{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","type":"apk","namespace":"alpine","name":"rclone","version":"1.73.5-r0","qualifiers":{"arch":"x86_64","distroversion":"edge","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.74.0-r0","latest_non_vulnerable_version":"1.74.0-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350595?format=json","vulnerability_id":"VCID-245f-jhkn-w3ck","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32281.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32281.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32281","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04457","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04696","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0467","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04636","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04595","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04693","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05503","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0045","published_at":"2026-04-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00451","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00447","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32281"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:52:37Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456333","reference_id":"2456333","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456333"},{"reference_url":"https://go.dev/cl/758061","reference_id":"758061","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:52:37Z/"}],"url":"https://go.dev/cl/758061"},{"reference_url":"https://go.dev/issue/78281","reference_id":"78281","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:52:37Z/"}],"url":"https://go.dev/issue/78281"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4946","reference_id":"GO-2026-4946","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:52:37Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4946"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-32281"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-245f-jhkn-w3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64344?format=json","vulnerability_id":"VCID-6a6z-bq7m-c3gf","summary":"crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27138.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27138.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27138","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05245","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05215","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05749","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05788","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05813","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05792","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05784","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05778","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05741","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05894","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09952","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09915","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.09868","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00034","scoring_system":"epss","scoring_elements":"0.0979","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27138"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445344","reference_id":"2445344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445344"},{"reference_url":"https://go.dev/cl/752183","reference_id":"752183","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/"}],"url":"https://go.dev/cl/752183"},{"reference_url":"https://go.dev/issue/77953","reference_id":"77953","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/"}],"url":"https://go.dev/issue/77953"},{"reference_url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk","reference_id":"EdhZqrQ98hk","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/"}],"url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4600","reference_id":"GO-2026-4600","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:34:15Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4600"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-27138"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6a6z-bq7m-c3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23585?format=json","vulnerability_id":"VCID-6gj4-t3v3-gyhp","summary":"Denial of service in github.com/buger/jsonparser\nThe Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32285.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32285","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05903","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16264","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16269","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17069","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17129","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17176","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17201","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17144","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17054","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17273","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17223","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17045","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17009","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17005","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.1769","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32285"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/buger/jsonparser","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/buger/jsonparser"},{"reference_url":"https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0"},{"reference_url":"https://github.com/buger/jsonparser/issues/275","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/"}],"url":"https://github.com/buger/jsonparser/issues/275"},{"reference_url":"https://github.com/buger/jsonparser/pull/276","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/buger/jsonparser/pull/276"},{"reference_url":"https://github.com/buger/jsonparser/releases/tag/v1.1.2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/buger/jsonparser/releases/tag/v1.1.2"},{"reference_url":"https://github.com/golang/vulndb/issues/4514","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/"}],"url":"https://github.com/golang/vulndb/issues/4514"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32285","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32285"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4514","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-30T14:05:55Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4514"},{"reference_url":"https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451846","reference_id":"2451846","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13548","reference_id":"RHSA-2026:13548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7191","reference_id":"RHSA-2026:7191","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7191"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-32285","GHSA-6g7g-w4f8-9c9x"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gj4-t3v3-gyhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21187?format=json","vulnerability_id":"VCID-82wq-13vf-ufb2","summary":"CIRCL has an incorrect calculation in secp384r1 CombinedMult\nThe CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in **[v1.6.3](https://github.com/cloudflare/circl/releases/tag/v1.6.3)**.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1229","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05864","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06053","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06047","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06011","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05981","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05829","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05819","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05854","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05871","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05889","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05831","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05825","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06305","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1229"},{"reference_url":"https://github.com/cloudflare/circl","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:04:09Z/"}],"url":"https://github.com/cloudflare/circl"},{"reference_url":"https://github.com/cloudflare/circl/pull/583","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cloudflare/circl/pull/583"},{"reference_url":"https://github.com/cloudflare/circl/releases/tag/v1.6.3","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cloudflare/circl/releases/tag/v1.6.3"},{"reference_url":"https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1229","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1229"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-1229","GHSA-q9hv-hpm4-hj6x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82wq-13vf-ufb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64345?format=json","vulnerability_id":"VCID-8s5d-1byz-8fhz","summary":"html/template: URLs in meta content attribute actions are not escaped in html/template","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27142.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27142","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01258","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01426","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01263","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01429","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01436","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01562","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01545","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0153","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01552","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01555","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03399","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27142"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445351","reference_id":"2445351","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445351"},{"reference_url":"https://go.dev/cl/752081","reference_id":"752081","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T15:21:11Z/"}],"url":"https://go.dev/cl/752081"},{"reference_url":"https://go.dev/issue/77954","reference_id":"77954","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T15:21:11Z/"}],"url":"https://go.dev/issue/77954"},{"reference_url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk","reference_id":"EdhZqrQ98hk","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T15:21:11Z/"}],"url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4603","reference_id":"GO-2026-4603","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-16T15:21:11Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4603"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5192","reference_id":"RHSA-2026:5192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-27142"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8s5d-1byz-8fhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350598?format=json","vulnerability_id":"VCID-91yp-p6st-8ucd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32288.