Common Weakness Enumeration
CWE-248
AllowedUncaught Exception
Abstraction: Base · Status: Draft
An exception is thrown from a function, but it is not caught.
420 vulnerabilities reference this CWE, most recent first.
CVE-2026-48069 (GCVE-0-2026-48069)
Vulnerability from cvelistv5 – Published: 2026-07-14 19:42 – Updated: 2026-07-15 13:27
VLAI
EPSS
VEX
Title
@grpc/grps-js: An incoming malformed compressed message can cause a client or server crash
Summary
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://github.com/grpc/grpc-node/security/adviso… | x_refsource_CONFIRM |
| https://github.com/grpc/grpc-node/commit/2375eadc… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/2fe55fd7… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/4091bd90… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/b3f16094… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/b61c4d65… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/b6dcfc3c… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T13:23:14.814118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T13:27:06.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grpc-node",
"vendor": "grpc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.16"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.12"
},
{
"status": "affected",
"version": "\u003e= 1.11.0, \u003c 1.11.4"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.7"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.5"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T19:42:32.883Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-99f4-grh7-6pcq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-99f4-grh7-6pcq"
},
{
"name": "https://github.com/grpc/grpc-node/commit/2375eadcc52ca2b1ef55288bcd6355168b02706c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/2375eadcc52ca2b1ef55288bcd6355168b02706c"
},
{
"name": "https://github.com/grpc/grpc-node/commit/2fe55fd76a8bb59eaab5f39e3552b5f84985a163",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/2fe55fd76a8bb59eaab5f39e3552b5f84985a163"
},
{
"name": "https://github.com/grpc/grpc-node/commit/4091bd902105f8fb655741758aee71418c48b5d5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/4091bd902105f8fb655741758aee71418c48b5d5"
},
{
"name": "https://github.com/grpc/grpc-node/commit/b3f16094473b5c8f38b0955eafa4a19507127346",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/b3f16094473b5c8f38b0955eafa4a19507127346"
},
{
"name": "https://github.com/grpc/grpc-node/commit/b61c4d65953db85c2ae55b4b3cd98a4259dc87cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/b61c4d65953db85c2ae55b4b3cd98a4259dc87cb"
},
{
"name": "https://github.com/grpc/grpc-node/commit/b6dcfc3cee9ef390e5869ebea5a8c5ae187720b9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/b6dcfc3cee9ef390e5869ebea5a8c5ae187720b9"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.14.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.14.4"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.9.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.9.16"
}
],
"source": {
"advisory": "GHSA-99f4-grh7-6pcq",
"discovery": "UNKNOWN"
},
"title": "@grpc/grps-js: An incoming malformed compressed message can cause a client or server crash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48069",
"datePublished": "2026-07-14T19:42:32.883Z",
"dateReserved": "2026-05-20T18:25:25.708Z",
"dateUpdated": "2026-07-15T13:27:06.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48068 (GCVE-0-2026-48068)
Vulnerability from cvelistv5 – Published: 2026-07-14 19:39 – Updated: 2026-07-14 19:39
VLAI
EPSS
VEX
Title
@grpc/grps-js: A malformed request can cause a server crash
Summary
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initiation can cause a server process created using @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.
