Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1081590?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "type": "apk", "namespace": "alpine", "name": "rclone", "version": "1.73.5-r0", "qualifiers": { "arch": "aarch64", "distroversion": "edge", "reponame": "community" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350595?format=api", "vulnerability_id": "VCID-245f-jhkn-w3ck", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32281.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32281.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04457", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04696", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0467", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04636", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04595", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04693", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05503", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0045", "published_at": "2026-04-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00451", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00447", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:52:37Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333", "reference_id": "2456333", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333" }, { "reference_url": "https://go.dev/cl/758061", "reference_id": "758061", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:52:37Z/" } ], "url": "https://go.dev/cl/758061" }, { "reference_url": "https://go.dev/issue/78281", "reference_id": "78281", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:52:37Z/" } ], "url": "https://go.dev/issue/78281" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4946", "reference_id": "GO-2026-4946", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:52:37Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4946" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-32281" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-245f-jhkn-w3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64344?format=api", "vulnerability_id": "VCID-6a6z-bq7m-c3gf", "summary": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05245", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05749", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05788", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05813", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05792", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05778", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05741", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05894", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09952", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09915", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09868", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0979", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445344", "reference_id": "2445344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445344" }, { "reference_url": "https://go.dev/cl/752183", "reference_id": "752183", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/" } ], "url": "https://go.dev/cl/752183" }, { "reference_url": "https://go.dev/issue/77953", "reference_id": "77953", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/" } ], "url": "https://go.dev/issue/77953" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "reference_id": "EdhZqrQ98hk", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4600", "reference_id": "GO-2026-4600", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4600" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-27138" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6a6z-bq7m-c3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23585?format=api", "vulnerability_id": "VCID-6gj4-t3v3-gyhp", "summary": "Denial of service in github.com/buger/jsonparser\nThe Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32285.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05903", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16264", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16269", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17069", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17129", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17176", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17201", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17144", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17054", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17273", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17223", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17045", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17009", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17005", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.1769", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32285" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/buger/jsonparser", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/buger/jsonparser" }, { "reference_url": "https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0" }, { "reference_url": "https://github.com/buger/jsonparser/issues/275", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/" } ], "url": "https://github.com/buger/jsonparser/issues/275" }, { "reference_url": "https://github.com/buger/jsonparser/pull/276", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/buger/jsonparser/pull/276" }, { "reference_url": "https://github.com/buger/jsonparser/releases/tag/v1.1.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/buger/jsonparser/releases/tag/v1.1.2" }, { "reference_url": "https://github.com/golang/vulndb/issues/4514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/" } ], "url": "https://github.com/golang/vulndb/issues/4514" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4514" }, { "reference_url": "https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846", "reference_id": "2451846", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451846" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13548", "reference_id": "RHSA-2026:13548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7191", "reference_id": "RHSA-2026:7191", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-32285", "GHSA-6g7g-w4f8-9c9x" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6gj4-t3v3-gyhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21187?format=api", "vulnerability_id": "VCID-82wq-13vf-ufb2", "summary": "CIRCL has an incorrect calculation in secp384r1 CombinedMult\nThe CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in **[v1.6.3](https://github.com/cloudflare/circl/releases/tag/v1.6.3)**.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05864", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06053", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06047", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06011", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05981", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05829", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05819", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05854", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05862", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05871", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05796", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05889", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05831", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05825", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06305", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1229" }, { "reference_url": "https://github.com/cloudflare/circl", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:04:09Z/" } ], "url": "https://github.com/cloudflare/circl" }, { "reference_url": "https://github.com/cloudflare/circl/pull/583", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cloudflare/circl/pull/583" }, { "reference_url": "https://github.com/cloudflare/circl/releases/tag/v1.6.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cloudflare/circl/releases/tag/v1.6.3" }, { "reference_url": "https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-1229", "GHSA-q9hv-hpm4-hj6x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82wq-13vf-ufb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64345?format=api", "vulnerability_id": "VCID-8s5d-1byz-8fhz", "summary": "html/template: URLs in meta content attribute actions are not escaped in html/template", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27142.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01258", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01426", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01263", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01424", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01429", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01436", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01562", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01545", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.0153", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01552", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01555", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03399", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27142" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445351", "reference_id": "2445351", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445351" }, { "reference_url": "https://go.dev/cl/752081", "reference_id": "752081", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T15:21:11Z/" } ], "url": "https://go.dev/cl/752081" }, { "reference_url": "https://go.dev/issue/77954", "reference_id": "77954", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T15:21:11Z/" } ], "url": "https://go.dev/issue/77954" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "reference_id": "EdhZqrQ98hk", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T15:21:11Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4603", "reference_id": "GO-2026-4603", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T15:21:11Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4603" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5192", "reference_id": "RHSA-2026:5192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-27142" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8s5d-1byz-8fhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350598?format=api", "vulnerability_id": "VCID-91yp-p6st-8ucd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32288.