Search criteria

230 vulnerabilities

CVE-2026-44935 (GCVE-0-2026-44935)

Vulnerability from cvelistv5 – Published: 2026-07-02 16:00 – Updated: 2026-07-03 03:56
VLAI?
Title
Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer
Summary
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
CWE
  • CWE-1287 - Improper validation of specified type of input
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 0.15.0 , < 0.15.2 (semver)
Affected: 0.14.0 , < 0.14.6 (semver)
Affected: 0.13.0 , < 0.13.11 (semver)
Affected: 0.12.0 , < 0.12.15 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-03T03:56:15.397Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Fleett",
          "product": "Rancher",
          "repo": "https://github.com/rancher/fleet/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.15.2",
              "status": "affected",
              "version": "0.15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.14.6",
              "status": "affected",
              "version": "0.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.13.11",
              "status": "affected",
              "version": "0.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.12.15",
              "status": "affected",
              "version": "0.12.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-05-28T15:26:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cbr\u003eMissing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.\u003c/div\u003e"
            }
          ],
          "value": "Missing validation of \"valuesFrom\" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1287",
              "description": "CWE-1287 Improper validation of specified type of input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T16:01:11.745Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/fleet/security/advisories/GHSA-xr65-5cpm-g36x"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44935",
    "datePublished": "2026-07-02T16:00:06.751Z",
    "dateReserved": "2026-05-08T12:29:48.967Z",
    "dateUpdated": "2026-07-03T03:56:15.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44941 (GCVE-0-2026-44941)

Vulnerability from cvelistv5 – Published: 2026-07-02 15:19 – Updated: 2026-07-03 03:56
VLAI?
Title
libzypp path traversal via "keyhint" in repomd.xml
Summary
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
CWE
  • CWE-23 - Relative path traversal
Assigner
Impacted products
Vendor Product Version
SUSE libzypp Affected: 0 , < 17.38.12 (rpm)
Create a notification for this product.
Credits
Trung Nguyen <trungnh@cystack.net>
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44941",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-03T03:56:13.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1267426"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "libzypp",
          "product": "libzypp",
          "repo": "https://github.com/openSUSE/libzypp/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "17.38.12",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Trung Nguyen \u003ctrungnh@cystack.net\u003e"
        }
      ],
      "datePublic": "2026-06-05T15:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A relative path traversal in the \"keyhint\" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root."
            }
          ],
          "value": "A relative path traversal in the \"keyhint\" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative path traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T15:19:05.302Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1267426"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openSUSE/libzypp/commit/294b1bad442d089ca671c5c03adc8031e3b29e04"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "libzypp path traversal via \"keyhint\" in repomd.xml",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44941",
    "datePublished": "2026-07-02T15:19:05.302Z",
    "dateReserved": "2026-05-08T12:29:48.968Z",
    "dateUpdated": "2026-07-03T03:56:13.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-56004 (GCVE-0-2026-56004)

Vulnerability from cvelistv5 – Published: 2026-07-02 14:54 – Updated: 2026-07-02 16:11
VLAI?
Title
obs-service-tar_scm: command injection via mercurial handler
Summary
A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services
CWE
  • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
Impacted products
Vendor Product Version
openSUSE buildservice Affected: 0 , < 0.12.4 (rpm)
Create a notification for this product.
Credits
Maxime Rinaudo of Fenrisk (www.fenrisk.com <http://www.fenrisk.com>)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-02T16:11:22.259324Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T16:11:28.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "obs-service-tar_scm",
          "product": "buildservice",
          "repo": "https://github.com/openSUSE/obs-service-tar_scm",
          "vendor": "openSUSE",
          "versions": [
            {
              "lessThan": "0.12.4",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Maxime Rinaudo of Fenrisk (www.fenrisk.com \u003chttp://www.fenrisk.com\u003e)"
        }
      ],
      "datePublic": "2026-07-01T13:04:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services"
            }
          ],
          "value": "A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service or the local user checking out the malicious services"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-02T15:21:08.665Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openSUSE/obs-service-tar_scm/pull/552/changes/bcf29d318c671c45fe87dd9f995a4a0c78ecedd7"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "obs-service-tar_scm: command injection via mercurial handler",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-56004",
    "datePublished": "2026-07-02T14:54:02.119Z",
    "dateReserved": "2026-06-18T09:26:55.988Z",
    "dateUpdated": "2026-07-02T16:11:28.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44948 (GCVE-0-2026-44948)

Vulnerability from cvelistv5 – Published: 2026-06-30 15:12 – Updated: 2026-06-30 16:00
VLAI?
Title
Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler
Summary
A path traversal vulnerability was found in Fleet's ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service.
CWE
  • CWE-23 - Relative path traversal
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 0.12.0 , < 0.12.16 (semver)
Affected: 0.13.0 , < 0.13.12 (semver)
Affected: 0.14.0 , < 0.14.7 (semver)
Affected: 0.15.0 , < 0.15.3 (semver)
Create a notification for this product.
Credits
Sergey Kanibor
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44948",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-30T15:59:49.142430Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T16:00:33.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Fleet",
          "product": "Rancher",
          "repo": "https://github.com/rancher/fleet/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.12.16",
              "status": "affected",
              "version": "0.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.13.12",
              "status": "affected",
              "version": "0.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.14.7",
              "status": "affected",
              "version": "0.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.15.3",
              "status": "affected",
              "version": "0.15.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sergey Kanibor"
        }
      ],
      "datePublic": "2026-06-29T15:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A path traversal vulnerability was found in Fleet\u0027s ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service."
            }
          ],
          "value": "A path traversal vulnerability was found in Fleet\u0027s ImageScan subsystem in Rancher Fleet 0.12.0 up to 0.12.16, 0.13.0 up to 0.13.12, 0.14.0 up to 0.14.7 and 0.15.0 up to 0.15.3 could be used to traverse outside of the intended directory, causing a denial of service."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative path traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T15:12:17.346Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/fleet/security/advisories/GHSA-c45g-6c2c-rj3p"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Path Traversal in Rancher Fleet ImageScan GitRepo Path Handler",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44948",
    "datePublished": "2026-06-30T15:12:17.346Z",
    "dateReserved": "2026-05-08T12:29:48.969Z",
    "dateUpdated": "2026-06-30T16:00:33.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44949 (GCVE-0-2026-44949)