Severity
7.5 (High)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://github.com/grpc/grpc-node/security/adviso… | x_refsource_CONFIRM |
| https://github.com/grpc/grpc-node/commit/058665a6… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/1cf4bfa7… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/234f9172… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/455efce8… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/b1b7268f… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/commit/e2c035aa… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
| https://github.com/grpc/grpc-node/releases/tag/%4… | x_refsource_MISC |
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"product": "grpc-node",
"vendor": "grpc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.16"
},
{
"status": "affected",
"version": "\u003e= 1.11.0, \u003c 1.11.4"
},
{
"status": "affected",
"version": "\u003e= 1.12.0, \u003c 1.12.7"
},
{
"status": "affected",
"version": "\u003e= 1.13.0, \u003c 1.13.5"
},
{
"status": "affected",
"version": "\u003e= 1.14.0, \u003c 1.14.4"
},
{
"status": "affected",
"version": "\u003e= 1.10.0, \u003c 1.10.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initiation can cause a server process created using @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T19:39:42.607Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-5375-pq7m-f5r2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-5375-pq7m-f5r2"
},
{
"name": "https://github.com/grpc/grpc-node/commit/058665a6c6dae445e2ab0f3f6259164fac52ee17",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/058665a6c6dae445e2ab0f3f6259164fac52ee17"
},
{
"name": "https://github.com/grpc/grpc-node/commit/1cf4bfa738b15e59cc3daf49ffa24c04f9b626f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/1cf4bfa738b15e59cc3daf49ffa24c04f9b626f7"
},
{
"name": "https://github.com/grpc/grpc-node/commit/234f9172b2ff35e586ca7d4e788557aad5985668",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/234f9172b2ff35e586ca7d4e788557aad5985668"
},
{
"name": "https://github.com/grpc/grpc-node/commit/455efce8acb7fb249652a74c1618a6d7daf1faba",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/455efce8acb7fb249652a74c1618a6d7daf1faba"
},
{
"name": "https://github.com/grpc/grpc-node/commit/b1b7268f7b81b92c6f03f5128dfd871c08aeb903",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/b1b7268f7b81b92c6f03f5128dfd871c08aeb903"
},
{
"name": "https://github.com/grpc/grpc-node/commit/e2c035aab2fe5e55d46d5fc427481497314a53a4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/commit/e2c035aab2fe5e55d46d5fc427481497314a53a4"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.14.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.14.4"
},
{
"name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.9.16",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.9.16"
}
],
"source": {
"advisory": "GHSA-5375-pq7m-f5r2",
"discovery": "UNKNOWN"
},
"title": "@grpc/grps-js: A malformed request can cause a server crash"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48068",
"datePublished": "2026-07-14T19:39:42.607Z",
"dateReserved": "2026-05-20T18:25:25.708Z",
"dateUpdated": "2026-07-14T19:39:42.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48038 (GCVE-0-2026-48038)
Vulnerability from cvelistv5 – Published: 2026-07-14 19:24 – Updated: 2026-07-15 13:27
VLAI
EPSS
VEX
Title
joi: Uncaught RangeError on deeply nested input through recursive `link()` schemas
Summary
joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link() schemas. When validate() is called without try/catch in a request handler, deeply nested input can trigger an unhandled RangeError and potentially crash the process; lower-impact paths using validateAsync() or try/catch produce a RangeError instead of a structured ValidationError. This issue is fixed in versions 17.13.4 and 18.2.1.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/hapijs/joi/security/advisories… | x_refsource_CONFIRM |
| https://github.com/hapijs/joi/pull/3113 | x_refsource_MISC |
| https://github.com/hapijs/joi/commit/97bd51de94d5… | x_refsource_MISC |
| https://github.com/hapijs/joi/commit/fc146a628ab9… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T13:23:16.760424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T13:27:13.334Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "joi",
"vendor": "hapijs",
"versions": [
{
"status": "affected",
"version": "\u003c 17.13.4"
},
{
"status": "affected",
"version": "\u003e= 18.0.0, \u003c 18.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link() schemas. When validate() is called without try/catch in a request handler, deeply nested input can trigger an unhandled RangeError and potentially crash the process; lower-impact paths using validateAsync() or try/catch produce a RangeError instead of a structured ValidationError. This issue is fixed in versions 17.13.4 and 18.2.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T19:24:32.644Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hapijs/joi/security/advisories/GHSA-q7cg-457f-vx79",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hapijs/joi/security/advisories/GHSA-q7cg-457f-vx79"
},
{
"name": "https://github.com/hapijs/joi/pull/3113",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hapijs/joi/pull/3113"
},
{
"name": "https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74"
},
{
"name": "https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7"
}
],
"source": {
"advisory": "GHSA-q7cg-457f-vx79",
"discovery": "UNKNOWN"
},
"title": "joi: Uncaught RangeError on deeply nested input through recursive `link()` schemas"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48038",
"datePublished": "2026-07-14T19:24:32.644Z",
"dateReserved": "2026-05-20T18:15:53.577Z",
"dateUpdated": "2026-07-15T13:27:13.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-47480 (GCVE-0-2026-47480)
Vulnerability from cvelistv5 – Published: 2026-07-14 19:47 – Updated: 2026-07-14 19:47
VLAI
EPSS
VEX
Summary
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service.
Severity
7.5 (High)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | Triton Inference Server |
Affected:
0.0 , ≤ 26.04
(custom)
|
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Triton Inference Server",
"vendor": "NVIDIA",
"versions": [
{
"lessThanOrEqual": "26.04",
"status": "affected",
"version": "0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service."