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32288.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32288","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00172","published_at":"2026-05-05T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00171","published_at":"2026-04-18T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00173","published_at":"2026-04-21T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00175","published_at":"2026-04-26T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0029","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0062","published_at":"2026-04-13T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00618","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00622","published_at":"2026-04-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00813","published_at":"2026-04-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00816","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32288"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32288","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32288"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:05Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456332","reference_id":"2456332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456332"},{"reference_url":"https://go.dev/cl/763766","reference_id":"763766","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:05Z/"}],"url":"https://go.dev/cl/763766"},{"reference_url":"https://go.dev/issue/78301","reference_id":"78301","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:05Z/"}],"url":"https://go.dev/issue/78301"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4869","reference_id":"GO-2026-4869","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:05Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4869"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-32288"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91yp-p6st-8ucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64682?format=json","vulnerability_id":"VCID-dp1t-v58b-43du","summary":"crypto/tls: Unexpected session resumption in crypto/tls","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68121.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68121","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04012","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04026","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04029","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04044","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04068","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04041","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04541","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04583","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04353","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04361","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04493","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0452","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916","reference_id":"1125916","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125916"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917","reference_id":"1125917","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125917"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437111","reference_id":"2437111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437111"},{"reference_url":"https://go.dev/cl/737700","reference_id":"737700","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/"}],"url":"https://go.dev/cl/737700"},{"reference_url":"https://go.dev/issue/77217","reference_id":"77217","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/"}],"url":"https://go.dev/issue/77217"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4337","reference_id":"GO-2026-4337","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4337"},{"reference_url":"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk","reference_id":"K09ubi9FQFk","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-29T03:55:46Z/"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-20T16:05:03Z/"}],"url":"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10125","reference_id":"RHSA-2026:10125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10158","reference_id":"RHSA-2026:10158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10225","reference_id":"RHSA-2026:10225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10250","reference_id":"RHSA-2026:10250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11331","reference_id":"RHSA-2026:11331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11414","reference_id":"RHSA-2026:11414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11747","reference_id":"RHSA-2026:11747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11749","reference_id":"RHSA-2026:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12028","reference_id":"RHSA-2026:12028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12029","reference_id":"RHSA-2026:12029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12030","reference_id":"RHSA-2026:12030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12031","reference_id":"RHSA-2026:12031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12032","reference_id":"RHSA-2026:12032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12033","reference_id":"RHSA-2026:12033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13542","reference_id":"RHSA-2026:13542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2706","reference_id":"RHSA-2026:2706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2708","reference_id":"RHSA-2026:2708","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2708"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2709","reference_id":"RHSA-2026:2709","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2709"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2914","reference_id":"RHSA-2026:2914","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2914"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2920","reference_id":"RHSA-2026:2920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3035","reference_id":"RHSA-2026:3035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3040","reference_id":"RHSA-2026:3040","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3040"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3089","reference_id":"RHSA-2026:3089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3092","reference_id":"RHSA-2026:3092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3092"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3186","reference_id":"RHSA-2026:3186","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3186"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3187","reference_id":"RHSA-2026:3187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3188","reference_id":"RHSA-2026:3188","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3188"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3192","reference_id":"RHSA-2026:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3193","reference_id":"RHSA-2026:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3291","reference_id":"RHSA-2026:3291","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3291"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3297","reference_id":"RHSA-2026:3297","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3297"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3298","reference_id":"RHSA-2026:3298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3336","reference_id":"RHSA-2026:3336","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3337","reference_id":"RHSA-2026:3337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3340","reference_id":"RHSA-2026:3340","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3340"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3341","reference_id":"RHSA-2026:3341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3343","reference_id":"RHSA-2026:3343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3459","reference_id":"RHSA-2026:3459","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3459"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3506","reference_id":"RHSA-2026:3506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3556","reference_id":"RHSA-2026:3556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3559","reference_id":"RHSA-2026:3559","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3559"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3752","reference_id":"RHSA-2026:3752","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3753","reference_id":"RHSA-2026:3753","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3753"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3782","reference_id":"RHSA-2026:3782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3816","reference_id":"RHSA-2026:3816","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3816"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3817","reference_id":"RHSA-2026:3817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3831","reference_id":"RHSA-2026:3831","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3831"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3833","reference_id":"RHSA-2026:3833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3839","reference_id":"RHSA-2026:3839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3840","reference_id":"RHSA-2026:3840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3842","reference_id":"RHSA-2026:3842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3843","reference_id":"RHSA-2026:3843","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3855","