CWE-312
AllowedCleartext Storage of Sensitive Information
Abstraction: Base · Status: Draft
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
1017 vulnerabilities reference this CWE, most recent first.
CVE-2026-8596 (GCVE-0-2026-8596)
Vulnerability from cvelistv5 – Published: 2026-05-14 19:35 – Updated: 2026-05-16 03:56- CWE-312 - Cleartext storage of sensitive information
| URL | Tags |
|---|---|
| https://github.com/aws/sagemaker-python-sdk/relea… | patch |
| https://github.com/aws/sagemaker-python-sdk/relea… | patch |
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://github.com/aws/sagemaker-python-sdk/secur… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Amazon SageMaker Python SDK | AWS |
Affected:
2.199.0 , ≤ 2.257.1
(custom)
Affected: 3.0.0 , ≤ 3.7.1 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:21.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AWS",
"vendor": "Amazon SageMaker Python SDK",
"versions": [
{
"lessThanOrEqual": "2.257.1",
"status": "affected",
"version": "2.199.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "3.7.1",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon_sagemaker_python_sdk:aws:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.257.1",
"versionStartIncluding": "2.199.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:amazon_sagemaker_python_sdk:aws:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path.\u003c/p\u003e\u003cp\u003eTo remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK.\u003c/p\u003e"
}
],
"value": "Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path.\n\n\n\nTo remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext storage of sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T19:51:41.804Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.257.2"
},
{
"tags": [
"patch"
],
"url": "https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.8.0"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/2026-031-aws/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-7hh5-prp2-mfh5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2026-8596",
"datePublished": "2026-05-14T19:35:51.421Z",
"dateReserved": "2026-05-14T13:39:22.096Z",
"dateUpdated": "2026-05-16T03:56:21.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7163 (GCVE-0-2026-7163)
Vulnerability from cvelistv5 – Published: 2026-04-30 13:18 – Updated: 2026-07-15 00:40- CWE-312 - Cleartext Storage of Sensitive Information
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:11511 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:11512 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12116 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:12337 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:18584 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:18585 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2026-7163 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2463152 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | multicluster engine for Kubernetes 2.10 |
Unaffected:
1776983527 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.10::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.11 |
Unaffected:
1776987609 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.11::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.7 |
Unaffected:
1777205801 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.7::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.7 |
Unaffected:
1777205772 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.7::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.9 |
Unaffected:
1778464111 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.9::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.9 |
Unaffected:
1778464072 , < *
(rpm)
cpe:/a:redhat:multicluster_engine:2.9::el9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:35:04.958346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:35:15.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776983527",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776987609",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el8"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-8-rhel8",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777205801",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777205772",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el8"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-8-rhel8",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778464111",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778464072",
"versionType": "rpm"
}
]
}
],
"datePublic": "2026-04-30T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub. \n\nThe credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace.\n\nThe affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected.\nThis issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode.\n\nSuccessful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T00:40:22.813Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-7163"
},
{
"name": "RHBZ#2463152",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463152"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-7163.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12116"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12337"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11511"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11512"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18584"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18585"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:12116: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:12337: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:11511: multicluster engine for Kubernetes 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:11512: multicluster engine for Kubernetes 2.7"
},
{
"lang": "en",
"value": "RHSA-2026:18584: multicluster engine for Kubernetes 2.9"
},
{
"lang": "en",
"value": "RHSA-2026:18585: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-27T04:18:06.534Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-30T12:00:00.000Z",
"value": "Made public."
}
],
"title": "assisted-service: assisted-service: Authenticated users can gain administrative access to OpenShift clusters via credential disclosure",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776983527",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1776987609",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el8"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-8-rhel8",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777205801",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.7::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1777205772",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el8"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-8-rhel8",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778464111",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"packageName": "multicluster-engine/assisted-service-9-rhel9",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1778464072",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Nick Carboni (Red Hat), Omer Vishlitzky (Red Hat), and Riccardo Piccoli (Red Hat)."
}
],
"datePublic": "2026-04-30T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub. \n\nThe credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace.\n\nThe affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected.\nThis issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode.\n\nSuccessful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T08:09:21.769Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:11511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11511"
},
{
"name": "RHSA-2026:11512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11512"
},
{
"name": "RHSA-2026:12116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12116"
},
{
"name": "RHSA-2026:12337",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:12337"
},
{
"name": "RHSA-2026:18584",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18584"
},
{
"name": "RHSA-2026:18585",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18585"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-7163"
},
{
"name": "RHBZ#2463152",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463152"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-27T04:18:06.534Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-30T12:00:00.000Z",
"value": "Made public."
