Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8844-hdkd-yyc7
Summarybusybox: BusyBox: Arbitrary file modification and privilege escalation via unvalidated tar archive entries
Aliases
0
alias CVE-2026-26158
Fixed_packages
0
url pkg:deb/debian/busybox@1:1.35.0-4%2Bdeb12u1
purl pkg:deb/debian/busybox@1:1.35.0-4%2Bdeb12u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%252Bdeb12u1
1
url pkg:deb/debian/busybox@1:1.37.0-10.1
purl pkg:deb/debian/busybox@1:1.37.0-10.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1
2
url pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie
purl pkg:deb/debian/busybox@1:1.37.0-10.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-10.1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie
purl pkg:deb/debian/busybox@1:1.30.1-6?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8844-hdkd-yyc7
1
vulnerability VCID-8r73-bpac-dubc
2
vulnerability VCID-92nk-cwc9-rkg4
3
vulnerability VCID-fugr-ve7z-efdb
4
vulnerability VCID-g5t1-3tab-uuf9
5
vulnerability VCID-jjqh-pw7r-buau
6
vulnerability VCID-n1u3-njfx-vfcp
7
vulnerability VCID-rp81-5jrg-jkht
8
vulnerability VCID-svyb-nqje-dbcs
9
vulnerability VCID-syfd-zx16-n3gy
10
vulnerability VCID-t62w-rrsb-vqgy
11
vulnerability VCID-vjyq-6k64-7fat
12
vulnerability VCID-xjbx-z3d5-5bad
13
vulnerability VCID-ytff-pgz4-tub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6%3Fdistro=trixie
1
url pkg:deb/debian/busybox@1:1.30.1-6
purl pkg:deb/debian/busybox@1:1.30.1-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4muk-rhx5-yqeu
1
vulnerability VCID-4qpt-mxfy-6bh6
2
vulnerability VCID-8844-hdkd-yyc7
3
vulnerability VCID-8r73-bpac-dubc
4
vulnerability VCID-92nk-cwc9-rkg4
5
vulnerability VCID-9fex-zr2n-w3cb
6
vulnerability VCID-9s28-b1gj-uqaj
7
vulnerability VCID-dse8-esmh-3ygm
8
vulnerability VCID-fugr-ve7z-efdb
9
vulnerability VCID-g5t1-3tab-uuf9
10
vulnerability VCID-gdfa-8gar-47gd
11
vulnerability VCID-jjqh-pw7r-buau
12
vulnerability VCID-jjxj-yf1x-4qg5
13
vulnerability VCID-mdmz-hjvu-hke3
14
vulnerability VCID-n1u3-njfx-vfcp
15
vulnerability VCID-r12h-q1dj-a7b8
16
vulnerability VCID-rp81-5jrg-jkht
17
vulnerability VCID-svyb-nqje-dbcs
18
vulnerability VCID-syfd-zx16-n3gy
19
vulnerability VCID-t62w-rrsb-vqgy
20
vulnerability VCID-tkat-gfks-kqg9
21
vulnerability VCID-v6td-yjyg-rub4
22
vulnerability VCID-vjyq-6k64-7fat
23
vulnerability VCID-vpmv-afzs-tffj
24
vulnerability VCID-xjbx-z3d5-5bad
25
vulnerability VCID-y9hd-5med-67c4
26
vulnerability VCID-ytff-pgz4-tub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.30.1-6
2
url pkg:deb/debian/busybox@1:1.35.0-4
purl pkg:deb/debian/busybox@1:1.35.0-4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8844-hdkd-yyc7
1
vulnerability VCID-9s28-b1gj-uqaj
2
vulnerability VCID-fugr-ve7z-efdb
3
vulnerability VCID-g5t1-3tab-uuf9
4
vulnerability VCID-jjqh-pw7r-buau
5
vulnerability VCID-n1u3-njfx-vfcp
6
vulnerability VCID-syfd-zx16-n3gy
7
vulnerability VCID-t62w-rrsb-vqgy
8
vulnerability VCID-v6td-yjyg-rub4
9
vulnerability VCID-xjbx-z3d5-5bad
10
vulnerability VCID-y9hd-5med-67c4
11
vulnerability VCID-ytff-pgz4-tub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4
3
url pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie
purl pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8844-hdkd-yyc7
1
vulnerability VCID-9s28-b1gj-uqaj
2
vulnerability VCID-fugr-ve7z-efdb
3
vulnerability VCID-g5t1-3tab-uuf9
4
vulnerability VCID-jjqh-pw7r-buau
5
vulnerability VCID-n1u3-njfx-vfcp
6