reference_id":"RHSA-2026:3855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3864","reference_id":"RHSA-2026:3864","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3874","reference_id":"RHSA-2026:3874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3884","reference_id":"RHSA-2026:3884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3898","reference_id":"RHSA-2026:3898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3898"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3928","reference_id":"RHSA-2026:3928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3929","reference_id":"RHSA-2026:3929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3970","reference_id":"RHSA-2026:3970","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3970"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3971","reference_id":"RHSA-2026:3971","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3971"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3977","reference_id":"RHSA-2026:3977","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3977"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3985","reference_id":"RHSA-2026:3985","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3985"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4164","reference_id":"RHSA-2026:4164","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4166","reference_id":"RHSA-2026:4166","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4170","reference_id":"RHSA-2026:4170","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4170"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4174","reference_id":"RHSA-2026:4174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4177","reference_id":"RHSA-2026:4177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4220","reference_id":"RHSA-2026:4220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4256","reference_id":"RHSA-2026:4256","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4256"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4264","reference_id":"RHSA-2026:4264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4267","reference_id":"RHSA-2026:4267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4270","reference_id":"RHSA-2026:4270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4270"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4466","reference_id":"RHSA-2026:4466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4467","reference_id":"RHSA-2026:4467","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4467"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4498","reference_id":"RHSA-2026:4498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4500","reference_id":"RHSA-2026:4500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4672","reference_id":"RHSA-2026:4672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4892","reference_id":"RHSA-2026:4892","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4892"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4901","reference_id":"RHSA-2026:4901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4907","reference_id":"RHSA-2026:4907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4942","reference_id":"RHSA-2026:4942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4952","reference_id":"RHSA-2026:4952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5077","reference_id":"RHSA-2026:5077","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5077"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5110","reference_id":"RHSA-2026:5110","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5110"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5129","reference_id":"RHSA-2026:5129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5130","reference_id":"RHSA-2026:5130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5131","reference_id":"RHSA-2026:5131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5132","reference_id":"RHSA-2026:5132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5132"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5133","reference_id":"RHSA-2026:5133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5146","reference_id":"RHSA-2026:5146","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5146"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5168","reference_id":"RHSA-2026:5168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5394","reference_id":"RHSA-2026:5394","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5394"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5452","reference_id":"RHSA-2026:5452","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5452"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5549","reference_id":"RHSA-2026:5549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5636","reference_id":"RHSA-2026:5636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5645","reference_id":"RHSA-2026:5645","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5645"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5665","reference_id":"RHSA-2026:5665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5851","reference_id":"RHSA-2026:5851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5866","reference_id":"RHSA-2026:5866","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5876","reference_id":"RHSA-2026:5876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5878","reference_id":"RHSA-2026:5878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5907","reference_id":"RHSA-2026:5907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5948","reference_id":"RHSA-2026:5948","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5948"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5950","reference_id":"RHSA-2026:5950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5952","reference_id":"RHSA-2026:5952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6192","reference_id":"RHSA-2026:6192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6226","reference_id":"RHSA-2026:6226","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6226"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6277","reference_id":"RHSA-2026:6277","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6278","reference_id":"RHSA-2026:6278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6428","reference_id":"RHSA-2026:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6429","reference_id":"RHSA-2026:6429","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6429"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6497","reference_id":"RHSA-2026:6497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6552","reference_id":"RHSA-2026:6552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6567","reference_id":"RHSA-2026:6567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7052","reference_id":"RHSA-2026:7052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7854","reference_id":"RHSA-2026:7854","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7885","reference_id":"RHSA-2026:7885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8151","reference_id":"RHSA-2026:8151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8167","reference_id":"RHSA-2026:8167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8218","reference_id":"RHSA-2026:8218","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8218"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8337","reference_id":"RHSA-2026:8337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8338","reference_id":"RHSA-2026:8338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8433","reference_id":"RHSA-2026:8433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9097","reference_id":"RHSA-2026:9097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9098","reference_id":"RHSA-2026:9098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9108","reference_id":"RHSA-2026:9108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9109","reference_id":"RHSA-2026:9109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9848","reference_id":"RHSA-2026:9848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9848"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2025-68121"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dp1t-v58b-43du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350604?format=json","vulnerability_id":"VCID-gtys-5r5h-p7ht","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33810.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33810","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01216","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.014","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01409","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01404","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01399","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01389","published_at":"2026-04-21T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00274","published_at":"2026-04-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00212","published_at":"2026-04-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00211","published_at":"2026-04-13T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00276","published_at":"2026-04-08T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00967","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33810"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456335","reference_id":"2456335","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456335"},{"reference_url":"https://go.dev/cl/763763","reference_id":"763763","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/"}],"url":"https://go.dev/cl/763763"},{"reference_url":"https://go.dev/issue/78332","reference_id":"78332","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/"}],"url":"https://go.dev/issue/78332"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4866","reference_id":"GO-2026-4866","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:57Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10155","reference_id":"RHSA-2026:10155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10158","reference_id":"RHSA-2026:10158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11330","reference_id":"RHSA-2026:11330","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11331","reference_id":"RHSA-2026:11331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-33810"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gtys-5r5h-p7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64403?format=json","vulnerability_id":"VCID-h4tn-wydf-mydg","summary":"golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27141.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27141.