}
],
"title": "Assisted-service: assisted-service: authenticated users can gain administrative access to openshift clusters via credential disclosure",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-312: Cleartext Storage of Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-7163",
"datePublished": "2026-04-30T13:18:49.088Z",
"dateReserved": "2026-04-27T04:21:23.911Z",
"dateUpdated": "2026-07-15T00:40:22.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6796 (GCVE-0-2026-6796)
Vulnerability from cvelistv5 – Published: 2026-04-21 20:30 – Updated: 2026-04-21 20:40| URL | Tags |
|---|---|
| https://vuldb.com/vuln/358490 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/358490/cti | signaturepermissions-required |
| https://vuldb.com/submit/794797 | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6796",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T20:40:22.690878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:40:36.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:publiccms:publiccms:*:*:*:*:*:*:*:*"
],
"modules": [
"Failed Login Handler"
],
"product": "PublicCMS",
"vendor": "Sanluan",
"versions": [
{
"status": "affected",
"version": "6.202506.a"
},
{
"status": "affected",
"version": "6.202506.b"
},
{
"status": "affected",
"version": "6.202506.c"
},
{
"status": "affected",
"version": "6.202506.d"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LeyNn3H (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext storage in a file or on disk. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T20:30:18.556Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358490 | Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358490"
},
{
"name": "VDB-358490 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358490/cti"
},
{
"name": "Submit #794797 | PublicCMS V6.202506.d Insertion of Sensitive Information Into Log Code",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/794797"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-21T16:40:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6796",
"datePublished": "2026-04-21T20:30:18.556Z",
"dateReserved": "2026-04-21T14:35:38.865Z",
"dateUpdated": "2026-04-21T20:40:36.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6598 (GCVE-0-2026-6598)
Vulnerability from cvelistv5 – Published: 2026-04-20 02:45 – Updated: 2026-04-20 16:19| URL | Tags |
|---|---|
| https://vuldb.com/vuln/358233 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/358233/cti | signaturepermissions-required |
| https://vuldb.com/submit/791921 | third-party-advisory |
| https://gist.github.com/chenhouser2025/77adb3486c… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| langflow-ai | langflow |
Affected:
1.8.0
Affected: 1.8.1 Affected: 1.8.2 Affected: 1.8.3 cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6598",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T16:19:05.997149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T16:19:18.233Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:langflow:langflow:*:*:*:*:*:*:*:*"
],
"modules": [
"Project Creation Endpoint"
],
"product": "langflow",
"vendor": "langflow-ai",
"versions": [
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.8.2"
},
{
"status": "affected",
"version": "1.8.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-f (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settings leads to cleartext storage in a file or on disk. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T02:45:15.874Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358233 | langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358233"
},
{
"name": "VDB-358233 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358233/cti"
},
{
"name": "Submit #791921 | Langflow \u003c= 1.8.3 CWE-311: Missing Encryption of Sensitive Data",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/791921"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/chenhouser2025/77adb3486c06c635ae4b09a3eaf90213"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-19T15:52:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "langflow-ai langflow Project Creation Endpoint projects.py encrypt_auth_settings cleartext storage in file"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6598",
"datePublished": "2026-04-20T02:45:15.874Z",
"dateReserved": "2026-04-19T13:47:03.207Z",
"dateUpdated": "2026-04-20T16:19:18.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6553 (GCVE-0-2026-6553)
Vulnerability from cvelistv5 – Published: 2026-04-21 10:04 – Updated: 2026-04-21 13:20- CWE-312 - Cleartext storage of sensitive information
| URL | Tags |
|---|---|
| https://typo3.org/security/advisory/typo3-core-sa… | vendor-advisory |
| https://github.com/TYPO3/typo3/commit/9a6e913f707… | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T13:20:11.733627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T13:20:23.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "typo3/cms-backend",
"product": "TYPO3 CMS",
"repo": "https://github.com/TYPO3/typo3",
"vendor": "TYPO3",
"versions": [
{
"lessThan": "14.3.0",
"status": "affected",
"version": "14.2.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.3.0",
"versionStartIncluding": "14.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Martin Clewing"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Garvin Hicking"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Stefan B\u00fcrk"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Oliver Hader"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Changing backend users\u0027 passwords via the user settings module results in storing the cleartext password in the \u003ccode\u003euc\u003c/code\u003e and \u003ccode\u003euser_settings\u003c/code\u003e fields of the \u003ccode\u003ebe_users\u003c/code\u003e database table. This issue affects TYPO3 CMS version 14.2.0."
}
],
"value": "Changing backend users\u0027 passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext storage of sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T10:08:27.342Z",
"orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"shortName": "TYPO3"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2026-005"
},
{
"name": "Git commit of main branch",
"tags": [
"patch"
],
"url": "https://github.com/TYPO3/typo3/commit/9a6e913f70767f63b322ae3e2d2f4e302624c291"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TYPO3 CMS Stores Cleartext Password in User Settings Module",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
"assignerShortName": "TYPO3",
"cveId": "CVE-2026-6553",
"datePublished": "2026-04-21T10:04:02.525Z",
"dateReserved": "2026-04-17T21:40:53.165Z",
"dateUpdated": "2026-04-21T13:20:23.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6332 (GCVE-0-2026-6332)
Vulnerability from cvelistv5 – Published: 2026-05-14 16:54 – Updated: 2026-05-14 18:37- CWE-312 - Cleartext storage of sensitive information
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Ecostruxure™ Machine Expert HVAC |
Affected:
Versions prior to 1.10.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-14T18:37:08.735767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T18:37:23.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ecostruxure\u2122 Machine Expert HVAC",
"vendor": "Schneider Electric",
"versions": [
{
"status": "affected",
"version": "Versions prior to 1.10.0"
}
]
}
],
"datePublic": "2026-05-12T16:49:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it."
