Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:golang/github.com/flannel-io/flannel@0.28.2
Typegolang
Namespacegithub.com/flannel-io
Nameflannel
Version0.28.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-84qq-y898-k7da
vulnerability_id VCID-84qq-y898-k7da
summary Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that allows an attacker who can set Kubernetes Node annotations to achieve root-level arbitrary command execution on every flannel node in the cluster. The Extension backend's SubnetAddCommand and SubnetRemoveCommand receive attacker-controlled data via stdin (from the `flannel.alpha.coreos.com/backend-data` Node annotation). The content of this annotation is unmarshalled and piped directly to a shell command without checks. Kubernetes clusters using Flannel with the Extension backend are affected by this vulnerability. Other backends such as vxlan and wireguard are unaffected. The vulnerability is fixed in version v0.28.2. As a workaround, use Flannel with another backend such as vxlan or wireguard.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32241
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18426
published_at 2026-06-14T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.18449
published_at 2026-06-13T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.18428
published_at 2026-06-12T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.18265
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32241
1
reference_url https://github.com/flannel-io/flannel
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/flannel-io/flannel
2
reference_url https://github.com/flannel-io/flannel/commit/08bc9a4c990ae785d2fcb448f4991b58485cd26a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/flannel-io/flannel/commit/08bc9a4c990ae785d2fcb448f4991b58485cd26a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32241
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32241
4
reference_url https://github.com/flannel-io/flannel/security/advisories/GHSA-vchx-5pr6-ffx2
reference_id GHSA-vchx-5pr6-ffx2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T18:51:18Z/
url https://github.com/flannel-io/flannel/security/advisories/GHSA-vchx-5pr6-ffx2
5
reference_url https://github.com/flannel-io/flannel/releases/tag/v0.28.2
reference_id v0.28.2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-31T18:51:18Z/
url https://github.com/flannel-io/flannel/releases/tag/v0.28.2
fixed_packages
0
url pkg:golang/github.com/flannel-io/flannel@0.28.2
purl pkg:golang/github.com/flannel-io/flannel@0.28.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/flannel-io/flannel@0.28.2
aliases CVE-2026-32241, GHSA-vchx-5pr6-ffx2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84qq-y898-k7da
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:golang/github.com/flannel-io/flannel@0.28.2