Vulnerability from cvelistv5 – Published: 2026-06-30 14:41 – Updated: 2026-06-30 15:10
VLAI?
Title
Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook
Summary
A Rancher FleetWorkspace admission path allowed side effects to occur in the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to the in-cluster rancher-webhook service could submit a crafted admission payload and cause workspace-related Kubernetes objects to be created with attacker-chosen identity data.
CWE
  • CWE-306 - Missing authentication for critical function
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 0.7.0 , < 0.7.10 (semver)
Affected: 0.8.0 , < 0.8.7 (semver)
Affected: 0.9.0 , < 0.9.6 (semver)
Affected: 0.10.0 , < 0.10.7 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-30T15:10:07.132296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T15:10:17.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Webhook",
          "product": "Rancher",
          "repo": "https://github.com/rancher/webhook/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.7.10",
              "status": "affected",
              "version": "0.7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.8.7",
              "status": "affected",
              "version": "0.8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.9.6",
              "status": "affected",
              "version": "0.9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.10.7",
              "status": "affected",
              "version": "0.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-06-29T14:27:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster \u003ccode\u003erancher-webhook\u003c/code\u003e service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data."
            }
          ],
          "value": "A Rancher FleetWorkspace admission path allowed side effects to occur in\n the Rancher webhook handler for versions 0.7.0 up to 0.7.10, 0.8.0 up to 0.8.7, 0.9.0 up to 0.9.6 and 0.10.0 up to 0.10.7. An unauthenticated attacker with network access to\n the in-cluster rancher-webhook service\n could submit a crafted admission payload and cause workspace-related \nKubernetes objects to be created with attacker-chosen identity data."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing authentication for critical function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T14:41:34.007Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/webhook/security/advisories/GHSA-h83p-cq95-vph4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated namespace creation and RBAC injection via rancher-webhook FleetWorkspace mutating webhook",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44949",
    "datePublished": "2026-06-30T14:41:34.007Z",
    "dateReserved": "2026-05-08T12:29:48.969Z",
    "dateUpdated": "2026-06-30T15:10:17.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44947 (GCVE-0-2026-44947)

Vulnerability from cvelistv5 – Published: 2026-06-30 14:21 – Updated: 2026-06-30 15:03
VLAI?
Title
Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher
Summary
A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.
CWE
  • CWE-281 - Improper preservation of permissions
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 2.13.0 , < 2.13.7 (semver)
Affected: 2.14.0 , < 2.14.3 (semver)
Create a notification for this product.
Credits
Isaac David
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44947",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-30T15:03:37.236401Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T15:03:44.276Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Rancher",
          "product": "Rancher",
          "repo": "https://github.com/rancher/rancher/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.13.7",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.14.3",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Isaac David"
        }
      ],
      "datePublic": "2026-06-29T14:20:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."
            }
          ],
          "value": "A missing clean-up in the legacy Project Role Template Binding (PRTB) \nreconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security \nAdmission (PSA) permissions after an administrator removes those \npermissions from a RoleTemplate."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281 Improper preservation of permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T14:21:01.291Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-c4rp-wgqc-mfhc"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44947",
    "datePublished": "2026-06-30T14:21:01.291Z",
    "dateReserved": "2026-05-08T12:29:48.969Z",
    "dateUpdated": "2026-06-30T15:03:44.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44946 (GCVE-0-2026-44946)

Vulnerability from cvelistv5 – Published: 2026-06-30 12:14 – Updated: 2026-07-01 03:55
VLAI?
Title
SAML Authentication Replay in Rancher
Summary
A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,
CWE
  • CWE-294 - Authentication bypass by capture-replay
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 2.14.0 , < 2.14.3 (semver)
Affected: 2.13.0 , < 2.13.7 (semver)
Affected: 2.12.0 , < 2.12.11 (semver)
Affected: 2.11.0 , < 2.11.15 (semver)
Create a notification for this product.
Credits
Corban Villa corban.villa@berkeley.edu of a U.C. Berkeley security research project by: Austin Chu, Sohee Kim, and Corban Villa
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-30T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T03:55:46.881Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Rancher",
          "product": "Rancher",
          "repo": "https://github.com/rancher/rancher/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.14.3",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.7",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.11",
              "status": "affected",
              "version": "2.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.11.15",
              "status": "affected",
              "version": "2.11.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Corban Villa corban.villa@berkeley.edu of a U.C. Berkeley security research project by: Austin Chu, Sohee Kim, and Corban Villa"
        }
      ],
      "datePublic": "2026-06-29T12:07:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A SAML authentication replay vulnerability in Rancher\u0027s Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,\u0026nbsp; \u0026nbsp;"
            }
          ],
          "value": "A SAML authentication replay vulnerability in Rancher\u0027s Assertion\n Consumer Service (ACS) handler did not enforce \none-time use of SAML assertion, potentially allowing person in the middle attacks against Rancher, affecting Rancher 2.14.0 before 2.14.3,"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.5,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-294",
              "description": "CWE-294 Authentication bypass by capture-replay",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T12:14:54.269Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-c5jm-xcmq-9j95"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SAML Authentication Replay in Rancher",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44946",
    "datePublished": "2026-06-30T12:14:54.269Z",
    "dateReserved": "2026-05-08T12:29:48.969Z",
    "dateUpdated": "2026-07-01T03:55:46.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41053 (GCVE-0-2026-41053)