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32288.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32288", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00172", "published_at": "2026-05-05T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00171", "published_at": "2026-04-18T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00173", "published_at": "2026-04-21T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00175", "published_at": "2026-04-26T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0029", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00618", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00813", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00816", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32288" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32288", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32288" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:05Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332", "reference_id": "2456332", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332" }, { "reference_url": "https://go.dev/cl/763766", "reference_id": "763766", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:05Z/" } ], "url": "https://go.dev/cl/763766" }, { "reference_url": "https://go.dev/issue/78301", "reference_id": "78301", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:05Z/" } ], "url": "https://go.dev/issue/78301" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4869", "reference_id": "GO-2026-4869", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:05Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4869" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-32288" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91yp-p6st-8ucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64682?format=api", "vulnerability_id": "VCID-dp1t-v58b-43du", "summary": "crypto/tls: Unexpected session resumption in crypto/tls", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04012", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04026", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04029", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04049", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04068", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04041", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03999", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04541", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04583", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04353", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04361", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04493", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0452", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68121" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916", "reference_id": "1125916", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917", "reference_id": "1125917", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "reference_id": "2437111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111" }, { "reference_url": "https://go.dev/cl/737700", "reference_id": "737700", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/" } ], "url": "https://go.dev/cl/737700" }, { "reference_url": "https://go.dev/issue/77217", "reference_id": "77217", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/" } ], "url": "https://go.dev/issue/77217" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4337", "reference_id": "GO-2026-4337", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4337" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "reference_id": "K09ubi9FQFk", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10125", "reference_id": "RHSA-2026:10125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10158", "reference_id": "RHSA-2026:10158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10225", "reference_id": "RHSA-2026:10225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10250", "reference_id": "RHSA-2026:10250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11331", "reference_id": "RHSA-2026:11331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11414", "reference_id": "RHSA-2026:11414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11747", "reference_id": "RHSA-2026:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11749", "reference_id": "RHSA-2026:11749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12028", "reference_id": "RHSA-2026:12028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12029", "reference_id": "RHSA-2026:12029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12030", "reference_id": "RHSA-2026:12030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12031", "reference_id": "RHSA-2026:12031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12032", "reference_id": "RHSA-2026:12032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12033", "reference_id": "RHSA-2026:12033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13542", "reference_id": "RHSA-2026:13542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13545", "reference_id": "RHSA-2026:13545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13571", "reference_id": "RHSA-2026:13571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2706", "reference_id": "RHSA-2026:2706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2708", "reference_id": "RHSA-2026:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2709", "reference_id": "RHSA-2026:2709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2914", "reference_id": "RHSA-2026:2914", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:2920", "reference_id": "RHSA-2026:2920", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:2920" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3035", "reference_id": "RHSA-2026:3035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3040", "reference_id": "RHSA-2026:3040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3089", "reference_id": "RHSA-2026:3089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3092", "reference_id": "RHSA-2026:3092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3186", "reference_id": "RHSA-2026:3186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3187", "reference_id": "RHSA-2026:3187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3188", "reference_id": "RHSA-2026:3188", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3188" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3192", "reference_id": "RHSA-2026:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3193", "reference_id": "RHSA-2026:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3291", "reference_id": "RHSA-2026:3291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3297", "reference_id": "RHSA-2026:3297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3298", "reference_id": "RHSA-2026:3298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3336", "reference_id": "RHSA-2026:3336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3337", "reference_id": "RHSA-2026:3337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3340", "reference_id": "RHSA-2026:3340", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3340" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3341", "reference_id": "RHSA-2026:3341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3343", "reference_id": "RHSA-2026:3343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3459", "reference_id": "RHSA-2026:3459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3506", "reference_id": "RHSA-2026:3506", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3506" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3556", "reference_id": "RHSA-2026:3556", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3556" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3559", "reference_id": "RHSA-2026:3559", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3559" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3752", "reference_id": "RHSA-2026:3752", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3752" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3753", "reference_id": "RHSA-2026:3753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3782", "reference_id": "RHSA-2026:3782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3816", "reference_id": "RHSA-2026:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3817", "reference_id": "RHSA-2026:3817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3831", "reference_id": "RHSA-2026:3831", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3831" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3833", "reference_id": "RHSA-2026:3833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3839", "reference_id": "RHSA-2026:3839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3839" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3840", "reference_id": "RHSA-2026:3840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3842", "reference_id": "RHSA-2026:3842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3843", "reference_id": "RHSA-2026:3843", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3855", "reference_id": "RHSA-2026:3855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3864", "reference_id": "RHSA-2026:3864", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3874", "reference_id": "RHSA-2026:3874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3884", "reference_id": "RHSA-2026:3884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3898", "reference_id": "RHSA-2026:3898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3928", "reference_id": "RHSA-2026:3928", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3928" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