Common Weakness Enumeration

CWE-248

Allowed

Uncaught Exception

Abstraction: Base · Status: Draft

An exception is thrown from a function, but it is not caught.

420 vulnerabilities reference this CWE, most recent first.

CVE-2026-48069 (GCVE-0-2026-48069)

Vulnerability from cvelistv5 – Published: 2026-07-14 19:42 – Updated: 2026-07-15 13:27
VLAI
Title
@grpc/grps-js: An incoming malformed compressed message can cause a client or server crash
Summary
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
grpc grpc-node Affected: < 1.9.16
Affected: >= 1.10.0, < 1.10.12
Affected: >= 1.11.0, < 1.11.4
Affected: >= 1.12.0, < 1.12.7
Affected: >= 1.13.0, < 1.13.5
Affected: >= 1.14.0, < 1.14.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48069",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-15T13:23:14.814118Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T13:27:06.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grpc-node",
          "vendor": "grpc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.16"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.10.0, \u003c 1.10.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.11.0, \u003c 1.11.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.12.0, \u003c 1.12.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.13.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.14.0, \u003c 1.14.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T19:42:32.883Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-99f4-grh7-6pcq",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-99f4-grh7-6pcq"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/2375eadcc52ca2b1ef55288bcd6355168b02706c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/2375eadcc52ca2b1ef55288bcd6355168b02706c"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/2fe55fd76a8bb59eaab5f39e3552b5f84985a163",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/2fe55fd76a8bb59eaab5f39e3552b5f84985a163"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/4091bd902105f8fb655741758aee71418c48b5d5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/4091bd902105f8fb655741758aee71418c48b5d5"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/b3f16094473b5c8f38b0955eafa4a19507127346",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/b3f16094473b5c8f38b0955eafa4a19507127346"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/b61c4d65953db85c2ae55b4b3cd98a4259dc87cb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/b61c4d65953db85c2ae55b4b3cd98a4259dc87cb"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/b6dcfc3cee9ef390e5869ebea5a8c5ae187720b9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/b6dcfc3cee9ef390e5869ebea5a8c5ae187720b9"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.14.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.14.4"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.9.16",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.9.16"
        }
      ],
      "source": {
        "advisory": "GHSA-99f4-grh7-6pcq",
        "discovery": "UNKNOWN"
      },
      "title": "@grpc/grps-js: An incoming malformed compressed message can cause a client or server crash"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-48069",
    "datePublished": "2026-07-14T19:42:32.883Z",
    "dateReserved": "2026-05-20T18:25:25.708Z",
    "dateUpdated": "2026-07-15T13:27:06.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48068 (GCVE-0-2026-48068)

Vulnerability from cvelistv5 – Published: 2026-07-14 19:39 – Updated: 2026-07-14 19:39
VLAI
Title
@grpc/grps-js: A malformed request can cause a server crash
Summary
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initiation can cause a server process created using @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4.
CWE
Assigner
Impacted products
Vendor Product Version
grpc grpc-node Affected: < 1.9.16
Affected: >= 1.11.0, < 1.11.4
Affected: >= 1.12.0, < 1.12.7
Affected: >= 1.13.0, < 1.13.5
Affected: >= 1.14.0, < 1.14.4
Affected: >= 1.10.0, < 1.10.12
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "grpc-node",
          "vendor": "grpc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.16"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.11.0, \u003c 1.11.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.12.0, \u003c 1.12.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.13.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.14.0, \u003c 1.14.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.10.0, \u003c 1.10.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initiation can cause a server process created using @grpc/grpc-js to crash. This issue is fixed in versions 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T19:39:42.607Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/grpc/grpc-node/security/advisories/GHSA-5375-pq7m-f5r2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grpc/grpc-node/security/advisories/GHSA-5375-pq7m-f5r2"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/058665a6c6dae445e2ab0f3f6259164fac52ee17",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/058665a6c6dae445e2ab0f3f6259164fac52ee17"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/1cf4bfa738b15e59cc3daf49ffa24c04f9b626f7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/1cf4bfa738b15e59cc3daf49ffa24c04f9b626f7"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/234f9172b2ff35e586ca7d4e788557aad5985668",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/234f9172b2ff35e586ca7d4e788557aad5985668"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/455efce8acb7fb249652a74c1618a6d7daf1faba",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/455efce8acb7fb249652a74c1618a6d7daf1faba"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/b1b7268f7b81b92c6f03f5128dfd871c08aeb903",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/b1b7268f7b81b92c6f03f5128dfd871c08aeb903"
        },
        {
          "name": "https://github.com/grpc/grpc-node/commit/e2c035aab2fe5e55d46d5fc427481497314a53a4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/commit/e2c035aab2fe5e55d46d5fc427481497314a53a4"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.10.12"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.11.4"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.12.7"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.13.5"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.14.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.14.4"
        },
        {
          "name": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.9.16",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grpc/grpc-node/releases/tag/%40grpc%2Fgrpc-js%401.9.16"
        }
      ],
      "source": {
        "advisory": "GHSA-5375-pq7m-f5r2",
        "discovery": "UNKNOWN"
      },
      "title": "@grpc/grps-js: A malformed request can cause a server crash"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-48068",
    "datePublished": "2026-07-14T19:39:42.607Z",
    "dateReserved": "2026-05-20T18:25:25.708Z",
    "dateUpdated": "2026-07-14T19:39:42.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48038 (GCVE-0-2026-48038)