Vulnerability from cvelistv5 – Published: 2026-06-30 11:38 – Updated: 2026-07-01 03:55
VLAI?
Title
Over-inclusive team membership expansion in GitHub App authentication provider for Rancher
Summary
Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.
CWE
  • CWE-303 - Incorrect implementation of authentication algorithm
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 2.14.0 , < 2.14.2 (semver)
Affected: 2.13.0 , < 2.13.6 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41053",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-30T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T03:55:47.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "github auth provider"
          ],
          "packageName": "Rancher",
          "product": "Rancher",
          "repo": "https://github.com/rancher/rancher/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.14.2",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.6",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-05-28T11:31:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2."
            }
          ],
          "value": "Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303 Incorrect implementation of authentication algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T11:38:25.060Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-4j6x-2764-m8gh"
        }
      ],
      "source": {
        "defect": [
          "secsys_codex@163.com"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Over-inclusive team membership expansion in GitHub App authentication provider for Rancher",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41053",
    "datePublished": "2026-06-30T11:38:25.060Z",
    "dateReserved": "2026-04-16T13:37:50.680Z",
    "dateUpdated": "2026-07-01T03:55:47.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41052 (GCVE-0-2026-41052)

Vulnerability from cvelistv5 – Published: 2026-06-29 15:41 – Updated: 2026-06-30 03:55
VLAI?
Title
Rancher Privilege Escalation from Project Owner to Host
Summary
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
CWE
  • CWE-305 - Authentication bypass by primary weakness
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 2.12.0 , < 2.12.10 (semver)
Affected: 2.13.0 , < 2.13.6 (semver)
Affected: 2.14.0 , < 2.14.2 (semver)
Create a notification for this product.
Credits
Radtke Benedikt <Radtke@iabg.de> - github.com/Trolldemorted and Munier Marc <Munier@iabg.de> - github.com/mmunier
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:55:34.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Rancher",
          "product": "Rancher",
          "repo": "https://github.com/rancher/rancher/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.12.10",
              "status": "affected",
              "version": "2.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.6",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.14.2",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Radtke Benedikt \u003cRadtke@iabg.de\u003e - github.com/Trolldemorted and Munier Marc \u003cMunier@iabg.de\u003e - github.com/mmunier"
        }
      ],
      "datePublic": "2026-05-28T11:14:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper privilege handling could be used by users with\u0026nbsp;Project Owner role to escalate privileges, in Rancher versions\u0026nbsp;2.14 before 2.14.2,\u0026nbsp;2.13 before 2.13.6, and\u0026nbsp;2.12 before 2.12.10."
            }
          ],
          "value": "Improper privilege handling could be used by users with\u00a0Project Owner role to escalate privileges, in Rancher versions\u00a02.14 before 2.14.2,\u00a02.13 before 2.13.6, and\u00a02.12 before 2.12.10."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication bypass by primary weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T15:41:56.394Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-vx8h-4prv-g744"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rancher Privilege Escalation from Project Owner to Host",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41052",
    "datePublished": "2026-06-29T15:41:56.394Z",
    "dateReserved": "2026-04-16T13:37:50.680Z",
    "dateUpdated": "2026-06-30T03:55:34.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25707 (GCVE-0-2026-25707)

Vulnerability from cvelistv5 – Published: 2026-06-29 10:04 – Updated: 2026-06-30 03:55
VLAI?
Title
Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp
Summary
A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation.
CWE
  • CWE-23 - Relative path traversal
Assigner
Impacted products
Vendor Product Version
SUSE libzypp Affected: 0 , < 17.38.10 (rpm)
Create a notification for this product.
Credits
Michael Andres of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25707",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:55:33.471Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "libzypp",
          "product": "libzypp",
          "repo": "https://github.com/openSUSE/libzypp",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "17.38.10",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Michael Andres of SUSE"
        }
      ],
      "datePublic": "2026-05-28T09:56:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation."
            }
          ],
          "value": "A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative path traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T10:04:59.223Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1259802"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openSUSE/libzypp/commit/f09feda7fca03c941218aab0bb161cc82b185b6b"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-25707",
    "datePublished": "2026-06-29T10:04:59.223Z",
    "dateReserved": "2026-02-05T15:37:24.184Z",
    "dateUpdated": "2026-06-30T03:55:33.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41049 (GCVE-0-2026-41049)

Vulnerability from cvelistv5 – Published: 2026-06-22 15:32 – Updated: 2026-06-22 16:25
VLAI?
Title
Caching of Authentication allows Authentication Bypass between users in qSnapper
Summary
Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.
CWE
  • CWE-303 - Incorrect implementation of authentication algorithm
Assigner
Impacted products
Vendor Product Version
presire qSnapper Affected: 1.2.1 , < 1.3.3 (semver)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41049",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T16:25:21.586546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T16:25:30.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "qsnapper",
          "product": "qSnapper",
          "repo": "https://github.com/presire/qSnapper",
          "vendor": "presire",
          "versions": [
            {
              "lessThan": "1.3.3",
              "status": "affected",
              "version": "1.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "datePublic": "2026-05-26T15:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect caching of authentication between different users of the\u0026nbsp; qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them."
            }
          ],
          "value": "Incorrect caching of authentication between different users of the\u00a0 qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303 Incorrect implementation of authentication algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T15:32:59.192Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1262218"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Caching of Authentication allows Authentication Bypass between users in qSnapper",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41049",
    "datePublished": "2026-06-22T15:32:59.192Z",
    "dateReserved": "2026-04-16T13:37:50.679Z",
    "dateUpdated": "2026-06-22T16:25:30.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41048 (GCVE-0-2026-41048)