}
],
"value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of Service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T19:47:59.935Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47480"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47480"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2026-47480",
"datePublished": "2026-07-14T19:47:59.935Z",
"dateReserved": "2026-05-19T19:55:38.728Z",
"dateUpdated": "2026-07-14T19:47:59.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46689 (GCVE-0-2026-46689)
Vulnerability from cvelistv5 – Published: 2026-06-10 20:28 – Updated: 2026-06-11 12:55
VLAI
EPSS
VEX
Title
Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion
Summary
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kanidm/kanidm/security/advisor… | x_refsource_CONFIRM |
| https://github.com/kanidm/kanidm/releases/tag/v1.9.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46689",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-11T12:55:52.379516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T12:55:59.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "kanidm",
"vendor": "kanidm",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (\u2248 4\u201312 KB) drives the recursive-descent PEG parser past the worker thread\u0027s stack guard page. Rust responds to stack overflow with std::process::abort() \u2014 the entire kanidmd process exits. The parse runs inside axum\u0027s Query\u003cScimEntryGetQuery\u003e extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T20:28:44.009Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh"
},
{
"name": "https://github.com/kanidm/kanidm/releases/tag/v1.9.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kanidm/kanidm/releases/tag/v1.9.3"
}
],
"source": {
"advisory": "GHSA-r5fr-9gmv-jggh",
"discovery": "UNKNOWN"
},
"title": "Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46689",
"datePublished": "2026-06-10T20:28:44.009Z",
"dateReserved": "2026-05-15T21:46:51.548Z",
"dateUpdated": "2026-06-11T12:55:59.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46545 (GCVE-0-2026-46545)
Vulnerability from cvelistv5 – Published: 2026-06-09 23:47 – Updated: 2026-06-10 14:38
VLAI
EPSS
VEX
Title
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
Summary
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nimiq/core-rs-albatross/securi… | x_refsource_CONFIRM |
| https://github.com/nimiq/core-rs-albatross/pull/3762 | x_refsource_MISC |
| https://github.com/nimiq/core-rs-albatross/releas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nimiq | core-rs-albatross |
Affected:
< 1.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T14:37:39.248704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:38:24.123Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "core-rs-albatross",
"vendor": "nimiq",
"versions": [
{
"status": "affected",
"version": "\u003c 1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:47:51.072Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-mw3q-r9wh-h2ff",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-mw3q-r9wh-h2ff"
},
{
"name": "https://github.com/nimiq/core-rs-albatross/pull/3762",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nimiq/core-rs-albatross/pull/3762"
},
{
"name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0"
}
],
"source": {
"advisory": "GHSA-mw3q-r9wh-h2ff",
"discovery": "UNKNOWN"
},
"title": "nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46545",
"datePublished": "2026-06-09T23:47:51.072Z",
"dateReserved": "2026-05-14T20:42:31.368Z",
"dateUpdated": "2026-06-10T14:38:24.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46411 (GCVE-0-2026-46411)
Vulnerability from cvelistv5 – Published: 2026-06-09 23:01 – Updated: 2026-06-10 14:30
VLAI
EPSS
VEX
Title
FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older
Summary
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/halfgaar/FlashMQ/security/advi… | x_refsource_CONFIRM |
| https://github.com/halfgaar/FlashMQ/commit/29e08f… | x_refsource_MISC |
| https://github.com/halfgaar/FlashMQ/releases/tag/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T14:30:14.609160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:30:30.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FlashMQ",
"vendor": "halfgaar",
"versions": [
{
"status": "affected",
"version": "\u003c 1.26.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T23:01:33.212Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/halfgaar/FlashMQ/security/advisories/GHSA-g35r-265r-rxrh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/halfgaar/FlashMQ/security/advisories/GHSA-g35r-265r-rxrh"
},
{
"name": "https://github.com/halfgaar/FlashMQ/commit/29e08f7b97b6e3f96db923c2b6a260c47b49c195",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/halfgaar/FlashMQ/commit/29e08f7b97b6e3f96db923c2b6a260c47b49c195"
},
{
"name": "https://github.com/halfgaar/FlashMQ/releases/tag/v1.26.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/halfgaar/FlashMQ/releases/tag/v1.26.2"
}
],
"source": {
"advisory": "GHSA-g35r-265r-rxrh",
"discovery": "UNKNOWN"
},
"title": "FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46411",
"datePublished": "2026-06-09T23:01:33.212Z",
"dateReserved": "2026-05-13T21:04:10.933Z",
"dateUpdated": "2026-06-10T14:30:30.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45685 (GCVE-0-2026-45685)