Vulnerability from cvelistv5 – Published: 2026-07-14 19:24 – Updated: 2026-07-15 13:27
VLAI
Title
joi: Uncaught RangeError on deeply nested input through recursive `link()` schemas
Summary
joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link() schemas. When validate() is called without try/catch in a request handler, deeply nested input can trigger an unhandled RangeError and potentially crash the process; lower-impact paths using validateAsync() or try/catch produce a RangeError instead of a structured ValidationError. This issue is fixed in versions 17.13.4 and 18.2.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
hapijs joi Affected: < 17.13.4
Affected: >= 18.0.0, < 18.2.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-15T13:23:16.760424Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-15T13:27:13.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "joi",
          "vendor": "hapijs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 17.13.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 18.0.0, \u003c 18.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link() schemas. When validate() is called without try/catch in a request handler, deeply nested input can trigger an unhandled RangeError and potentially crash the process; lower-impact paths using validateAsync() or try/catch produce a RangeError instead of a structured ValidationError. This issue is fixed in versions 17.13.4 and 18.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T19:24:32.644Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/hapijs/joi/security/advisories/GHSA-q7cg-457f-vx79",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/hapijs/joi/security/advisories/GHSA-q7cg-457f-vx79"
        },
        {
          "name": "https://github.com/hapijs/joi/pull/3113",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hapijs/joi/pull/3113"
        },
        {
          "name": "https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hapijs/joi/commit/97bd51de94d595a2d8949eb3bec0dbdd2f8a7a74"
        },
        {
          "name": "https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hapijs/joi/commit/fc146a628ab9cc250854407722d9f8738c9548e7"
        }
      ],
      "source": {
        "advisory": "GHSA-q7cg-457f-vx79",
        "discovery": "UNKNOWN"
      },
      "title": "joi: Uncaught RangeError on deeply nested input through recursive `link()` schemas"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-48038",
    "datePublished": "2026-07-14T19:24:32.644Z",
    "dateReserved": "2026-05-20T18:15:53.577Z",
    "dateUpdated": "2026-07-15T13:27:13.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-47480 (GCVE-0-2026-47480)

Vulnerability from cvelistv5 – Published: 2026-07-14 19:47 – Updated: 2026-07-14 19:47
VLAI
Summary
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service.
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA Triton Inference Server Affected: 0.0 , ≤ 26.04 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Triton Inference Server",
          "vendor": "NVIDIA",
          "versions": [
            {
              "lessThanOrEqual": "26.04",
              "status": "affected",
              "version": "0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an uncaught exception. A successful exploit of this vulnerability might lead to denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Denial of Service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248 Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-14T19:47:59.935Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47480"
        },
        {
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47480"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2026-47480",
    "datePublished": "2026-07-14T19:47:59.935Z",
    "dateReserved": "2026-05-19T19:55:38.728Z",
    "dateUpdated": "2026-07-14T19:47:59.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-46689 (GCVE-0-2026-46689)

