "shortName": "NLnet Labs"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.nlnetlabs.nl/downloads/ldns/CVE-2026-10846.txt"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "This issue is fixed starting with version 1.9.2."
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-14T00:00:00.000Z",
          "value": "Issue reported by Pablo Ruiz"
        },
        {
          "lang": "en",
          "time": "2026-06-02T00:00:00.000Z",
          "value": "NLnet Labs shares patch"
        },
        {
          "lang": "en",
          "time": "2026-06-02T00:00:00.000Z",
          "value": "Pablo Ruiz verifies patch"
        },
        {
          "lang": "en",
          "time": "2026-06-10T00:00:00.000Z",
          "value": "Fix released with version 1.9.2"
        }
      ],
      "title": "Insufficient verification that responses belong to a query",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
    "assignerShortName": "NLnet Labs",
    "cveId": "CVE-2026-10846",
    "datePublished": "2026-06-10T06:37:59.538Z",
    "dateReserved": "2026-06-04T12:06:54.996Z",
    "dateUpdated": "2026-06-10T14:45:59.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1871

CVE-2026-10846 (GCVE-0-2026-10846)

Tags

Sightings

Nomenclature