3929", "reference_id": "RHSA-2026:3929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3970", "reference_id": "RHSA-2026:3970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3971", "reference_id": "RHSA-2026:3971", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3971" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3977", "reference_id": "RHSA-2026:3977", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3977" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3985", "reference_id": "RHSA-2026:3985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3985" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4164", "reference_id": "RHSA-2026:4164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4166", "reference_id": "RHSA-2026:4166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4170", "reference_id": "RHSA-2026:4170", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4174", "reference_id": "RHSA-2026:4174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4177", "reference_id": "RHSA-2026:4177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4220", "reference_id": "RHSA-2026:4220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4256", "reference_id": "RHSA-2026:4256", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4256" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4264", "reference_id": "RHSA-2026:4264", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4264" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4267", "reference_id": "RHSA-2026:4267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4270", "reference_id": "RHSA-2026:4270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4270" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4466", "reference_id": "RHSA-2026:4466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4467", "reference_id": "RHSA-2026:4467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4498", "reference_id": "RHSA-2026:4498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4500", "reference_id": "RHSA-2026:4500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4500" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4672", "reference_id": "RHSA-2026:4672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4892", "reference_id": "RHSA-2026:4892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4901", "reference_id": "RHSA-2026:4901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4907", "reference_id": "RHSA-2026:4907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4942", "reference_id": "RHSA-2026:4942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4952", "reference_id": "RHSA-2026:4952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5077", "reference_id": "RHSA-2026:5077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5110", "reference_id": "RHSA-2026:5110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5129", "reference_id": "RHSA-2026:5129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5130", "reference_id": "RHSA-2026:5130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5131", "reference_id": "RHSA-2026:5131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5132", "reference_id": "RHSA-2026:5132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5133", "reference_id": "RHSA-2026:5133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5146", "reference_id": "RHSA-2026:5146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5168", "reference_id": "RHSA-2026:5168", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5168" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5394", "reference_id": "RHSA-2026:5394", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5394" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5452", "reference_id": "RHSA-2026:5452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5549", "reference_id": "RHSA-2026:5549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5636", "reference_id": "RHSA-2026:5636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5645", "reference_id": "RHSA-2026:5645", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5665", "reference_id": "RHSA-2026:5665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5851", "reference_id": "RHSA-2026:5851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5866", "reference_id": "RHSA-2026:5866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5876", "reference_id": "RHSA-2026:5876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5878", "reference_id": "RHSA-2026:5878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5907", "reference_id": "RHSA-2026:5907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5948", "reference_id": "RHSA-2026:5948", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5948" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5950", "reference_id": "RHSA-2026:5950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5952", "reference_id": "RHSA-2026:5952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5952" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6192", "reference_id": "RHSA-2026:6192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6226", "reference_id": "RHSA-2026:6226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6277", "reference_id": "RHSA-2026:6277", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6278", "reference_id": "RHSA-2026:6278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6428", "reference_id": "RHSA-2026:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6429", "reference_id": "RHSA-2026:6429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6497", "reference_id": "RHSA-2026:6497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6552", "reference_id": "RHSA-2026:6552", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6552" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6567", "reference_id": "RHSA-2026:6567", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6568", "reference_id": "RHSA-2026:6568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7052", "reference_id": "RHSA-2026:7052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7854", "reference_id": "RHSA-2026:7854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7854" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7885", "reference_id": "RHSA-2026:7885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8151", "reference_id": "RHSA-2026:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8167", "reference_id": "RHSA-2026:8167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8218", "reference_id": "RHSA-2026:8218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8337", "reference_id": "RHSA-2026:8337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8338", "reference_id": "RHSA-2026:8338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8433", "reference_id": "RHSA-2026:8433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8483", "reference_id": "RHSA-2026:8483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9097", "reference_id": "RHSA-2026:9097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9098", "reference_id": "RHSA-2026:9098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9108", "reference_id": "RHSA-2026:9108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9109", "reference_id": "RHSA-2026:9109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9848", "reference_id": "RHSA-2026:9848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9848" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2025-68121" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dp1t-v58b-43du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350604?format=api", "vulnerability_id": "VCID-gtys-5r5h-p7ht", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01216", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.014", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01409", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01404", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01389", "published_at": "2026-04-21T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00274", "published_at": "2026-04-09T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00212", "published_at": "2026-04-11T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00211", "published_at": "2026-04-13T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00967", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33810" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335", "reference_id": "2456335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335" }, { "reference_url": "https://go.dev/cl/763763", "reference_id": "763763", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/" } ], "url": "https://go.dev/cl/763763" }, { "reference_url": "https://go.dev/issue/78332", "reference_id": "78332", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/" } ], "url": "https://go.dev/issue/78332" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4866", "reference_id": "GO-2026-4866", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10155", "reference_id": "RHSA-2026:10155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10158", "reference_id": "RHSA-2026:10158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11330", "reference_id": "RHSA-2026:11330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11331", "reference_id": "RHSA-2026:11331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13545", "reference_id": "RHSA-2026:13545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-33810" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gtys-5r5h-p7ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64403?format=api", "vulnerability_id": "VCID-h4tn-wydf-mydg", "summary": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27141.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27141.