Vulnerability from cvelistv5 – Published: 2026-06-10 20:28 – Updated: 2026-06-11 12:55
VLAI
Title
Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion
Summary
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (≈ 4–12 KB) drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds to stack overflow with std::process::abort() — the entire kanidmd process exits. The parse runs inside axum's Query<ScimEntryGetQuery> extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-248 - Uncaught Exception
  • CWE-400 - Uncontrolled Resource Consumption
  • CWE-674 - Uncontrolled Recursion
Assigner
References
Impacted products
Vendor Product Version
kanidm kanidm Affected: < 1.9.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-46689",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T12:55:52.379516Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-11T12:55:59.122Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kanidm",
          "vendor": "kanidm",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses (\u2248 4\u201312 KB) drives the recursive-descent PEG parser past the worker thread\u0027s stack guard page. Rust responds to stack overflow with std::process::abort() \u2014 the entire kanidmd process exits. The parse runs inside axum\u0027s Query\u003cScimEntryGetQuery\u003e extractor, before any handler body and therefore before any ACL check. This issue has been patched in version 1.9.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T20:28:44.009Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/kanidm/kanidm/security/advisories/GHSA-r5fr-9gmv-jggh"
        },
        {
          "name": "https://github.com/kanidm/kanidm/releases/tag/v1.9.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/kanidm/kanidm/releases/tag/v1.9.3"
        }
      ],
      "source": {
        "advisory": "GHSA-r5fr-9gmv-jggh",
        "discovery": "UNKNOWN"
      },
      "title": "Kanidm: Unauthenticated process abort via SCIM filter stack exhaustion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-46689",
    "datePublished": "2026-06-10T20:28:44.009Z",
    "dateReserved": "2026-05-15T21:46:51.548Z",
    "dateUpdated": "2026-06-11T12:55:59.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-46545 (GCVE-0-2026-46545)

Vulnerability from cvelistv5 – Published: 2026-06-09 23:47 – Updated: 2026-06-10 14:38
VLAI
Title
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
Summary
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
nimiq core-rs-albatross Affected: < 1.5.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-46545",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T14:37:39.248704Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T14:38:24.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "core-rs-albatross",
          "vendor": "nimiq",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::put_chunk allows any state-sync peer to crash any node performing state synchronization (freshly joining nodes and recovering nodes). This issue has been patched in version 1.5.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T23:47:51.072Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-mw3q-r9wh-h2ff",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-mw3q-r9wh-h2ff"
        },
        {
          "name": "https://github.com/nimiq/core-rs-albatross/pull/3762",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nimiq/core-rs-albatross/pull/3762"
        },
        {
          "name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.5.0"
        }
      ],
      "source": {
        "advisory": "GHSA-mw3q-r9wh-h2ff",
        "discovery": "UNKNOWN"
      },
      "title": "nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-46545",
    "datePublished": "2026-06-09T23:47:51.072Z",
    "dateReserved": "2026-05-14T20:42:31.368Z",
    "dateUpdated": "2026-06-10T14:38:24.123Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-46411 (GCVE-0-2026-46411)

Vulnerability from cvelistv5 – Published: 2026-06-09 23:01 – Updated: 2026-06-10 14:30
VLAI
Title
FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older
Summary
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
halfgaar FlashMQ Affected: < 1.26.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-46411",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T14:30:14.609160Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T14:30:30.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FlashMQ",
          "vendor": "halfgaar",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.26.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T23:01:33.212Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/halfgaar/FlashMQ/security/advisories/GHSA-g35r-265r-rxrh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/halfgaar/FlashMQ/security/advisories/GHSA-g35r-265r-rxrh"
        },
        {
          "name": "https://github.com/halfgaar/FlashMQ/commit/29e08f7b97b6e3f96db923c2b6a260c47b49c195",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/halfgaar/FlashMQ/commit/29e08f7b97b6e3f96db923c2b6a260c47b49c195"
        },
        {
          "name": "https://github.com/halfgaar/FlashMQ/releases/tag/v1.26.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/halfgaar/FlashMQ/releases/tag/v1.26.2"
        }
      ],
      "source": {
        "advisory": "GHSA-g35r-265r-rxrh",
        "discovery": "UNKNOWN"
      },
      "title": "FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-46411",
    "datePublished": "2026-06-09T23:01:33.212Z",
    "dateReserved": "2026-05-13T21:04:10.933Z",
    "dateUpdated": "2026-06-10T14:30:30.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45685 (GCVE-0-2026-45685)

