Vulnerability-Lookup

CERTFR-2026-AVI-0558

Vulnerability from certfr_avis - Published: 2026-05-11 - Updated: 2026-05-11

De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Azure Linux	azl3 kernel 6.6.137.1-2 versions antérieures à 6.6.138.1-1
Microsoft	Azure Linux	azl3 kf-kcoreaddons 5.249.0-1 versions antérieures à 5.249.0-2
Microsoft	Azure Linux	azl3 firewalld 2.0.2-3 versions antérieures à 2.0.2-4
Microsoft	Azure Linux	azl3 python-pip 24.2-6 versions antérieures à 24.2-7
Microsoft	Azure Linux	azl3 nano 6.4-2 versions antérieures à 6.4-3
Microsoft	Azure Linux	azl3 frr 10.5.0-3 versions antérieures à 10.5.4-1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-43400	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-4948	2026-05-02	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71293	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43284	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43300	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-37457	2026-05-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71290	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43243	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71294	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-6843	2026-05-03	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43165	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43237	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43201	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43306	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43321	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71299	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43267	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43274	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43320	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-3219	2026-04-23	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43195	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43228	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43191	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-41526	2026-05-01	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43292	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43305	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43398	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43474	2026-05-09	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-6842	2026-05-03	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-43176	2026-05-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-71302	2026-05-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 kernel 6.6.137.1-2 versions ant\u00e9rieures \u00e0 6.6.138.1-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kf-kcoreaddons 5.249.0-1 versions ant\u00e9rieures \u00e0 5.249.0-2",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 firewalld 2.0.2-3 versions ant\u00e9rieures \u00e0 2.0.2-4",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python-pip 24.2-6 versions ant\u00e9rieures \u00e0 24.2-7",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 nano 6.4-2 versions ant\u00e9rieures \u00e0 6.4-3",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 frr 10.5.0-3 versions ant\u00e9rieures \u00e0 10.5.4-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-43305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43305"
    },
    {
      "name": "CVE-2026-43292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43292"
    },
    {
      "name": "CVE-2026-43274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43274"
    },
    {
      "name": "CVE-2025-71290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71290"
    },
    {
      "name": "CVE-2026-43306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43306"
    },
    {
      "name": "CVE-2026-43284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43284"
    },
    {
      "name": "CVE-2026-43201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43201"
    },
    {
      "name": "CVE-2026-6843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6843"
    },
    {
      "name": "CVE-2026-43243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43243"
    },
    {
      "name": "CVE-2025-71294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71294"
    },
    {
      "name": "CVE-2026-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3219"
    },
    {
      "name": "CVE-2026-6842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6842"
    },
    {
      "name": "CVE-2026-41526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41526"
    },
    {
      "name": "CVE-2026-43400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43400"
    },
    {
      "name": "CVE-2026-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43398"
    },
    {
      "name": "CVE-2026-43228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43228"
    },
    {
      "name": "CVE-2026-4948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4948"
    },
    {
      "name": "CVE-2026-43300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43300"
    },
    {
      "name": "CVE-2026-43191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43191"
    },
    {
      "name": "CVE-2026-43176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43176"
    },
    {
      "name": "CVE-2026-43237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43237"
    },
    {
      "name": "CVE-2026-43474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43474"
    },
    {
      "name": "CVE-2026-43195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43195"
    },
    {
      "name": "CVE-2025-71302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71302"
    },
    {
      "name": "CVE-2025-71293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71293"
    },
    {
      "name": "CVE-2026-43267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43267"
    },
    {
      "name": "CVE-2026-43165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43165"
    },
    {
      "name": "CVE-2026-43321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43321"
    },
    {
      "name": "CVE-2026-43320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-43320"
    },
    {
      "name": "CVE-2025-71299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71299"
    },
    {
      "name": "CVE-2026-37457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-37457"
    }
  ],
  "initial_release_date": "2026-05-11T00:00:00",
  "last_revision_date": "2026-05-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0558",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux",
  "vendor_advisories": [
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43400",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43400"
    },
    {
      "published_at": "2026-05-02",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-4948",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-4948"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71293",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71293"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43284",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43284"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43300",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43300"
    },
    {
      "published_at": "2026-05-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-37457",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-37457"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71290",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71290"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43243",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43243"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71294",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71294"
    },
    {
      "published_at": "2026-05-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-6843",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6843"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43165",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43165"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43237",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43237"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43201",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43201"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43306",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43306"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43321",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43321"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71299",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71299"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43267"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43274",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43274"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43320",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43320"
    },
    {
      "published_at": "2026-04-23",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-3219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-3219"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43195",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43195"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43228",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43228"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43191",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43191"
    },
    {
      "published_at": "2026-05-01",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-41526",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41526"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43292",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43292"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43305",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43305"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43398",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43398"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43474",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43474"
    },
    {
      "published_at": "2026-05-03",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-6842",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6842"
    },
    {
      "published_at": "2026-05-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-43176",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-43176"
    },
    {
      "published_at": "2026-05-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71302",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71302"
    }
  ]
}