Vulnerability from cvelistv5 – Published: 2026-06-22 15:31 – Updated: 2026-06-22 16:24
VLAI?
Title
Caching of Authentication allows Authentication Bypass in qSnapper
Summary
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".
CWE
  • CWE-303 - Incorrect implementation of authentication algorithm
Assigner
Impacted products
Vendor Product Version
presire qSnapper Affected: 1.2.1 , < 1.3.3 (semver)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41048",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T16:24:42.461147Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T16:24:59.414Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "qsnapper",
          "product": "qSnapper",
          "repo": "https://github.com/presire/qSnapper",
          "vendor": "presire",
          "versions": [
            {
              "lessThan": "1.3.3",
              "status": "affected",
              "version": "1.2.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "datePublic": "2026-05-26T15:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like \"restore from snapshot\" even if only allowed to do \"delete snapshot\"."
            }
          ],
          "value": "Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like \"restore from snapshot\" even if only allowed to do \"delete snapshot\"."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-303",
              "description": "CWE-303 Incorrect implementation of authentication algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T15:31:14.606Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1262218"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Caching of Authentication allows Authentication Bypass in qSnapper",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41048",
    "datePublished": "2026-06-22T15:31:14.606Z",
    "dateReserved": "2026-04-16T13:37:50.679Z",
    "dateUpdated": "2026-06-22T16:24:59.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41047 (GCVE-0-2026-41047)

Vulnerability from cvelistv5 – Published: 2026-06-22 15:25 – Updated: 2026-06-22 16:24
VLAI?
Title
Information leak via “diff” methods in qSnapper
Summary
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
CWE
  • CWE-306 - Missing authentication for critical function
Assigner
Impacted products
Vendor Product Version
presire qSnapper Affected: 0 , < 1.3.3 (semver)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T16:24:13.803772Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T16:24:23.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "qsnapper",
          "product": "qSnapper",
          "repo": "https://github.com/presire/qSnapper",
          "vendor": "presire",
          "versions": [
            {
              "lessThan": "1.3.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "datePublic": "2026-05-26T15:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Lack of authentication when using the \"snapshot diff\" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information."
            }
          ],
          "value": "Lack of authentication when using the \"snapshot diff\" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-54",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-54 Query System for Information"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing authentication for critical function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T15:25:12.478Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-info-leak"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1261890"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Information leak via \u201cdiff\u201d methods in qSnapper",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41047",
    "datePublished": "2026-06-22T15:25:12.478Z",
    "dateReserved": "2026-04-16T13:37:50.679Z",
    "dateUpdated": "2026-06-22T16:24:23.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41046 (GCVE-0-2026-41046)

Vulnerability from cvelistv5 – Published: 2026-06-22 15:20 – Updated: 2026-06-22 16:23
VLAI?
Title
path traversal via `config` parameter in qSnapper
Summary
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
CWE
  • CWE-23 - Relative path traversal
Assigner
Impacted products
Vendor Product Version
presire qSnapper Affected: 0 , < 1.3.3 (semver)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41046",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T16:23:42.492038Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T16:23:53.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "qsnapper",
          "product": "qSnapper",
          "repo": "https://github.com/presire/qSnapper",
          "vendor": "presire",
          "versions": [
            {
              "lessThan": "1.3.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "datePublic": "2026-05-26T15:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A path traversal attack when using a \"configName\" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root."
            }
          ],
          "value": "A path traversal attack when using a \"configName\" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-17",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-17 Using Malicious Files"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23 Relative path traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T15:20:30.872Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-path-traversal"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1261889"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "path traversal via `config` parameter in qSnapper",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41046",
    "datePublished": "2026-06-22T15:20:30.872Z",
    "dateReserved": "2026-04-16T13:37:50.679Z",
    "dateUpdated": "2026-06-22T16:23:53.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41045 (GCVE-0-2026-41045)

Vulnerability from cvelistv5 – Published: 2026-06-22 15:16 – Updated: 2026-06-22 16:23
VLAI?
Title
Weak polkit authentication check in qSnapper
Summary
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.
CWE
  • CWE-367 - Time-of-check time-of-use (TOCTOU) race condition
Assigner
Impacted products
Vendor Product Version
presire qSnapper Affected: 0 , < 1.3.3 (semver)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41045",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T16:23:09.435199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T16:23:19.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "qsnapper",
          "product": "qSnapper",
          "repo": "https://github.com/presire/qSnapper",
          "vendor": "presire",
          "versions": [
            {
              "lessThan": "1.3.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "datePublic": "2026-05-26T15:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user."
            }
          ],
          "value": "A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367 Time-of-check time-of-use (TOCTOU) race condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T15:16:37.631Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-polkit-bypass"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/presire/qSnapper/releases/tag/v1.3.3"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1261795"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Weak polkit authentication check in qSnapper",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41045",
    "datePublished": "2026-06-22T15:16:37.631Z",
    "dateReserved": "2026-04-16T13:37:50.679Z",
    "dateUpdated": "2026-06-22T16:23:19.149Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44939 (GCVE-0-2026-44939)

Vulnerability from cvelistv5 – Published: 2026-06-19 12:13 – Updated: 2026-06-24 03:56
VLAI?
Title
Command injection through unsanitized YAML parameter in Rancher
Summary
A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers.
CWE
  • CWE-95 - Improper neutralization of directives in dynamically evaluated code ('eval injection')
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 2.14.0 , < 2.14.2 (semver)
Affected: 2.13.0 , < 2.13.6 (semver)
Affected: 2.12.0 , < 2.12.10 (semver)
Affected: 2.11.0 , < 2.11.14 (semver)
Affected: 2.10.0 , < 2.10.12 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44939",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-24T03:56:15.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Rancher",
          "product": "Rancher",
          "repo": "https://github.com/rancher/rancher/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.14.2",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.6",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.10",
              "status": "affected",
              "version": "2.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.11.14",
              "status": "affected",
              "version": "2.11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.10.12",
              "status": "affected",
              "version": "2.10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-05-27T16:36:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint  \u003ccode\u003e/v3/import/{token}_{clusterId}.yaml\u003c/code\u003e through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."
            }
          ],
          "value": "A command injection vulnerability in the Rancher Manager cluster before 2.14.2 import endpoint  /v3/import/{token}_{clusterId}.yaml through unsanitized YAML parameters could allow remote attackers to break out of an image, and execute e.g. malicious containers."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-95",
              "description": "CWE-95 Improper neutralization of directives in dynamically evaluated code (\u0027eval injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T12:13:39.936Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-mhc6-2gfq-xx62"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Command injection through unsanitized YAML parameter in Rancher",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44939",
    "datePublished": "2026-06-19T12:13:39.936Z",
    "dateReserved": "2026-05-08T12:29:48.967Z",
    "dateUpdated": "2026-06-24T03:56:15.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44942 (GCVE-0-2026-44942)