Vulnerability from cvelistv5 – Published: 2026-06-02 15:25 – Updated: 2026-06-02 16:42
VLAI
Title
OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages
Summary
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated, so a single crafted message can terminate telemetry collection for the affected process or node. This issue has been patched in version 0.9.0.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-248 - Uncaught Exception
  • CWE-704 - Incorrect Type Conversion or Cast
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45685",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T16:39:06.866834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T16:42:02.910Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-j8p6-96vp-f3r9"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "opentelemetry-ebpf-instrumentation",
          "vendor": "open-telemetry",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.1.0, \u003c 0.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated, so a single crafted message can terminate telemetry collection for the affected process or node. This issue has been patched in version 0.9.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-704",
              "description": "CWE-704: Incorrect Type Conversion or Cast",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T15:25:46.895Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-j8p6-96vp-f3r9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-j8p6-96vp-f3r9"
        },
        {
          "name": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0"
        }
      ],
      "source": {
        "advisory": "GHSA-j8p6-96vp-f3r9",
        "discovery": "UNKNOWN"
      },
      "title": "OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messages"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45685",
    "datePublished": "2026-06-02T15:25:46.895Z",
    "dateReserved": "2026-05-13T04:38:01.163Z",
    "dateUpdated": "2026-06-02T16:42:02.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45676 (GCVE-0-2026-45676)

Vulnerability from cvelistv5 – Published: 2026-06-02 15:23 – Updated: 2026-06-02 17:34
VLAI
Title
OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent
Summary
OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI's replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. This issue has been patched in version 0.9.0.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper Input Validation
  • CWE-248 - Uncaught Exception
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45676",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T17:34:40.172983Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T17:34:51.400Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-wp73-mwgf-4jq9"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "opentelemetry-ebpf-instrumentation",
          "vendor": "open-telemetry",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI\u0027s replacement ELF parser trusts section offsets, counts, and string offsets from the executable file. A crafted local ELF can make OBI dereference invalid section pointers or slice past string tables, causing the agent to panic while determining the process language. This issue has been patched in version 0.9.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T15:23:50.406Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-wp73-mwgf-4jq9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/security/advisories/GHSA-wp73-mwgf-4jq9"
        },
        {
          "name": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.9.0"
        }
      ],
      "source": {
        "advisory": "GHSA-wp73-mwgf-4jq9",
        "discovery": "UNKNOWN"
      },
      "title": "OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agent"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45676",
    "datePublished": "2026-06-02T15:23:50.406Z",
    "dateReserved": "2026-05-12T21:59:25.666Z",
    "dateUpdated": "2026-06-02T17:34:51.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45554 (GCVE-0-2026-45554)

Vulnerability from cvelistv5 – Published: 2026-06-02 15:35 – Updated: 2026-06-02 18:03
VLAI
Title
NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes
Summary
NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. This issue has been patched in version 3.12.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-248 - Uncaught Exception
  • CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
Vendor Product Version
zauberzeug nicegui Affected: < 3.12.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45554",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-02T18:03:28.396030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T18:03:46.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nicegui",
          "vendor": "zauberzeug",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette\u0027s FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. This issue has been patched in version 3.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248: Uncaught Exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T15:35:07.125Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-pq7c-x8g4-rvp6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-pq7c-x8g4-rvp6"
        },
        {
          "name": "https://github.com/zauberzeug/nicegui/releases/tag/v3.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zauberzeug/nicegui/releases/tag/v3.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-pq7c-x8g4-rvp6",
        "discovery": "UNKNOWN"
      },
      "title": "NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45554",
    "datePublished": "2026-06-02T15:35:07.125Z",
    "dateReserved": "2026-05-12T17:48:47.880Z",
    "dateUpdated": "2026-06-02T18:03:46.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.