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27141","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0593","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05946","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06023","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05998","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05963","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05974","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06125","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06139","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.0617","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06178","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05962","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.05985","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06439","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27141"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443104","reference_id":"2443104","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443104"},{"reference_url":"https://go.dev/cl/746180","reference_id":"746180","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T19:11:24Z/"}],"url":"https://go.dev/cl/746180"},{"reference_url":"https://go.dev/issue/77652","reference_id":"77652","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T19:11:24Z/"}],"url":"https://go.dev/issue/77652"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27141","reference_id":"CVE-2026-27141","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T19:11:24Z/"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27141"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4559","reference_id":"GO-2026-4559","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-27T19:11:24Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-27141"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4tn-wydf-mydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350579?format=json","vulnerability_id":"VCID-ju53-xpej-3qca","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27140.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27140.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27140","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02635","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02748","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02776","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02722","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02735","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02746","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05345","published_at":"2026-04-16T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00649","published_at":"2026-04-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00644","published_at":"2026-04-12T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00655","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00646","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27140"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:55:58Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456341","reference_id":"2456341","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456341"},{"reference_url":"https://go.dev/cl/763768","reference_id":"763768","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:55:58Z/"}],"url":"https://go.dev/cl/763768"},{"reference_url":"https://go.dev/issue/78335","reference_id":"78335","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:55:58Z/"}],"url":"https://go.dev/issue/78335"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4871","reference_id":"GO-2026-4871","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-09T03:55:58Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4871"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-27140"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ju53-xpej-3qca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23784?format=json","vulnerability_id":"VCID-mhf1-8kyt-pbbx","summary":"gRPC-Go has an authorization bypass via missing leading slash in :path\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nIt is an **Authorization Bypass** resulting from **Improper Input Validation** of the HTTP/2 `:path` pseudo-header.\n\nThe gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present.\n\n**Who is impacted?**\nThis affects gRPC-Go servers that meet both of the following criteria:\n1. They use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`.\n2. Their security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule).\n\nThe vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nYes, the issue has been patched. The fix ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string.\n\nUsers should upgrade to the following versions (or newer):\n* **v1.79.3**\n* The latest **master** branch.\n\nIt is recommended that all users employing path-based authorization (especially `grpc/authz`) upgrade as soon as the patch is available in a tagged release.\n\n### Workarounds\n_Is there a way for users to fix or remediate the vulnerability without upgrading?_\n\nWhile upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods:\n\n#### 1. Use a Validating Interceptor (Recommended Mitigation)\nAdd an \"outermost\" interceptor to your server that validates the path before any other authorization logic runs:\n\n```go\nfunc pathValidationInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error) {\n    if info.FullMethod == \"\" || info.FullMethod[0] != '/' {\n        return nil, status.Errorf(codes.Unimplemented, \"malformed method name\")\n    }   \n    return handler(ctx, req)\n}\n\n// Ensure this is the FIRST interceptor in your chain\ns := grpc.NewServer(\n    grpc.ChainUnaryInterceptor(pathValidationInterceptor, authzInterceptor),\n)\n```\n\n#### 2. Infrastructure-Level Normalization\nIf your gRPC server is behind a reverse proxy or load balancer (such as Envoy, NGINX, or an L7 Cloud Load Balancer), ensure it is configured to enforce strict HTTP/2 compliance for pseudo-headers and reject or normalize requests where the `:path` header does not start with a leading slash.\n\n#### 3. Policy Hardening\nSwitch to a \"default deny\" posture in your authorization policies (explicitly listing all allowed paths and denying everything else) to reduce the risk of bypasses via malformed inputs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33186.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33186.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33186","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02582","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02565","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02609","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02579","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02588","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03421","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0337","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03393","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05367","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05377","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05376","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06277","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06296","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33186"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/grpc/grpc-go","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/grpc/grpc-go"},{"reference_url":"https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:08:38Z/"}],"url":"https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33186","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33186"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132228","reference_id":"1132228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132228"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449833","reference_id":"2449833","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10093","reference_id":"RHSA-2026:10093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10094","reference_id":"RHSA-2026:10094","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10094"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10105","reference_id":"RHSA-2026:10105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10107","reference_id":"RHSA-2026:10107","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10107"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10125","reference_id":"RHSA-2026:10125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10126","reference_id":"RHSA-2026:10126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10130","reference_id":"RHSA-2026:10130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10131","reference_id":"RHSA-2026:10131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10153","reference_id":"RHSA-2026:10153","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10153"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10155","reference_id":"RHSA-2026:10155","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10158","reference_id":"RHSA-2026:10158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10172","reference_id":"RHSA-2026:10172","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10172"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10698","reference_id":"RHSA-2026:10698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10705","reference_id":"RHSA-2026:10705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10706","reference_id":"RHSA-2026:10706","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10706"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11070","reference_id":"RHSA-2026:11070","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11070"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11217","reference_id":"RHSA-2026:11217","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11330","reference_id":"RHSA-2026:11330","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11330"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11331","reference_id":"RHSA-2026:11331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11408","reference_id":"RHSA-2026:11408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11803","reference_id":"RHSA-2026:11803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11803"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11856","reference_id":"RHSA-2026:11856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11916","reference_id":"RHSA-2026:11916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11996","reference_id":"RHSA-2026:11996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12116","reference_id