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27141", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0593", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05946", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06023", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05998", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05963", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05974", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06125", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06139", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.0617", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06178", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05962", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.05985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06439", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27141" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104", "reference_id": "2443104", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104" }, { "reference_url": "https://go.dev/cl/746180", "reference_id": "746180", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T19:11:24Z/" } ], "url": "https://go.dev/cl/746180" }, { "reference_url": "https://go.dev/issue/77652", "reference_id": "77652", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T19:11:24Z/" } ], "url": "https://go.dev/issue/77652" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141", "reference_id": "CVE-2026-27141", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T19:11:24Z/" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4559", "reference_id": "GO-2026-4559", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T19:11:24Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4559" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-27141" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4tn-wydf-mydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350579?format=api", "vulnerability_id": "VCID-ju53-xpej-3qca", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27140.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02635", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02748", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02776", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02722", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02735", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02746", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05345", "published_at": "2026-04-16T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00649", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00644", "published_at": "2026-04-12T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00655", "published_at": "2026-04-08T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00646", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27140" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27140", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27140" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:55:58Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456341", "reference_id": "2456341", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456341" }, { "reference_url": "https://go.dev/cl/763768", "reference_id": "763768", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:55:58Z/" } ], "url": "https://go.dev/cl/763768" }, { "reference_url": "https://go.dev/issue/78335", "reference_id": "78335", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:55:58Z/" } ], "url": "https://go.dev/issue/78335" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4871", "reference_id": "GO-2026-4871", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:55:58Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4871" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-27140" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ju53-xpej-3qca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23784?format=api", "vulnerability_id": "VCID-mhf1-8kyt-pbbx", "summary": "gRPC-Go has an authorization bypass via missing leading slash in :path\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nIt is an **Authorization Bypass** resulting from **Improper Input Validation** of the HTTP/2 `:path` pseudo-header.\n\nThe gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present.\n\n**Who is impacted?**\nThis affects gRPC-Go servers that meet both of the following criteria:\n1. They use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`.\n2. Their security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule).\n\nThe vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nYes, the issue has been patched. The fix ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string.\n\nUsers should upgrade to the following versions (or newer):\n* **v1.79.3**\n* The latest **master** branch.\n\nIt is recommended that all users employing path-based authorization (especially `grpc/authz`) upgrade as soon as the patch is available in a tagged release.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nWhile upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods:\n\n#### 1. Use a Validating Interceptor (Recommended Mitigation)\nAdd an \"outermost\" interceptor to your server that validates the path before any other authorization logic runs:\n\n```go\nfunc pathValidationInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {\n if info.FullMethod == \"\" || info.FullMethod[0] != '/' {\n return nil, status.Errorf(codes.Unimplemented, \"malformed method name\")\n } \n return handler(ctx, req)\n}\n\n// Ensure this is the FIRST interceptor in your chain\ns := grpc.NewServer(\n grpc.ChainUnaryInterceptor(pathValidationInterceptor, authzInterceptor),\n)\n```\n\n#### 2. Infrastructure-Level Normalization\nIf your gRPC server is behind a reverse proxy or load balancer (such as Envoy, NGINX, or an L7 Cloud Load Balancer), ensure it is configured to enforce strict HTTP/2 compliance for pseudo-headers and reject or normalize requests where the `:path` header does not start with a leading slash.\n\n#### 3. Policy Hardening\nSwitch to a \"default deny\" posture in your authorization policies (explicitly listing all allowed paths and denying everything else) to reduce the risk of bypasses via malformed inputs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33186.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33186.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02582", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02565", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02579", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02588", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03421", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03345", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0337", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03393", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03357", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05367", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05377", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05376", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06277", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06296", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33186" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/grpc/grpc-go", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/grpc/grpc-go" }, { "reference_url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:08:38Z/" } ], "url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132228", "reference_id": "1132228", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833", "reference_id": "2449833", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10093", "reference_id": "RHSA-2026:10093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10094", "reference_id": "RHSA-2026:10094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10094" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10105", "reference_id": "RHSA-2026:10105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10107", "reference_id": "RHSA-2026:10107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10125", "reference_id": "RHSA-2026:10125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10126", "reference_id": "RHSA-2026:10126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10130", "reference_id": "RHSA-2026:10130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10131", "reference_id": "RHSA-2026:10131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10153", "reference_id": "RHSA-2026:10153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10155", "reference_id": "RHSA-2026:10155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10158", "reference_id": "RHSA-2026:10158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10172", "reference_id": "RHSA-2026:10172", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10172" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10698", "reference_id": "RHSA-2026:10698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10705", "reference_id": "RHSA-2026:10705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10705" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10706", "reference_id": "RHSA-2026:10706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11070", "reference_id": "RHSA-2026:11070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11217", "reference_id": "RHSA-2026:11217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11330", "reference_id": "RHSA-2026:11330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11330" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11331", "reference_id": "RHSA-2026:11331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11408", "reference_id": "RHSA-2026:11408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11803", "reference_id": "RHSA-2026:11803", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11803" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11856", "reference_id": "RHSA-2026:11856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11916", "reference_id": "RHSA-2026:11916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11996", "reference_id": "RHSA-2026:11996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12116", "reference_id": "RHSA-2026:12116", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12116" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12277", "reference_id": "RHSA-2026:12277", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12277" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12279", "reference_id": "RHSA-2026:12279", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