CVE-2026-41526 (GCVE-0-2026-41526)

Vulnerability from cvelistv5 – Published: 2026-04-28 00:00 – Updated: 2026-04-28 13:07

Summary

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L

CWE

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

Assigner

mitre

References

URL

Tags

	https://invent.kde.org/frameworks/kcoreaddons/
	https://github.com/KDE/kcoreaddons/blob/50d360736…
	https://github.com/KDE/kcoreaddons/blob/50d360736…
	https://github.com/KDE/kcoreaddons/releases/tag/v6.25.0
	https://kde.org/info/security/advisory-20260427-1.txt

Impacted products

	Vendor	Product	Version
	KDE	KCoreAddons	Affected: 0 , < 6.25 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41526",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T13:00:44.980535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T13:07:56.176Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "KCoreAddons",
          "vendor": "KDE",
          "versions": [
            {
              "lessThan": "6.25",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \\x01 can be used during injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-150",
              "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T06:52:22.174Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://invent.kde.org/frameworks/kcoreaddons/"
        },
        {
          "url": "https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L43-L49"
        },
        {
          "url": "https://github.com/KDE/kcoreaddons/blob/50d360736c399502fedf203e95482b0d0e5a3ea2/src/lib/util/kshell.h#L168"
        },
        {
          "url": "https://github.com/KDE/kcoreaddons/releases/tag/v6.25.0"
        },
        {
          "url": "https://kde.org/info/security/advisory-20260427-1.txt"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-41526",
    "datePublished": "2026-04-28T00:00:00.000Z",
    "dateReserved": "2026-04-20T00:00:00.000Z",
    "dateUpdated": "2026-04-28T13:07:56.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3219 (GCVE-0-2026-3219)

Vulnerability from cvelistv5 – Published: 2026-04-20 14:55 – Updated: 2026-04-20 20:15

Title

pip doesn't reject concatenated ZIP and tar archives

Summary

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.

Severity ?

4.6 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Assigner

PSF

References

URL

Tags

	https://github.com/pypa/pip/pull/13870	patch
	https://mail.python.org/archives/list/security-an…	vendor-advisory

Impacted products

	Vendor	Product	Version
	Python Packaging Authority	pip	Affected: 0 , < 26.1 (python)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3219",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T16:03:20.592162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T16:15:12.102Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-20T20:15:23.710Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/20/8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org/project/pip",
          "defaultStatus": "unaffected",
          "packageName": "pip",
          "product": "pip",
          "repo": "https://github.com/pypa/pip",
          "vendor": "Python Packaging Authority",
          "versions": [
            {
              "lessThan": "26.1",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both."
            }
          ],
          "value": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-20T15:02:54.673Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/pypa/pip/pull/13870"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "pip doesn\u0027t reject concatenated ZIP and tar archives",
      "x_generator": {
        "engine": "Vulnogram 0.6.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2026-3219",
    "datePublished": "2026-04-20T14:55:38.282Z",
    "dateReserved": "2026-02-25T17:50:26.456Z",
    "dateUpdated": "2026-04-20T20:15:23.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6842 (GCVE-0-2026-6842)

Vulnerability from cvelistv5 – Published: 2026-04-22 07:34 – Updated: 2026-04-22 13:07

Title

Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

Summary

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed.

Severity ?