":"RHSA-2026:12116","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12116"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12277","reference_id":"RHSA-2026:12277","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12277"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12279","reference_id":"RHSA-2026:12279","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12279"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12337","reference_id":"RHSA-2026:12337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13548","reference_id":"RHSA-2026:13548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13791","reference_id":"RHSA-2026:13791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13829","reference_id":"RHSA-2026:13829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6174","reference_id":"RHSA-2026:6174","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6174"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6428","reference_id":"RHSA-2026:6428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6564","reference_id":"RHSA-2026:6564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6802","reference_id":"RHSA-2026:6802","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7110","reference_id":"RHSA-2026:7110","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7110"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7128","reference_id":"RHSA-2026:7128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7245","reference_id":"RHSA-2026:7245","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7245"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8151","reference_id":"RHSA-2026:8151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8338","reference_id":"RHSA-2026:8338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8433","reference_id":"RHSA-2026:8433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8449","reference_id":"RHSA-2026:8449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8449"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8484","reference_id":"RHSA-2026:8484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8490","reference_id":"RHSA-2026:8490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8491","reference_id":"RHSA-2026:8491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8493","reference_id":"RHSA-2026:8493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9388","reference_id":"RHSA-2026:9388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9440","reference_id":"RHSA-2026:9440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9448","reference_id":"RHSA-2026:9448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9453","reference_id":"RHSA-2026:9453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9453"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9872","reference_id":"RHSA-2026:9872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9872"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-33186","GHSA-p77j-4mvh-x3m3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhf1-8kyt-pbbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/354100?format=json","vulnerability_id":"VCID-nqrd-gp43-g7dw","summary":"RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution\n### Summary\nThe RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication.\n\n### Preconditions\n\nPreconditions for this vulnerability are:\n\n- The rclone remote control API **must** be enabled, either by the `--rc` flag or by running the `rclone rcd` server\n- The remote control API **must** be reachable by the attacker - by default rclone only serves the rc to localhost unless the `--rc-addr` flag is in use\n- The rc must have been deployed **without** global RC HTTP authentication - so not using `--rc-user`/`--rc-pass`/`--rc-htpasswd`/etc\n\n\n### Details\nThe root cause consists of the following pieces:\n\n1. `operations/fsinfo` is not protected with `AuthRequired: true`\n2. `operations/fsinfo` calls `rc.GetFs(...)` on attacker-controlled input\n3. `rc.GetFs(...)` supports inline backend creation through object-valued `fs`\n4. WebDAV backend initialization executes `bearer_token_command`\n\nRelevant code paths:\n\n- [`fs/operations/rc.go`](https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go)\n  - `operations/fsinfo` is registered without `AuthRequired: true`\n  - `rcFsInfo()` calls `rc.GetFs(ctx, in)`\n\n- [`fs/rc/cache.go`](https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go)\n  - `GetFs()` / `GetFsNamed()` can parse an object-valued `fs`\n  - `getConfigMap()` converts attacker-controlled JSON into a backend config string\n\n- [`backend/webdav/webdav.go`](https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go)\n  - `bearer_token_command` is a supported backend option\n  - `NewFs(...)` calls `fetchAndSetBearerToken()` when `bearer_token_command` is set\n  - `fetchBearerToken()` invokes `exec.Command(...)`\n\nThis creates a practical single-request unauthenticated command-execution primitive on reachable RC servers without global HTTP authentication.\n\nThis was alidated on:\n- current `master` as of 2026-04-14: `bf55d5e6d37fd86164a87782191f9e1ffcaafa82`\n- latest public release tested locally: `v1.73.4`\n\nThis was also validated on a public amd64 Ubuntu host controlled by the tester, using direct host execution (not containerized PoC execution).\n\n### PoC\n#### Minimal single-request form PoC\nStart a vulnerable RC server:\n\n```bash\nrclone rcd --rc-addr 127.0.0.1:5572\n```\n\nNo `--rc-user`, no `--rc-pass`, no `--rc-htpasswd`.\n\nThen send a single request:\n\n```bash\ncurl -sS -X POST http://127.0.0.1:5572/operations/fsinfo \\\n  --data-urlencode \"fs=:webdav,url='http://127.0.0.1/',vendor=other,bearer_token_command='/usr/bin/touch /tmp/rclone_fsinfo_rce_poc_marker':\"\n```\n\nExpected result:\n- HTTP 200 JSON response from `operations/fsinfo`\n- `/tmp/rclone_fsinfo_rce_poc_marker` is created on the host\n\n### Impact\nThis is effectively a single-request unauthenticated command-execution vulnerability on reachable RC deployments without global HTTP authentication.\n\nIn practice, command execution in the rclone process context can lead to higher-impact outcomes such as local file read, file write, or shell access, depending on the deployed environment.\n\n#### Testing performed\nThis was successfully reproduced:\n- on a local test environment\n- on a public amd64 Ubuntu host controlled by the tester\n\nOn the public host it was confirmed:\n\n- the unauthenticated `operations/fsinfo` exploit worked\n- command execution occurred on the host\n- the issue was reproducible through direct host execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41179.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41179.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41179","reference_id":"","reference_type":"","scores":[{"value":"0.05976","scoring_system":"epss","scoring_elements":"0.90692","published_at":"2026-04-26T12:55:00Z"},{"value":"0.09603","scoring_system":"epss","scoring_elements":"0.92904","published_at":"2026-05-05T12:55:00Z"},{"value":"0.09603","scoring_system":"epss","scoring_elements":"0.92896","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41179","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41179"},{"reference_url":"https://github.com/rclone/rclone","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rclone/rclone"},{"reference_url":"https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q","reference_id":"","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-27T13:33:03Z/"}],"url":"https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134735","reference_id":"1134735","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134735"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460988","reference_id":"2460988","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460988"},{"reference_url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go","reference_id":"cache.go","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-27T13:33:03Z/"}],"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go"},{"reference_url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go","reference_id":"rc.go","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-27T13:33:03Z/"}],"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go"},{"reference_url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go","reference_id":"webdav.go","reference_type":"","scores":[{"value":"9.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-27T13:33:03Z/"}],"url":"https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-41179","GHSA-jfwf-28xr-xw6q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqrd-gp43-g7dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64346?format=json","vulnerability_id":"VCID-pcez-y67t-8yg3","summary":"net/url: Incorrect parsing of IPv6 host literals in net/url","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25679.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25679.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25679","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08768","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09672","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09743","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09793","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09802","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09771","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0964","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09612","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.15881","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.15973","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.15853","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16017","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16013","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25679"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445356","reference_id":"2445356","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445356"},{"reference_url":"https://go.dev/cl/752180","reference_id":"752180","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/"}],"url":"https://go.dev/cl/752180"},{"reference_url":"https://go.dev/issue/77578","reference_id":"77578","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/"}],"url":"https://go.dev/issue/77578"},{"reference_url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk","reference_id":"EdhZqrQ98hk","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/"}],"url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4601","reference_id":"GO-2026-4601","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:36:26Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