12279" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12337", "reference_id": "RHSA-2026:12337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13548", "reference_id": "RHSA-2026:13548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13791", "reference_id": "RHSA-2026:13791", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13791" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13829", "reference_id": "RHSA-2026:13829", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6174", "reference_id": "RHSA-2026:6174", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6428", "reference_id": "RHSA-2026:6428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6564", "reference_id": "RHSA-2026:6564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6802", "reference_id": "RHSA-2026:6802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7110", "reference_id": "RHSA-2026:7110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7128", "reference_id": "RHSA-2026:7128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7245", "reference_id": "RHSA-2026:7245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8151", "reference_id": "RHSA-2026:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8338", "reference_id": "RHSA-2026:8338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8433", "reference_id": "RHSA-2026:8433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8449", "reference_id": "RHSA-2026:8449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8483", "reference_id": "RHSA-2026:8483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8484", "reference_id": "RHSA-2026:8484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8490", "reference_id": "RHSA-2026:8490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8491", "reference_id": "RHSA-2026:8491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8493", "reference_id": "RHSA-2026:8493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9388", "reference_id": "RHSA-2026:9388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9440", "reference_id": "RHSA-2026:9440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9448", "reference_id": "RHSA-2026:9448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9453", "reference_id": "RHSA-2026:9453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9453" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9872", "reference_id": "RHSA-2026:9872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-33186", "GHSA-p77j-4mvh-x3m3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhf1-8kyt-pbbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/354100?format=api", "vulnerability_id": "VCID-nqrd-gp43-g7dw", "summary": "RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution\n### Summary\nThe RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication.\n\n### Preconditions\n\nPreconditions for this vulnerability are:\n\n- The rclone remote control API **must** be enabled, either by the `--rc` flag or by running the `rclone rcd` server\n- The remote control API **must** be reachable by the attacker - by default rclone only serves the rc to localhost unless the `--rc-addr` flag is in use\n- The rc must have been deployed **without** global RC HTTP authentication - so not using `--rc-user`/`--rc-pass`/`--rc-htpasswd`/etc\n\n\n### Details\nThe root cause consists of the following pieces:\n\n1. `operations/fsinfo` is not protected with `AuthRequired: true`\n2. `operations/fsinfo` calls `rc.GetFs(...)` on attacker-controlled input\n3. `rc.GetFs(...)` supports inline backend creation through object-valued `fs`\n4. WebDAV backend initialization executes `bearer_token_command`\n\nRelevant code paths:\n\n- [`fs/operations/rc.go`](https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go)\n - `operations/fsinfo` is registered without `AuthRequired: true`\n - `rcFsInfo()` calls `rc.GetFs(ctx, in)`\n\n- [`fs/rc/cache.go`](https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go)\n - `GetFs()` / `GetFsNamed()` can parse an object-valued `fs`\n - `getConfigMap()` converts attacker-controlled JSON into a backend config string\n\n- [`backend/webdav/webdav.go`](https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go)\n - `bearer_token_command` is a supported backend option\n - `NewFs(...)` calls `fetchAndSetBearerToken()` when `bearer_token_command` is set\n - `fetchBearerToken()` invokes `exec.Command(...)`\n\nThis creates a practical single-request unauthenticated command-execution primitive on reachable RC servers without global HTTP authentication.\n\nThis was alidated on:\n- current `master` as of 2026-04-14: `bf55d5e6d37fd86164a87782191f9e1ffcaafa82`\n- latest public release tested locally: `v1.73.4`\n\nThis was also validated on a public amd64 Ubuntu host controlled by the tester, using direct host execution (not containerized PoC execution).\n\n### PoC\n#### Minimal single-request form PoC\nStart a vulnerable RC server:\n\n```bash\nrclone rcd --rc-addr 127.0.0.1:5572\n```\n\nNo `--rc-user`, no `--rc-pass`, no `--rc-htpasswd`.\n\nThen send a single request:\n\n```bash\ncurl -sS -X POST http://127.0.0.1:5572/operations/fsinfo \\\n --data-urlencode \"fs=:webdav,url='http://127.0.0.1/',vendor=other,bearer_token_command='/usr/bin/touch /tmp/rclone_fsinfo_rce_poc_marker':\"\n```\n\nExpected result:\n- HTTP 200 JSON response from `operations/fsinfo`\n- `/tmp/rclone_fsinfo_rce_poc_marker` is created on the host\n\n### Impact\nThis is effectively a single-request unauthenticated command-execution vulnerability on reachable RC deployments without global HTTP authentication.\n\nIn practice, command execution in the rclone process context can lead to higher-impact outcomes such as local file read, file write, or shell access, depending on the deployed environment.\n\n#### Testing performed\nThis was successfully reproduced:\n- on a local test environment\n- on a public amd64 Ubuntu host controlled by the tester\n\nOn the public host it was confirmed:\n\n- the unauthenticated `operations/fsinfo` exploit worked\n- command execution occurred on the host\n- the issue was reproducible through direct host execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41179.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41179.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41179", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05976", "scoring_system": "epss", "scoring_elements": "0.90692", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.09603", "scoring_system": "epss", "scoring_elements": "0.92904", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.09603", "scoring_system": "epss", "scoring_elements": "0.92896", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41179" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41179", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41179" }, { "reference_url": "https://github.com/rclone/rclone", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rclone/rclone" }, { "reference_url": "https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-27T13:33:03Z/" } ], "url": "https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134735", "reference_id": "1134735", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134735" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460988", "reference_id": "2460988", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460988" }, { "reference_url": "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go", "reference_id": "cache.go", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-27T13:33:03Z/" } ], "url": "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go" }, { "reference_url": "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go", "reference_id": "rc.go", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-27T13:33:03Z/" } ], "url": "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go" }, { "reference_url": "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go", "reference_id": "webdav.go", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-27T13:33:03Z/" } ], "url": "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-41179", "GHSA-jfwf-28xr-xw6q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqrd-gp43-g7dw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64346?format=api", "vulnerability_id": "VCID-pcez-y67t-8yg3", "summary": "net/url: Incorrect parsing of IPv6 host literals in net/url", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08768", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09743", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09793", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09802", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09771", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0964", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09612", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.15881", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.15973", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.15853", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16017", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16013", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "reference_id": "2445356", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356" }, { "reference_url": "https://go.dev/cl/752180", "reference_id": "752180", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/" } ], "url": "https://go.dev/cl/752180" }, { "reference_url": "https://go.dev/issue/77578", "reference_id": "77578", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/" } ], "url": "https://go.dev/issue/77578" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "reference_id": "EdhZqrQ98hk", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4601", "reference_id": "GO-2026-4601", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10125", "reference_id": "RHSA-2026:10125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10133", "reference_id": "RHSA-2026:10133", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10133" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10140", "reference_id": "RHSA-2026:10140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10141", "reference_id": "RHSA-2026:10141