Vulnerability from cvelistv5 – Published: 2026-06-18 09:57 – Updated: 2026-06-18 12:09
VLAI?
Title
libzypp .repo files can have an optional path which can lead to path traversal attacks
Summary
A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content.
CWE
  • CWE-24 - Path traversal: '../filedir'
Assigner
Impacted products
Vendor Product Version
SUSE libzypp Affected: 17.0.0 , < 17.38.13 (semver)
Affected: 0 , < 16.22.19 (semver)
Create a notification for this product.
Credits
Michael Andres
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T12:05:47.827082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T12:09:37.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "repo parsing"
          ],
          "packageName": "libzypp",
          "product": "libzypp",
          "repo": "https://github.com/opensuse/libzypp",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "17.38.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.22.19",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Michael Andres"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."
            }
          ],
          "value": "A path traversal in handling the \"path\" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24 Path traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T09:57:12.821Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1267874"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.suse.com/security/cve/CVE-2026-44942.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "libzypp .repo files can have an optional path which can lead to path traversal attacks",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44942",
    "datePublished": "2026-06-18T09:57:12.821Z",
    "dateReserved": "2026-05-08T12:29:48.968Z",
    "dateUpdated": "2026-06-18T12:09:37.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-71261 (GCVE-0-2025-71261)

Vulnerability from cvelistv5 – Published: 2026-06-16 15:42 – Updated: 2026-06-16 17:52
VLAI?
Title
Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS
Summary
An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.
CWE
Assigner
References
Impacted products
Vendor Product Version
SUSE Harvester Affected: 0 , < 1.8 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-71261",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-16T17:52:23.783748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-16T17:52:30.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "SUSE Virtualization (Harvester) Rancher integration mechanism"
          ],
          "packageName": "Harvester",
          "product": "Harvester",
          "repo": "https://github.com/harvester/harvester/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-06-16T15:38:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker with network-level access between the SUSE Virtualization \nand Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it \nto bypass TLS as a security control."
            }
          ],
          "value": "An attacker with network-level access between the SUSE Virtualization \nand Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it \nto bypass TLS as a security control."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-94",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-94 Adversary in the Middle (AiTM)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T15:42:32.446Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/harvester/harvester/security/advisories/GHSA-pgh9-mpwc-8jjf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Harvester\u0027s SUSE Virtualization Registration Client Vulnerable to MITM and DOS",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2025-71261",
    "datePublished": "2026-06-16T15:42:32.446Z",
    "dateReserved": "2026-03-03T12:54:04.008Z",
    "dateUpdated": "2026-06-16T17:52:30.747Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44932 (GCVE-0-2026-44932)

Vulnerability from cvelistv5 – Published: 2026-06-16 15:26 – Updated: 2026-06-18 03:55
VLAI?
Title
indirect remote shell command injection via unsanitized DHCP options in wicked
Summary
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
CWE
Assigner
Impacted products
Vendor Product Version
SUSE wicked Affected: 0 , < 0.6.79 (semver)
Create a notification for this product.
Credits
Wolfgang Frisch using Claude Opus
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T03:55:34.354Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/openSUSE/wicked",
          "defaultStatus": "unaffected",
          "modules": [
            "dhcp handling"
          ],
          "packageName": "wicked",
          "product": "wicked",
          "repo": "https://github.com/openSUSE/wicked",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.6.79",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Wolfgang Frisch using Claude Opus"
        }
      ],
      "datePublic": "2026-06-10T15:15:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003ePassing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.\u003c/div\u003e"
            }
          ],
          "value": "Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-16T15:26:51.919Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1265221"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/openSUSE/wicked/releases/tag/version-0.6.79"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026688.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026689.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026690.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026691.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "indirect remote shell command injection via unsanitized DHCP options in wicked",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44932",
    "datePublished": "2026-06-16T15:26:51.919Z",
    "dateReserved": "2026-05-08T12:29:48.966Z",
    "dateUpdated": "2026-06-18T03:55:34.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41054 (GCVE-0-2026-41054)