10065","reference_id":"RHSA-2026:10065","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10065"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10125","reference_id":"RHSA-2026:10125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10133","reference_id":"RHSA-2026:10133","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10140","reference_id":"RHSA-2026:10140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10141","reference_id":"RHSA-2026:10141","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10141"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10158","reference_id":"RHSA-2026:10158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10169","reference_id":"RHSA-2026:10169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10225","reference_id":"RHSA-2026:10225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10250","reference_id":"RHSA-2026:10250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10701","reference_id":"RHSA-2026:10701","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10701"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10712","reference_id":"RHSA-2026:10712","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10712"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10929","reference_id":"RHSA-2026:10929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11331","reference_id":"RHSA-2026:11331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11375","reference_id":"RHSA-2026:11375","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11375"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11412","reference_id":"RHSA-2026:11412","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11412"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11413","reference_id":"RHSA-2026:11413","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11413"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11686","reference_id":"RHSA-2026:11686","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11686"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11688","reference_id":"RHSA-2026:11688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11747","reference_id":"RHSA-2026:11747","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11747"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11749","reference_id":"RHSA-2026:11749","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11749"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11768","reference_id":"RHSA-2026:11768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11800","reference_id":"RHSA-2026:11800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11856","reference_id":"RHSA-2026:11856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11916","reference_id":"RHSA-2026:11916","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11996","reference_id":"RHSA-2026:11996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12028","reference_id":"RHSA-2026:12028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12029","reference_id":"RHSA-2026:12029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12029"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12030","reference_id":"RHSA-2026:12030","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12030"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12031","reference_id":"RHSA-2026:12031","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12031"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12032","reference_id":"RHSA-2026:12032","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12032"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12033","reference_id":"RHSA-2026:12033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13508","reference_id":"RHSA-2026:13508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13512","reference_id":"RHSA-2026:13512","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13512"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13642","reference_id":"RHSA-2026:13642","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13642"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13643","reference_id":"RHSA-2026:13643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13671","reference_id":"RHSA-2026:13671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5110","reference_id":"RHSA-2026:5110","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5110"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5549","reference_id":"RHSA-2026:5549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5941","reference_id":"RHSA-2026:5941","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5941"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5942","reference_id":"RHSA-2026:5942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5943","reference_id":"RHSA-2026:5943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5944","reference_id":"RHSA-2026:5944","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5944"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6341","reference_id":"RHSA-2026:6341","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6341"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6344","reference_id":"RHSA-2026:6344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6382","reference_id":"RHSA-2026:6382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6383","reference_id":"RHSA-2026:6383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6388","reference_id":"RHSA-2026:6388","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6388"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6564","reference_id":"RHSA-2026:6564","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6564"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6720","reference_id":"RHSA-2026:6720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6802","reference_id":"RHSA-2026:6802","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6949","reference_id":"RHSA-2026:6949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7005","reference_id":"RHSA-2026:7005","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7005"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7009","reference_id":"RHSA-2026:7009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7011","reference_id":"RHSA-2026:7011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7259","reference_id":"RHSA-2026:7259","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7315","reference_id":"RHSA-2026:7315","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7328","reference_id":"RHSA-2026:7328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7665","reference_id":"RHSA-2026:7665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7669","reference_id":"RHSA-2026:7669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7674","reference_id":"RHSA-2026:7674","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7674"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7833","reference_id":"RHSA-2026:7833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7834","reference_id":"RHSA-2026:7834","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7834"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7876","reference_id":"RHSA-2026:7876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7877","reference_id":"RHSA-2026:7877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7878","reference_id":"RHSA-2026:7878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7879","reference_id":"RHSA-2026:7879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7883","reference_id":"RHSA-2026:7883","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7883"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7992","reference_id":"RHSA-2026:7992","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7992"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8151","reference_id":"RHSA-2026:8151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8167","reference_id":"RHSA-2026:8167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8314","reference_id":"RHSA-2026:8314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8322","reference_id":"RHSA-2026:8322","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8322"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8324","reference_id":"RHSA-2026:8324","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8337","reference_id":"RHSA-2026:8337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8338","reference_id":"RHSA-2026:8338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8433","reference_id":"RHSA-2026:8433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8434","reference_id":"RHSA-2026:8434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8456","reference_id":"RHSA-2026:8456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8483","reference_id":"RHSA-2026:8483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8484","reference_id":"RHSA-2026:8484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8490","reference_id":"RHSA-2026:8490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8491","reference_id":"RHSA-2026:8491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8493","reference_id":"RHSA-2026:8493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8840","reference_id":"RHSA-2026:8840","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8840"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8841","reference_id":"RHSA-2026:8841","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8841"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8842","reference_id":"RHSA-2026:8842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8845","reference_id":"RHSA-2026:8845","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8847","reference_id":"RHSA-2026:8847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8848","reference_id":"RHSA-2026:8848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8849","reference_id":"RHSA-2026:8849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8851","reference_id":"RHSA-2026:8851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8852","reference_id":"RHSA-2026:8852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8853","reference_id":"RHSA-2026:8853","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8855","reference_id":"RHSA-2026:8855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8856","reference_id":"RHSA-2026:8856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8860","reference_id":"RHSA-2026:8860","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8877","reference_id":"RHSA-2026:8877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8878","reference_id":"RHSA-2026:8878","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8879","reference_id":"RHSA-2026