Vulnerability from cvelistv5 – Published: 2026-06-02 15:25 – Updated: 2026-06-02 16:42
VLAI
EPSS
VEX
Title
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages
Summary
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated, so a single crafted message can terminate telemetry collection for the affected process or node. This issue has been patched in version 0.9.0.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/open-telemetry/opentelemetry-e… | x_refsource_CONFIRM |
| https://github.com/open-telemetry/opentelemetry-e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| open-telemetry | opentelemetry-ebpf-instrumentation |
Affected:
>= 0.1.0, < 0.9.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45685",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T16:39:06.866834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T16:42:02.910Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-j8p6-96vp-f3r9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opentelemetry-ebpf-instrumentation",
"vendor": "open-telemetry",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.1.0, \u003c 0.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated, so a single crafted message can terminate telemetry collection for the affected process or node. This issue has been patched in version 0.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-704",
"description": "CWE-704: Incorrect Type Conversion or Cast",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:25:46.895Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-j8p6-96vp-f3r9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-j8p6-96vp-f3r9"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0"
}
],
"source": {
"advisory": "GHSA-j8p6-96vp-f3r9",
"discovery": "UNKNOWN"
},
"title": "OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45685",
"datePublished": "2026-06-02T15:25:46.895Z",
"dateReserved": "2026-05-13T04:38:01.163Z",
"dateUpdated": "2026-06-02T16:42:02.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45676 (GCVE-0-2026-45676)
Vulnerability from cvelistv5 – Published: 2026-06-02 15:23 – Updated: 2026-06-02 17:34
VLAI
EPSS
VEX
Title
OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent
Summary
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. This issue has been patched in version 0.9.0.
Severity
5.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/open-telemetry/opentelemetry-e… | x_refsource_CONFIRM |
| https://github.com/open-telemetry/opentelemetry-e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| open-telemetry | opentelemetry-ebpf-instrumentation |
Affected:
< 0.9.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45676",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T17:34:40.172983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T17:34:51.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-wp73-mwgf-4jq9"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opentelemetry-ebpf-instrumentation",
"vendor": "open-telemetry",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI\u0027s replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. This issue has been patched in version 0.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:23:50.406Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-wp73-mwgf-4jq9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-wp73-mwgf-4jq9"
},
{
"name": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0"
}
],
"source": {
"advisory": "GHSA-wp73-mwgf-4jq9",
"discovery": "UNKNOWN"
},
"title": "OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45676",
"datePublished": "2026-06-02T15:23:50.406Z",
"dateReserved": "2026-05-12T21:59:25.666Z",
"dateUpdated": "2026-06-02T17:34:51.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-45554 (GCVE-0-2026-45554)
Vulnerability from cvelistv5 – Published: 2026-06-02 15:35 – Updated: 2026-06-02 18:03
VLAI
EPSS
VEX
Title
NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes
Summary
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. This issue has been patched in version 3.12.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/zauberzeug/nicegui/security/ad… | x_refsource_CONFIRM |
| https://github.com/zauberzeug/nicegui/releases/ta… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| zauberzeug | nicegui |
Affected:
< 3.12.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T18:03:28.396030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T18:03:46.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nicegui",
"vendor": "zauberzeug",
"versions": [
{
"status": "affected",
"version": "\u003c 3.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette\u0027s FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. This issue has been patched in version 3.12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:35:07.125Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-pq7c-x8g4-rvp6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-pq7c-x8g4-rvp6"
},
{
"name": "https://github.com/zauberzeug/nicegui/releases/tag/v3.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zauberzeug/nicegui/releases/tag/v3.12.0"
}
],
"source": {
"advisory": "GHSA-pq7c-x8g4-rvp6",
"discovery": "UNKNOWN"
},
"title": "NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45554",
"datePublished": "2026-06-02T15:35:07.125Z",
"dateReserved": "2026-05-12T17:48:47.880Z",
"dateUpdated": "2026-06-02T18:03:46.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.