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10158", "reference_id": "RHSA-2026:10158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10169", "reference_id": "RHSA-2026:10169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10225", "reference_id": "RHSA-2026:10225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10250", "reference_id": "RHSA-2026:10250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10701", "reference_id": "RHSA-2026:10701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10712", "reference_id": "RHSA-2026:10712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10712" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10929", "reference_id": "RHSA-2026:10929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11331", "reference_id": "RHSA-2026:11331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11375", "reference_id": "RHSA-2026:11375", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11375" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11412", "reference_id": "RHSA-2026:11412", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11412" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11413", "reference_id": "RHSA-2026:11413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11686", "reference_id": "RHSA-2026:11686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11688", "reference_id": "RHSA-2026:11688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11747", "reference_id": "RHSA-2026:11747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11749", "reference_id": "RHSA-2026:11749", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11768", "reference_id": "RHSA-2026:11768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11800", "reference_id": "RHSA-2026:11800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11856", "reference_id": "RHSA-2026:11856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11916", "reference_id": "RHSA-2026:11916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11996", "reference_id": "RHSA-2026:11996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12028", "reference_id": "RHSA-2026:12028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12029", "reference_id": "RHSA-2026:12029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12029" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12030", "reference_id": "RHSA-2026:12030", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12031", "reference_id": "RHSA-2026:12031", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12031" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12032", "reference_id": "RHSA-2026:12032", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12032" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12033", "reference_id": "RHSA-2026:12033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13508", "reference_id": "RHSA-2026:13508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13512", "reference_id": "RHSA-2026:13512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13512" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13545", "reference_id": "RHSA-2026:13545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13642", "reference_id": "RHSA-2026:13642", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13642" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13643", "reference_id": "RHSA-2026:13643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13671", "reference_id": "RHSA-2026:13671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5110", "reference_id": "RHSA-2026:5110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5549", "reference_id": "RHSA-2026:5549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5941", "reference_id": "RHSA-2026:5941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5941" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5942", "reference_id": "RHSA-2026:5942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5942" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5943", "reference_id": "RHSA-2026:5943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5944", "reference_id": "RHSA-2026:5944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6341", "reference_id": "RHSA-2026:6341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6344", "reference_id": "RHSA-2026:6344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6382", "reference_id": "RHSA-2026:6382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6383", "reference_id": "RHSA-2026:6383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6388", "reference_id": "RHSA-2026:6388", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6388" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6564", "reference_id": "RHSA-2026:6564", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6564" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6720", "reference_id": "RHSA-2026:6720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6802", "reference_id": "RHSA-2026:6802", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6802" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6949", "reference_id": "RHSA-2026:6949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7005", "reference_id": "RHSA-2026:7005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7009", "reference_id": "RHSA-2026:7009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7011", "reference_id": "RHSA-2026:7011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7259", "reference_id": "RHSA-2026:7259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7315", "reference_id": "RHSA-2026:7315", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7328", "reference_id": "RHSA-2026:7328", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7328" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7665", "reference_id": "RHSA-2026:7665", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7665" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7669", "reference_id": "RHSA-2026:7669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7674", "reference_id": "RHSA-2026:7674", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7674" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7833", "reference_id": "RHSA-2026:7833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7834", "reference_id": "RHSA-2026:7834", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7834" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7876", "reference_id": "RHSA-2026:7876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7877", "reference_id": "RHSA-2026:7877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7878", "reference_id": "RHSA-2026:7878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7879", "reference_id": "RHSA-2026:7879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7883", "reference_id": "RHSA-2026:7883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7992", "reference_id": "RHSA-2026:7992", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8151", "reference_id": "RHSA-2026:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8167", "reference_id": "RHSA-2026:8167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8314", "reference_id": "RHSA-2026:8314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8322", "reference_id": "RHSA-2026:8322", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8322" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8324", "reference_id": "RHSA-2026:8324", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8324" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8337", "reference_id": "RHSA-2026:8337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8338", "reference_id": "RHSA-2026:8338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8433", "reference_id": "RHSA-2026:8433", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8433" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8434", "reference_id": "RHSA-2026:8434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8456", "reference_id": "RHSA-2026:8456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8483", "reference_id": "RHSA-2026:8483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8484", "reference_id": "RHSA-2026:8484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8490", "reference_id": "RHSA-2026:8490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8491", "reference_id": "RHSA-2026:8491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8493", "reference_id": "RHSA-2026:8493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8840", "reference_id": "RHSA-2026:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8841", "reference_id": "RHSA-2026:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8842", "reference_id": "RHSA-2026:8842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8845", "reference_id": "RHSA-2026:8845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8847", "reference_id": "RHSA-2026:8847", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8848", "reference_id": "RHSA-2026:8848", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8848" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8849", "reference_id": "RHSA-2026:8849", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8849" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8851", "reference_id": "RHSA-2026:8851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8852", "reference_id": "RHSA-2026:8852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8853", "reference_id": "RHSA-2026:8853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8855", "reference_id": "RHSA-2026:8855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8856", "reference_id": "RHSA-2026:8856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8860", "reference_id": "RHSA-2026:8860", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8860" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8877", "reference_id": "RHSA-2026:8877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8878", "reference_id": "RHSA-2026:8878", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8878" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8879", "reference_id": "RHSA-2026:8879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8879" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8881", "reference_id": "RHSA-2026:8881", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8881" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8882", "reference_id": "RHSA-2026:8882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8930", "reference_id": "RHSA-2026:8930", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8930" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8931", "reference_id": "RHSA-2026:8931", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8931" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8949", "reference_id": "RHSA-2026:8949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9043", "reference_id": "RHSA-2026:9043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9044", "reference_id": "RHSA-2026:9044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9052", "reference_id": "RHSA-2026:9052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9090", "reference_id": "RHSA-2026:9090", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9093", "reference_id": "RHSA-2026:9093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9094", "reference_id": "RHSA-2026:9094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9094" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9097", "reference_id": "RHSA-2026:9097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9098", "reference_id": "RHSA-2026:9098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9108", "reference_id": "RHSA-2026:9108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9109", "reference_id": "RHSA-2026:9109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9434", "reference_id": "RHSA-2026:9434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9435", "reference_id": "RHSA-2026:9435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9436", "reference_id": "RHSA-2026:9436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9439", "reference_id": "RHSA-2026:9439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9440", "reference_id": "RHSA-2026:9440", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9448", "reference_id": "RHSA-2026:9448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9453", "reference_id": "RHSA-2026:9453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9453" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9461", "reference_id": "RHSA-2026:9461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9695", "reference_id": "RHSA-2026:9695", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9695" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9742", "reference_id": "RHSA-2026:9742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9872", "reference_id": "RHSA-2026:9872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-25679" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcez-y67t-8yg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350580?format=api", "vulnerability_id": "VCID-s176-xcrb-e3ea", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0442", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04649", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04594", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04628", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04653", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04556", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06628", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00618", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00623", "published_at": "2026-04-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00629", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:50:24Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342", "reference_id": "2456342", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342" }, { "reference_url": "https://go.dev/cl/763765", "reference_id": "763765", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:50:24Z/" } ], "url": "https://go.dev/cl/763765" }, { "reference_url": "https://go.dev/issue/78333", "reference_id": "78333", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:50:24Z/" } ], "url": "https://go.dev/issue/78333" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4868", "reference_id": "GO-2026-4868", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:50:24Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11688", "reference_id": "RHSA-2026:11688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11688" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-27143" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s176-xcrb-e3ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350599?format=api", "vulnerability_id": "VCID-svbs-h3y5-wfbn", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32289.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32289.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0112", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01194", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.012", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01193", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01189", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.014", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01412", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01414", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01407", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01399", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02621", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32289" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32289", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32289" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:22Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334", "reference_id": "2456334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334" }, { "reference_url": "https://go.dev/cl/763762", "reference_id": "763762", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:22Z/" } ], "url": "https://go.dev/cl/763762" }, { "reference_url": "https://go.dev/issue/78331", "reference_id": "78331", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:22Z/" } ], "url": "https://go.dev/issue/78331" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4865", "reference_id": "GO-2026-4865", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:22Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4865" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-32289" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-svbs-h3y5-wfbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350581?format=api", "vulnerability_id": "VCID-t19m-gs1u-rbfp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27144.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27144", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00294", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00308", "published_at": "2026-04-29T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00312", "published_at": "2026-04-26T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00314", "published_at": "2026-04-24T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00313", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00307", "published_at": "2026-05-05T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00687", "published_at": "2026-04-08T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00679", "published_at": "2026-04-11T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00672", "published_at": "2026-04-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00693", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27144" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27144", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27144" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:49:47Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340", "reference_id": "2456340", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340" }, { "reference_url": "https://go.dev/cl/763764", "reference_id": "763764", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:49:47Z/" } ], "url": "https://go.dev/cl/763764" }, { "reference_url": "https://go.dev/issue/78371", "reference_id": "78371", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:49:47Z/" } ], "url": "https://go.dev/issue/78371" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4867", "reference_id": "GO-2026-4867", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:49:47Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11688", "reference_id": "RHSA-2026:11688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11688" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-27144" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t19m-gs1u-rbfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350594?format=api", "vulnerability_id": "VCID-tf52-aa91-4kf3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32280.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32280.