:8879","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8881","reference_id":"RHSA-2026:8881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8882","reference_id":"RHSA-2026:8882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8930","reference_id":"RHSA-2026:8930","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8930"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8931","reference_id":"RHSA-2026:8931","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8931"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8949","reference_id":"RHSA-2026:8949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9043","reference_id":"RHSA-2026:9043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9043"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9044","reference_id":"RHSA-2026:9044","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9044"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9052","reference_id":"RHSA-2026:9052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9090","reference_id":"RHSA-2026:9090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9093","reference_id":"RHSA-2026:9093","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9093"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9094","reference_id":"RHSA-2026:9094","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9094"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9097","reference_id":"RHSA-2026:9097","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9098","reference_id":"RHSA-2026:9098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9108","reference_id":"RHSA-2026:9108","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9108"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9109","reference_id":"RHSA-2026:9109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9434","reference_id":"RHSA-2026:9434","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9434"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9435","reference_id":"RHSA-2026:9435","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9435"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9436","reference_id":"RHSA-2026:9436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9439","reference_id":"RHSA-2026:9439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9440","reference_id":"RHSA-2026:9440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9448","reference_id":"RHSA-2026:9448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9453","reference_id":"RHSA-2026:9453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9453"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9461","reference_id":"RHSA-2026:9461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9695","reference_id":"RHSA-2026:9695","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9695"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9742","reference_id":"RHSA-2026:9742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9742"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9872","reference_id":"RHSA-2026:9872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9872"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-25679"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcez-y67t-8yg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350580?format=json","vulnerability_id":"VCID-s176-xcrb-e3ea","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27143.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27143","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0442","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04649","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04594","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04628","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04653","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04556","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06628","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0062","published_at":"2026-04-13T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00618","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00622","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00623","published_at":"2026-04-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00629","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:50:24Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456342","reference_id":"2456342","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456342"},{"reference_url":"https://go.dev/cl/763765","reference_id":"763765","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:50:24Z/"}],"url":"https://go.dev/cl/763765"},{"reference_url":"https://go.dev/issue/78333","reference_id":"78333","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:50:24Z/"}],"url":"https://go.dev/issue/78333"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4868","reference_id":"GO-2026-4868","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:50:24Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11688","reference_id":"RHSA-2026:11688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11688"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-27143"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s176-xcrb-e3ea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350599?format=json","vulnerability_id":"VCID-svbs-h3y5-wfbn","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32289.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32289.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32289","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.0112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01194","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.012","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01193","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.014","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01412","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01414","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01407","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02621","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32289"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:22Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456334","reference_id":"2456334","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456334"},{"reference_url":"https://go.dev/cl/763762","reference_id":"763762","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:22Z/"}],"url":"https://go.dev/cl/763762"},{"reference_url":"https://go.dev/issue/78331","reference_id":"78331","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:22Z/"}],"url":"https://go.dev/issue/78331"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4865","reference_id":"GO-2026-4865","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:48:22Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4865"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-32289"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svbs-h3y5-wfbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350581?format=json","vulnerability_id":"VCID-t19m-gs1u-rbfp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27144.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27144.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27144","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00294","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00308","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00312","published_at":"2026-04-26T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00314","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00313","published_at":"2026-04-21T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00307","published_at":"2026-05-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00687","published_at":"2026-04-08T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00679","published_at":"2026-04-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00672","published_at":"2026-04-13T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00693","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27144"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:49:47Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456340","reference_id":"2456340","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456340"},{"reference_url":"https://go.dev/cl/763764","reference_id":"763764","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:49:47Z/"}],"url":"https://go.dev/cl/763764"},{"reference_url":"https://go.dev/issue/78371","reference_id":"78371","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:49:47Z/"}],"url":"https://go.dev/issue/78371"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4867","reference_id":"GO-2026-4867","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:49:47Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11688","reference_id":"RHSA-2026:11688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11688"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-27144"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t19m-gs1u-rbfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350594?format=json","vulnerability_id":"VCID-tf52-aa91-4kf3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32280.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32280.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32280","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0343","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03529","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03484","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03455","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04468","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04406","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04427","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04467","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04261","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04387","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05503","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0045","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456339","reference_id":"2456339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11688","reference_id":"RHSA-2026:11688","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-32280"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tf52-aa91-4kf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350596?format=json","vulnerability_id":"VCID-tmb1-tq9e-puhd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32282.