Vulnerability from cvelistv5 – Published: 2026-05-20 08:56 – Updated: 2026-06-05 11:06
VLAI?
Title
Missing exit out of permission check in haveged could lead to root exploit
Summary
In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
SUSE Container suse/sle-micro-rancher/5.3:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Container suse/sle-micro-rancher/5.3:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Container suse/sle-micro-rancher/5.4:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Container suse/sle-micro-rancher/5.4:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Container suse/sle-micro/5.5:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Container suse/sle-micro/5.5:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE Image SLES15-SP4-SAP-Hardened-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Desktop 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Micro 5.5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6-LTSS Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6-LTSS Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server 15 SP6-LTSS Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Proxy LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Proxy LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Proxy LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Retail Branch Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Retail Branch Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Retail Branch Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
    SUSE SUSE Manager Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
Credits
Dirk Mueller of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-05T11:06:34.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/19/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/19/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/19/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/20/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/21/17"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/22/1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41054",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:33.848Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Container suse/sle-micro-rancher/5.3:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Container suse/sle-micro-rancher/5.3:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Container suse/sle-micro-rancher/5.4:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Container suse/sle-micro-rancher/5.4:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Container suse/sle-micro/5.5:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Container suse/sle-micro/5.5:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-BYOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-BYOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-BYOS-Azure",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-BYOS-Azure",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-BYOS-EC2",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-BYOS-EC2",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-BYOS-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-BYOS-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Desktop 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Desktop 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Desktop 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Micro 5.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Micro 5.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Micro 5.4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Micro 5.4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Micro 5.5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Micro 5.5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Manager Proxy LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Manager Proxy LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Manager Proxy LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Manager Retail Branch Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Manager Retail Branch Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Manager Retail Branch Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Manager Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Manager Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Manager Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dirk Mueller of SUSE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cpre\u003eIn `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.\u003c/pre\u003e\u003c/div\u003e"
            }
          ],
          "value": "In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T08:56:14.466Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41054"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Missing exit out of permission check in haveged could lead to root exploit",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41054",
    "datePublished": "2026-05-20T08:56:14.466Z",
    "dateReserved": "2026-04-16T13:37:50.680Z",
    "dateUpdated": "2026-06-05T11:06:34.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44933 (GCVE-0-2026-44933)