vulnerability VCID-syfd-zx16-n3gy
7
vulnerability VCID-t62w-rrsb-vqgy
8
vulnerability VCID-v6td-yjyg-rub4
9
vulnerability VCID-xjbx-z3d5-5bad
10
vulnerability VCID-y9hd-5med-67c4
11
vulnerability VCID-ytff-pgz4-tub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.35.0-4%3Fdistro=trixie
4
url pkg:deb/debian/busybox@1:1.37.0-6
purl pkg:deb/debian/busybox@1:1.37.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8844-hdkd-yyc7
1
vulnerability VCID-fugr-ve7z-efdb
2
vulnerability VCID-g5t1-3tab-uuf9
3
vulnerability VCID-jjqh-pw7r-buau
4
vulnerability VCID-n1u3-njfx-vfcp
5
vulnerability VCID-t62w-rrsb-vqgy
6
vulnerability VCID-ytff-pgz4-tub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6
5
url pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie
purl pkg:deb/debian/busybox@1:1.37.0-6?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8844-hdkd-yyc7
1
vulnerability VCID-fugr-ve7z-efdb
2
vulnerability VCID-g5t1-3tab-uuf9
3
vulnerability VCID-jjqh-pw7r-buau
4
vulnerability VCID-n1u3-njfx-vfcp
5
vulnerability VCID-t62w-rrsb-vqgy
6
vulnerability VCID-ytff-pgz4-tub2
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/busybox@1:1.37.0-6%3Fdistro=trixie
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26158.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26158.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26158
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00232
published_at 2026-04-13T12:55:00Z
1
value 5e-05
scoring_system epss
scoring_elements 0.0024
published_at 2026-04-02T12:55:00Z
2
value 5e-05
scoring_system epss
scoring_elements 0.00238
published_at 2026-04-07T12:55:00Z
3
value 5e-05
scoring_system epss
scoring_elements 0.00236
published_at 2026-04-08T12:55:00Z
4
value 5e-05
scoring_system epss
scoring_elements 0.00235
published_at 2026-04-09T12:55:00Z
5
value 5e-05
scoring_system epss
scoring_elements 0.00234
published_at 2026-04-18T12:55:00Z
6
value 5e-05
scoring_system epss
scoring_elements 0.00233
published_at 2026-04-16T12:55:00Z
7
value 5e-05
scoring_system epss
scoring_elements 0.00241
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26158
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26158
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26158
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127782
reference_id 1127782
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127782
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2439040
reference_id 2439040
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2439040
6
reference_url https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb
reference_id archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/
url https://git.busybox.net/busybox/commit/archival?id=3fb6b31c716669e12f75a2accd31bb7685b1a1cb
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
reference_id cpe:/a:redhat:hummingbird:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
9
reference_url https://access.redhat.com/security/cve/CVE-2026-26158
reference_id CVE-2026-26158
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-12T04:55:24Z/
url https://access.redhat.com/security/cve/CVE-2026-26158
Weaknesses
0
cwe_id 73
name External Control of File Name or Path
description The product allows user input to control or influence paths or file names that are used in filesystem operations.
Exploits
Severity_range_score7.0 - 7.0
Exploitability0.5
Weighted_severity6.3
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8844-hdkd-yyc7