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32282","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01073","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01072","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01057","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01052","published_at":"2026-04-13T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00778","published_at":"2026-04-16T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00766","published_at":"2026-04-18T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00807","published_at":"2026-04-29T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00812","published_at":"2026-05-05T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00811","published_at":"2026-04-24T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.0081","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:47:42Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456336","reference_id":"2456336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456336"},{"reference_url":"https://go.dev/cl/763761","reference_id":"763761","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:47:42Z/"}],"url":"https://go.dev/cl/763761"},{"reference_url":"https://go.dev/issue/78293","reference_id":"78293","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:47:42Z/"}],"url":"https://go.dev/issue/78293"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4864","reference_id":"GO-2026-4864","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-13T17:47:42Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11408","reference_id":"RHSA-2026:11408","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11803","reference_id":"RHSA-2026:11803","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11803"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13826","reference_id":"RHSA-2026:13826","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13826"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-32282"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmb1-tq9e-puhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350597?format=json","vulnerability_id":"VCID-vw1r-8zev-ykf4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32283","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03145","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.043","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0428","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04261","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04249","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05594","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00479","published_at":"2026-04-08T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00477","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00474","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00476","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU","reference_id":"0uYbvbPZRWU","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:46Z/"}],"url":"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"},{"reference_url":"https://go.dev/cl/763767","reference_id":"763767","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:46Z/"}],"url":"https://go.dev/cl/763767"},{"reference_url":"https://go.dev/issue/78334","reference_id":"78334","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:46Z/"}],"url":"https://go.dev/issue/78334"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4870","reference_id":"GO-2026-4870","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-13T17:51:46Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4870"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-32283"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vw1r-8zev-ykf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64347?format=json","vulnerability_id":"VCID-x5ub-bfb7-nbbr","summary":"crypto/x509: Incorrect enforcement of email constraints in crypto/x509","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27137.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27137.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27137","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.017","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01692","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02177","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02198","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0216","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02132","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02145","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0223","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03157","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03112","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03116","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03123","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27137"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445345","reference_id":"2445345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445345"},{"reference_url":"https://go.dev/cl/752182","reference_id":"752182","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/"}],"url":"https://go.dev/cl/752182"},{"reference_url":"https://go.dev/issue/77952","reference_id":"77952","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/"}],"url":"https://go.dev/issue/77952"},{"reference_url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk","reference_id":"EdhZqrQ98hk","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/"}],"url":"https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4599","reference_id":"GO-2026-4599","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T13:32:09Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10125","reference_id":"RHSA-2026:10125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10158","reference_id":"RHSA-2026:10158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10169","reference_id":"RHSA-2026:10169","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10225","reference_id":"RHSA-2026:10225","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10250","reference_id":"RHSA-2026:10250","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10929","reference_id":"RHSA-2026:10929","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11331","reference_id":"RHSA-2026:11331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:11800","reference_id":"RHSA-2026:11800","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:11800"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13545","reference_id":"RHSA-2026:13545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5110","reference_id":"RHSA-2026:5110","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5110"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5549","reference_id":"RHSA-2026:5549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8151","reference_id":"RHSA-2026:8151","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8151"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8167","reference_id":"RHSA-2026:8167","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8337","reference_id":"RHSA-2026:8337","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8338","reference_id":"RHSA-2026:8338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8842","reference_id":"RHSA-2026:8842","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9052","reference_id":"RHSA-2026:9052","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9052"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9385","reference_id":"RHSA-2026:9385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9697","reference_id":"RHSA-2026:9697","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9697"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9698","reference_id":"RHSA-2026:9698","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9698"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9699","reference_id":"RHSA-2026:9699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9699"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:9872","reference_id":"RHSA-2026:9872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:9872"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-27137"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5ub-bfb7-nbbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23508?format=json","vulnerability_id":"VCID-yj5c-4wbb-gbcx","summary":"Go Images vulnerable to an out-of-memory error via a crafted TIFF file\nA maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33809.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33809","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01533","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01944","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01891","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01594","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01909","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10663","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10527","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1066","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10673","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10641","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10616","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10483","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10602","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33809"},{"reference_url":"https://cs.opensource.google/go/x/image","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cs.opensource.google/go/x/image"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33809","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33809"},{"reference_url":"https://go.dev/cl/757660","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:05:32Z/"}],"url":"https://go.dev/cl/757660"},{"reference_url":"https://go.dev/issue/78267","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:05:32Z/"}],"url":"https://go.dev/issue/78267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33809","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33809"},{"reference_url":"https://pkg.go.dev/vuln/GO-2026-4815","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-25T20:05:32Z/"}],"url":"https://pkg.go.dev/vuln/GO-2026-4815"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451437","reference_id":"2451437","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451437"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081598?format=json","purl":"pkg:apk/alpine/rclone@1.73.5-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}],"aliases":["CVE-2026-33809","GHSA-44p7-9xx4-hf2g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yj5c-4wbb-gbcx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/rclone@1.73.5-r0%3Farch=x86_64&distroversion=edge&reponame=community"}