Vulnerability from cvelistv5 – Published: 2026-05-20 08:51 – Updated: 2026-05-21 03:55
VLAI?
Title
Path Traversal in Plugin Loading in libzypp
Summary
`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.
CWE
  • CWE-35 - Path traversal: '.../...//'
Assigner
Impacted products
Vendor Product Version
SUSE SUSE Linux Enterprise Affected: 17.38.8 , < 17.38.9 (semver)
Create a notification for this product.
    SUSE openSUSE Affected: 17.38.8 , < 17.38.9 (semver)
Create a notification for this product.
Credits
Dirk Mueller of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:32.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "libzypp",
          "product": "SUSE Linux Enterprise",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "17.38.9",
              "status": "affected",
              "version": "17.38.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libzypp",
          "product": "openSUSE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "17.38.9",
              "status": "affected",
              "version": "17.38.8",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dirk Mueller of SUSE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cpre\u003e`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges.\u003c/pre\u003e"
            }
          ],
          "value": "`PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like `/bin/bash`) with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35 Path traversal: \u0027.../...//\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T08:51:12.770Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44933"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Path Traversal in Plugin Loading in libzypp",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44933",
    "datePublished": "2026-05-20T08:51:12.770Z",
    "dateReserved": "2026-05-08T12:29:48.966Z",
    "dateUpdated": "2026-05-21T03:55:32.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25710 (GCVE-0-2026-25710)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:44 – Updated: 2026-05-13 10:48
VLAI?
Summary
The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown() arbitrary files in the system.
CWE
  • CWE-250 - Execution with Unnecessary Privileges
Assigner
Impacted products
Vendor Product Version
KDE plasma-login-manager Affected: 0 , < ? (custom)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-13T09:04:49.938Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/27/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25710",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T10:42:19.802396Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T10:48:34.575Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "plasma-login-manager",
          "product": "plasma-login-manager",
          "vendor": "KDE",
          "versions": [
            {
              "lessThan": "?",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The new upstream added a \u003ca href=\"https://invent.kde.org/plasma/plasma-login-manager/-/blob/v6.6.2/src/frontend/kcm/auth/plasmaloginauthhelper.cpp?ref_type=tags\"\u003eprivileged D-Bus\nhelper\u003c/a\u003e called \u003ccode\u003eplasmaloginauthhelper\u003c/code\u003e, which suffers from multiple issues, e.g.aA compromised \u003ccode\u003eplasmalogin\u003c/code\u003e service account can \u003ccode\u003echown()\u003c/code\u003e\u0026nbsp;arbitrary files in the system."
            }
          ],
          "value": "The new upstream added a privileged D-Bus\nhelper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown()\u00a0arbitrary files in the system."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250: Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:44:00.951Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://security.opensuse.org/2026/04/27/plasma-login-manager.html#6-upstream-bugfix"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25710"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-25710",
    "datePublished": "2026-05-13T08:44:00.951Z",
    "dateReserved": "2026-02-05T15:37:24.184Z",
    "dateUpdated": "2026-05-13T10:48:34.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41051 (GCVE-0-2026-41051)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:37 – Updated: 2026-05-13 19:24
VLAI?
Title
csync2 uses insecure temporary directories when compiled with C99 or later
Summary
csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.
CWE
  • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
Impacted products
Vendor Product Version
SUSE openSUSE Tumbleweed Affected: ? , < 2.0+git.1600444747.83b3644-3.1 (custom)
Create a notification for this product.
Credits
Wolfgang Frisch of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41051",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T19:23:57.417815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-367",
                "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T19:24:11.916Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "csync2",
          "product": "openSUSE Tumbleweed",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.0+git.1600444747.83b3644-3.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Wolfgang Frisch of SUSE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories."
            }
          ],
          "value": "csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:38:08.507Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41051"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "csync2 uses insecure temporary directories when compiled with C99 or later",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41051",
    "datePublished": "2026-05-13T08:37:38.405Z",
    "dateReserved": "2026-04-16T13:37:50.680Z",
    "dateUpdated": "2026-05-13T19:24:11.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-44931 (GCVE-0-2026-44931)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:30 – Updated: 2026-05-13 10:48
VLAI?
Title
malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API
Summary
The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
Impacted products
Vendor Product Version
gnome malcontent Affected: 0.14 , < unknown (custom)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-13T09:05:10.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/11/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T10:42:49.658094Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T10:48:50.090Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "malcontent",
          "product": "malcontent",
          "vendor": "gnome",
          "versions": [
            {
              "lessThan": "unknown",
              "status": "affected",
              "version": "0.14",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The newly introduced \u003ca href=\"https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c?ref_type=tags#L892\"\u003e\u003ccode\u003eRecordUsage\u003c/code\u003e D-Bus method\u003c/a\u003e in\n\u003ccode\u003emalcontent-timerd\u003c/code\u003e\u0026nbsp;allows arbitrary users in the system to slowly fill up disk space\nin \u003ccode\u003e/var/lib/malcontent-timerd\u003c/code\u003e"
            }
          ],
          "value": "The newly introduced  RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c  in\nmalcontent-timerd\u00a0allows arbitrary users in the system to slowly fill up disk space\nin /var/lib/malcontent-timerd"
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:30:24.340Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://security.opensuse.org/2026/05/11/malcontent-disk-space-dos.html"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-44931"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-44931",
    "datePublished": "2026-05-13T08:30:24.340Z",
    "dateReserved": "2026-05-08T12:29:48.966Z",
    "dateUpdated": "2026-05-13T10:48:50.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41050 (GCVE-0-2026-41050)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:04 – Updated: 2026-05-14 03:55
VLAI?
Title
Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering
Summary
Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.
CWE
  • CWE-863 - Incorrect Authorization
Assigner
Impacted products
Vendor Product Version
SUSE Rancher Affected: 0.15.0 , < 0.15.1 (semver)
Affected: 0.14.0 , < 0.14.5 (semver)
Affected: 0.13.0 , < 0.13.10 (semver)
Affected: 0.12.0 , < 0.12.14 (semver)
Affected: 0.11.0 , < 0.11.13 (semver)
Create a notification for this product.
Credits
https://github.com/kodareef5
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:55:58.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/rancher/fleet",
          "product": "Rancher",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "0.15.1",
              "status": "affected",
              "version": "0.15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.14.5",
              "status": "affected",
              "version": "0.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.13.10",
              "status": "affected",
              "version": "0.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.12.14",
              "status": "affected",
              "version": "0.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "0.11.13",
              "status": "affected",
              "version": "0.11.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/kodareef5"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
            }
          ],
          "value": "Fleet\u0027s Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:05:26.978Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41050"
        },
        {
          "url": "https://github.com/advisories/GHSA-765j-qfrp-hm3j"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41050",
    "datePublished": "2026-05-13T08:04:57.293Z",
    "dateReserved": "2026-04-16T13:37:50.679Z",
    "dateUpdated": "2026-05-14T03:55:58.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25705 (GCVE-0-2026-25705)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:00 – Updated: 2026-05-14 03:55
VLAI?
Title
Rancher Extensions have arbitrary file access via path traversal
Summary
A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to: * Overwrite Rancher binaries or configuration to inject code. * Write to /var/lib/rancher/ to tamper with cluster state. * If hostPath volumes are mounted, write to the host node filesystem. * Use this issue to chain with other attack vectors.
CWE
  • CWE-35 - Path traversal: '.../...//'
Assigner
Impacted products
Vendor Product Version
SUSE rancher Affected: 2.14.0 , < 2.14.1 (semver)
Affected: 2.13.0 , < 2.13.5 (semver)
Affected: 2.12.0 , < 2.12.9 (semver)
Affected: 2.10.11 , < 2.11.13 (semver)
Create a notification for this product.
Credits
https://github.com/KoreaSecurity
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T03:55:59.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/rancher/rancher",
          "product": "rancher",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.14.1",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.5",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.12.9",
              "status": "affected",
              "version": "2.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.11.13",
              "status": "affected",
              "version": "2.10.11",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/KoreaSecurity"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to:\u003cdiv\u003e\u003cul\u003e\u003cli\u003eOverwrite Rancher binaries or configuration to inject code.\u003c/li\u003e\n\u003cli\u003eWrite to \u003ccode\u003e/var/lib/rancher/\u003c/code\u003e to tamper with cluster state.\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003ehostPath\u003c/code\u003e volumes are mounted, write to the host node filesystem.\u003c/li\u003e\n\u003cli\u003eUse this issue to chain with other attack vectors.\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
            }
          ],
          "value": "A vulnerability has been identified in [Rancher\u0027s Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where malicious code can be injected in Rancher through a path traversal in the `compressedEndpoint` field inside a `UIPlugin` deployment. A malicious UI extension could abuse that to:  *  Overwrite Rancher binaries or configuration to inject code.\n\n  *  Write to /var/lib/rancher/ to tamper with cluster state.\n\n  *  If hostPath volumes are mounted, write to the host node filesystem.\n\n  *  Use this issue to chain with other attack vectors."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35 Path traversal: \u0027.../...//\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:01:27.283Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25705"
        },
        {
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-5v3h-x4wf-5c35"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Rancher Extensions have arbitrary file access via path traversal",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-25705",
    "datePublished": "2026-05-13T08:00:46.097Z",
    "dateReserved": "2026-02-05T15:37:24.184Z",
    "dateUpdated": "2026-05-14T03:55:59.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25704 (GCVE-0-2026-25704)

Vulnerability from cvelistv5 – Published: 2026-03-30 07:44 – Updated: 2026-04-16 16:32
VLAI?
Title
Incomplete privilege drop for com.system76.CosmicGreeter.GetUserData
Summary
A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in  cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.
CWE
  • CWE-271 - Privilege Dropping / Lowering Errors
  • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
Impacted products
Vendor Product Version
pop-os cosmic-greeter Affected: ? , < https://github.com/pop-os/cosmic-greeter/pull/426 (git)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T15:15:22.499459Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T15:16:08.947Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-16T16:32:11.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/16/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "cosmic-greeter",
          "product": "cosmic-greeter",
          "vendor": "pop-os",
          "versions": [
            {
              "lessThan": "https://github.com/pop-os/cosmic-greeter/pull/426",
              "status": "affected",
              "version": "?",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "datePublic": "2026-03-11T11:25:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eA Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in\u0026nbsp; cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426.\u003c/p\u003e"
            }
          ],
          "value": "A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in\u00a0 cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic.\n\n\n\n\nThis issue affects cosmic-greeter before https://github.Com/pop-os/cosmic-greeter/pull/426."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-271",
              "description": "CWE-271: Privilege Dropping / Lowering Errors",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T07:44:39.672Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25704"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incomplete privilege drop for com.system76.CosmicGreeter.GetUserData",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-25704",
    "datePublished": "2026-03-30T07:44:39.672Z",
    "dateReserved": "2026-02-05T15:37:24.184Z",
    "dateUpdated": "2026-04-16T16:32:11.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25702 (GCVE-0-2026-25702)