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0343", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03484", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03455", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04468", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04406", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04427", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04467", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04261", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04387", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05503", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.0045", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "reference_id": "2456339", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11688", "reference_id": "RHSA-2026:11688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13545", "reference_id": "RHSA-2026:13545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13826", "reference_id": "RHSA-2026:13826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-32280" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tf52-aa91-4kf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350596?format=api", "vulnerability_id": "VCID-tmb1-tq9e-puhd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01073", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01072", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01057", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01052", "published_at": "2026-04-13T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00778", "published_at": "2026-04-16T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00766", "published_at": "2026-04-18T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00807", "published_at": "2026-04-29T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00812", "published_at": "2026-05-05T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.00811", "published_at": "2026-04-24T12:55:00Z" }, { "value": "8e-05", "scoring_system": "epss", "scoring_elements": "0.0081", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:47:42Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "reference_id": "2456336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336" }, { "reference_url": "https://go.dev/cl/763761", "reference_id": "763761", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:47:42Z/" } ], "url": "https://go.dev/cl/763761" }, { "reference_url": "https://go.dev/issue/78293", "reference_id": "78293", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:47:42Z/" } ], "url": "https://go.dev/issue/78293" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4864", "reference_id": "GO-2026-4864", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:47:42Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11408", "reference_id": "RHSA-2026:11408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11803", "reference_id": "RHSA-2026:11803", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11803" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13826", "reference_id": "RHSA-2026:13826", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13826" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-32282" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmb1-tq9e-puhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/350597?format=api", "vulnerability_id": "VCID-vw1r-8zev-ykf4", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03145", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.043", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04313", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0428", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04261", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04249", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05594", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00479", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00477", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00474", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00476", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "reference_id": "0uYbvbPZRWU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:46Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU" }, { "reference_url": "https://go.dev/cl/763767", "reference_id": "763767", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:46Z/" } ], "url": "https://go.dev/cl/763767" }, { "reference_url": "https://go.dev/issue/78334", "reference_id": "78334", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:46Z/" } ], "url": "https://go.dev/issue/78334" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4870", "reference_id": "GO-2026-4870", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:46Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4870" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-32283" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vw1r-8zev-ykf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64347?format=api", "vulnerability_id": "VCID-x5ub-bfb7-nbbr", "summary": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27137.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.017", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01692", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02175", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02198", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0216", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02132", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02145", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0223", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03157", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03112", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03116", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03123", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27137" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345", "reference_id": "2445345", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345" }, { "reference_url": "https://go.dev/cl/752182", "reference_id": "752182", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/" } ], "url": "https://go.dev/cl/752182" }, { "reference_url": "https://go.dev/issue/77952", "reference_id": "77952", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/" } ], "url": "https://go.dev/issue/77952" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "reference_id": "EdhZqrQ98hk", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/" } ], "url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4599", "reference_id": "GO-2026-4599", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10125", "reference_id": "RHSA-2026:10125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10158", "reference_id": "RHSA-2026:10158", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10158" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10169", "reference_id": "RHSA-2026:10169", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10169" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10225", "reference_id": "RHSA-2026:10225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10250", "reference_id": "RHSA-2026:10250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10929", "reference_id": "RHSA-2026:10929", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10929" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11331", "reference_id": "RHSA-2026:11331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11331" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11800", "reference_id": "RHSA-2026:11800", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:11800" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13545", "reference_id": "RHSA-2026:13545", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13545" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5110", "reference_id": "RHSA-2026:5110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5549", "reference_id": "RHSA-2026:5549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:5549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8151", "reference_id": "RHSA-2026:8151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8167", "reference_id": "RHSA-2026:8167", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8337", "reference_id": "RHSA-2026:8337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8338", "reference_id": "RHSA-2026:8338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8842", "reference_id": "RHSA-2026:8842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9052", "reference_id": "RHSA-2026:9052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9052" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9385", "reference_id": "RHSA-2026:9385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9697", "reference_id": "RHSA-2026:9697", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9697" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9698", "reference_id": "RHSA-2026:9698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9699", "reference_id": "RHSA-2026:9699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9872", "reference_id": "RHSA-2026:9872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:9872" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-27137" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5ub-bfb7-nbbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23508?format=api", "vulnerability_id": "VCID-yj5c-4wbb-gbcx", "summary": "Go Images vulnerable to an out-of-memory error via a crafted TIFF file\nA maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01533", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01944", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01891", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01594", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01909", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10501", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10663", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.1066", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10641", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10616", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10483", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10602", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33809" }, { "reference_url": "https://cs.opensource.google/go/x/image", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cs.opensource.google/go/x/image" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33809" }, { "reference_url": "https://go.dev/cl/757660", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:05:32Z/" } ], "url": "https://go.dev/cl/757660" }, { "reference_url": "https://go.dev/issue/78267", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:05:32Z/" } ], "url": "https://go.dev/issue/78267" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2026-4815", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:05:32Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2026-4815" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437", "reference_id": "2451437", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1081590?format=api", "purl": "pkg:apk/alpine/rclone@1.73.5-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" } ], "aliases": [ "CVE-2026-33809", "GHSA-44p7-9xx4-hf2g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yj5c-4wbb-gbcx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=aarch64&distroversion=edge&reponame=community" }