2.5 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2026-6842	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2460018	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

cpe:/o:redhat:enterprise_linux:10

Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Credits

Red Hat would like to thank Michał Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6842",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T13:07:50.621296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:07:57.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Micha\u0142 Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue."
        }
      ],
      "datePublic": "2026-04-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T07:36:47.825Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-6842"
        },
        {
          "name": "RHBZ#2460018",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460018"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-13T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions",
      "workarounds": [
        {
          "lang": "en",
          "value": "Ensure that the system\u0027s umask is configured to a secure value, such as `0022` or `0077`, to prevent the creation of world-writable directories. This can be set system-wide in `/etc/profile` or `/etc/bashrc`, or for individual users in their `~/.bashrc` or `~/.profile`. A secure umask will ensure that newly created directories, including `~/.local` by `nano`, have appropriate permissions."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-732: Incorrect Permission Assignment for Critical Resource"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-6842",
    "datePublished": "2026-04-22T07:34:26.360Z",
    "dateReserved": "2026-04-22T07:20:17.989Z",
    "dateUpdated": "2026-04-22T13:07:57.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4948 (GCVE-0-2026-4948)

Vulnerability from cvelistv5 – Published: 2026-03-27 05:30 – Updated: 2026-03-27 11:21

Title

Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

Summary

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-279 - Incorrect Execution-Assigned Permissions

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2026-4948	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2452086	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

cpe:/o:redhat:enterprise_linux:10

Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Credits

Red Hat would like to thank Asim Viladi Oglu Manizada for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4948",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T11:21:05.300360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T11:21:20.810Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unknown",
          "packageName": "firewalld",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "firewalld",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "firewalld",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unknown",
          "packageName": "firewalld",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unknown",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Asim Viladi Oglu Manizada for reporting this issue."
        }
      ],
      "datePublic": "2026-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-279",
              "description": "Incorrect Execution-Assigned Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T05:35:20.262Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-4948"
        },
        {
          "name": "RHBZ#2452086",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452086"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-27T04:44:51.806Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-03-27T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, ensure that the firewalld desktop policy is not active on systems where local unprivileged user access is a concern. If firewalld is not required, it can be disabled. Disabling firewalld may impact network services that rely on it.\n\nTo disable firewalld:\nsudo systemctl stop firewalld\nsudo systemctl disable firewalld\n\nA system restart or service reload may be required for changes to take full effect."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-279: Incorrect Execution-Assigned Permissions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-4948",
    "datePublished": "2026-03-27T05:30:23.632Z",
    "dateReserved": "2026-03-27T05:23:36.264Z",
    "dateUpdated": "2026-03-27T11:21:20.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-37457 (GCVE-0-2026-37457)

Vulnerability from cvelistv5 – Published: 2026-05-01 00:00 – Updated: 2026-05-01 18:16

Summary

An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

URL

Tags

https://github.com/FRRouting/frr/commit/0e6882bc7…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-37457",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-01T18:15:57.207525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-01T18:16:41.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-01T17:42:07.864Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FRRouting/frr/commit/0e6882bc72c0278988a47b2f0f73b7a91099a25c"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-37457",
    "datePublished": "2026-05-01T00:00:00.000Z",
    "dateReserved": "2026-04-06T00:00:00.000Z",
    "dateUpdated": "2026-05-01T18:16:41.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6843 (GCVE-0-2026-6843)

Vulnerability from cvelistv5 – Published: 2026-04-22 08:30 – Updated: 2026-04-22 12:04

Title

Nano: nano: format string vulnerability leads to denial of service

Summary

A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-134 - Use of Externally-Controlled Format String

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2026-6843	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2460017	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Red Hat Enterprise Linux 10

cpe:/o:redhat:enterprise_linux:10

Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Credits

Red Hat would like to thank Michał Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-6843",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T12:04:45.914675Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T12:04:58.643Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "nano",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Micha\u0142 Majchrowicz, Marcin Wyczechowski (AFINE Team) for reporting this issue."
        }
      ],
      "datePublic": "2026-04-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-134",
              "description": "Use of Externally-Controlled Format String",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T08:30:04.572Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-6843"
        },
        {
          "name": "RHBZ#2460017",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460017"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-04-13T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Nano: nano: format string vulnerability leads to denial of service",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-134: Use of Externally-Controlled Format String"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-6843",
    "datePublished": "2026-04-22T08:30:04.572Z",
    "dateReserved": "2026-04-22T07:23:19.148Z",
    "dateUpdated": "2026-04-22T12:04:58.643Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2026-AVI-0558

Solutions

CVE-2026-41526 (GCVE-0-2026-41526)

CVE-2026-3219 (GCVE-0-2026-3219)

CVE-2026-6842 (GCVE-0-2026-6842)

CVE-2026-4948 (GCVE-0-2026-4948)

CVE-2026-37457 (GCVE-0-2026-37457)

CVE-2026-6843 (GCVE-0-2026-6843)

Tags

Sightings

Nomenclature