Vulnerability from cvelistv5 – Published: 2026-03-05 07:00 – Updated: 2026-03-05 15:17
VLAI?
Title
nftables disabled due to incorrect kernel backport
Summary
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
CWE
  • CWE-284 - Improper Access Control
Assigner
Impacted products
Vendor Product Version
SUSE SUSE Linux Enterprise Server Affected: 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 , < 9c294edb7085fb91650bc12233495a8974c5ff2d (git)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25702",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-05T15:17:32.390681Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-05T15:17:39.310Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "kernel",
          "product": "SUSE Linux Enterprise Server",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "9c294edb7085fb91650bc12233495a8974c5ff2d",
              "status": "affected",
              "version": "9e6d9d4601768c75fdb0bad3fbbe636e748939c2",
              "versionType": "git"
            }
          ]
        }
      ],
      "datePublic": "2026-03-02T10:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.\u003cp\u003eThis issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.\u003c/p\u003e"
            }
          ],
          "value": "A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T07:00:18.627Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25702"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "nftables disabled due to incorrect kernel backport",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-25702",
    "datePublished": "2026-03-05T07:00:18.627Z",
    "dateReserved": "2026-02-05T15:37:24.183Z",
    "dateUpdated": "2026-03-05T15:17:39.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62879 (GCVE-0-2025-62879)

Vulnerability from cvelistv5 – Published: 2026-03-04 15:08 – Updated: 2026-03-04 16:11
VLAI?
Title
Rancher Backup Operator pod's logs leak S3 tokens
Summary
A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.
CWE
  • CWE-532 - Insertion of Sensitive Information into Log File
Assigner
Impacted products
Vendor Product Version
SUSE Rancher Affected: 9.0.0 , < 9.0.1 (semver)
Affected: 8.0.0 , < 8.1.2 (semver)
Affected: 7.0.0 , < 7.0.5 (semver)
Affected: 6.0.0 , < 6.0.3 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62879",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T16:11:27.835968Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-04T16:11:33.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "github.com/rancher/backup-restore-operator",
          "product": "Rancher",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "9.0.1",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.1.2",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.0.5",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.0.3",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-02-03T10:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both \u003ccode\u003eaccessKey\u003c/code\u003e and \u003ccode\u003esecretKey\u003c/code\u003e) into the rancher-backup-operator pod\u0027s logs.\u003cbr\u003e"
            }
          ],
          "value": "A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod\u0027s logs."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-04T15:08:11.734Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62879"
        },
        {
          "url": "https://github.com/advisories/GHSA-wj3p-5h3x-c74q"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rancher Backup Operator pod\u0027s logs leak S3 tokens",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2025-62879",
    "datePublished": "2026-03-04T15:08:11.734Z",
    "dateReserved": "2025-10-24T10:34:22.765Z",
    "dateUpdated": "2026-03-04T16:11:33.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25701 (GCVE-0-2026-25701)

Vulnerability from cvelistv5 – Published: 2026-02-25 10:59 – Updated: 2026-02-25 20:50
VLAI?
Summary
An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to pre-create a directory to achieve various effects like: * gain access to possible private information found in /var/lib/pcrlock.d * manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored. *  overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak. This issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.
CWE
  • CWE-377 - Insecure Temporary File
Assigner
Impacted products
Vendor Product Version
openSUSE sdbootutil Affected: ? , < 5880246d3a02642dc68f5c8cb474bf63cdb56bca (git)
Create a notification for this product.
Credits
Matthias Gerstner of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T20:49:57.200219Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T20:50:09.650Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "sdbootutil",
          "product": "sdbootutil",
          "vendor": "openSUSE",
          "versions": [
            {
              "lessThan": "5880246d3a02642dc68f5c8cb474bf63cdb56bca",
              "status": "affected",
              "version": "?",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Matthias Gerstner of SUSE"
        }
      ],
      "datePublic": "2026-02-18T08:18:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to\u0026nbsp;pre-create a directory to achieve various effects like:\u003cbr\u003e\u003cul\u003e\u003cli\u003egain access to possible private information found in /var/lib/pcrlock.d\u003c/li\u003e\u003cli\u003emanipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored.\u003c/li\u003e\u003cli\u003e\u0026nbsp;overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca.\u003c/p\u003e"
            }
          ],
          "value": "An Insecure Temporary File vulnerability in openSUSE sdbootutil allows local users to\u00a0pre-create a directory to achieve various effects like:\n  *  gain access to possible private information found in /var/lib/pcrlock.d\n  *  manipulate the data backed up in /tmp/pcrlock.d.bak, therefore violating the integrity of the data should it be restored.\n  *  \u00a0overwrite protected system files with data from /var/lib/pcrlock.d by placing symlinks to existing files in the directory tree in /tmp/pcrlock.d.bak.\n\n\nThis issue affects sdbootutil: from ? before 5880246d3a02642dc68f5c8cb474bf63cdb56bca."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-377",
              "description": "CWE-377: Insecure Temporary File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T10:59:58.372Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1258241"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-25701",
    "datePublished": "2026-02-25T10:59:58.372Z",
    "dateReserved": "2026-02-05T15:37:24.183Z",
    "dateUpdated": "2026-02-25T20:50:09.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}