}
],
"value": "CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext storage of sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T16:54:50.465Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-132-01.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Clear Text Storage of Sensitive Information on EcoStruxure\u2122 Machine Expert HVAC",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2026-6332",
"datePublished": "2026-05-14T16:54:50.465Z",
"dateReserved": "2026-04-15T07:55:30.087Z",
"dateUpdated": "2026-05-14T18:37:23.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5531 (GCVE-0-2026-5531)
Vulnerability from cvelistv5 – Published: 2026-04-05 01:00 – Updated: 2026-04-06 14:51 X_Freeware| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355284 | vdb-entry |
| https://vuldb.com/vuln/355284/cti | signaturepermissions-required |
| https://vuldb.com/submit/782157 | third-party-advisory |
| https://drive.google.com/file/d/1moQEev6skJoIe7Ul… | exploit |
| https://www.sourcecodester.com/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| SourceCodester | Student Result Management System |
Affected:
1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:04:20.674585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:51:24.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP GET Request Handler"
],
"product": "Student Result Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Humraaz21 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "Cleartext Storage in a File or on Disk",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T01:00:17.893Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355284 | SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355284"
},
{
"name": "VDB-355284 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355284/cti"
},
{
"name": "Submit #782157 | SourceCodester Student Result Management System 1.0 Cleartext Storage of Sensitive Information",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782157"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:36:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5531",
"datePublished": "2026-04-05T01:00:17.893Z",
"dateReserved": "2026-04-04T06:31:14.683Z",
"dateUpdated": "2026-04-06T14:51:24.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4387 (GCVE-0-2026-4387)
Vulnerability from cvelistv5 – Published: 2026-05-29 18:28 – Updated: 2026-06-01 16:26| URL | Tags |
|---|---|
| https://security.strongdm.com/?tcuUid=56fde839-93… | vendor-advisory |
| https://specterops.io/blog/2026/06/01/cve-2026-43… | related |
| Vendor | Product | Version | |
|---|---|---|---|
| StrongDM | StrongDM Desktop Application |
Affected:
0 , < 23.74.0
(semver)
|
|
| StrongDM | StrongDM Desktop Client |
Affected:
0 , < 53.77.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T19:49:18.108657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T19:49:33.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "StrongDM Desktop Application",
"vendor": "StrongDM",
"versions": [
{
"lessThan": "23.74.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "StrongDM Desktop Client",
"vendor": "StrongDM",
"versions": [
{
"lessThan": "53.77.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hope Walker, SpecterOps"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eStrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at \u003ccode\u003eC:\\Users\\\u0026lt;username\u0026gt;\\.sdm\\state.kv\u003c/code\u003e. The file is protected only by default user-level NTFS permissions.\u003c/p\u003e\u003cp\u003eExploitation requires local read access to the affected user\u0027s profile directory and additional deployment and execution conditions on the target host.\u003c/p\u003e\u003cp\u003eThe condition was reported through coordinated disclosure by Hope Walker (SpecterOps).\u003c/p\u003e"
}
],
"value": "StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\\Users\\\u003cusername\u003e\\.sdm\\state.kv. The file is protected only by default user-level NTFS permissions.\n\n\n\nExploitation requires local read access to the affected user\u0027s profile directory and additional deployment and execution conditions on the target host.\n\n\n\nThe condition was reported through coordinated disclosure by Hope Walker (SpecterOps)."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker with local read access to the affected user\u0027s profile directory may obtain authentication state stored in the state.kv file. Under specific deployment and execution conditions, the recovered material could be used to authenticate against StrongDM-brokered resources as the affected user."
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:26:35.443Z",
"orgId": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b",
"shortName": "StrongDM"
},
"references": [
{
"name": "StrongDM Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://security.strongdm.com/?tcuUid=56fde839-9388-4361-8d3b-9baa7b2de2ed"
},
{
"tags": [
"related"
],
"url": "https://specterops.io/blog/2026/06/01/cve-2026-4387-strongdm-state-file-reuse/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade the StrongDM Desktop Application to version 23.74.0 or later (Desktop Client 53.77.0 or later). The fixed release protects the state.kv file at rest using a platform-native data-protection mechanism (Windows DPAPI on Windows).\u003c/p\u003e"
}
],
"value": "Upgrade the StrongDM Desktop Application to version 23.74.0 or later (Desktop Client 53.77.0 or later). The fixed release protects the state.kv file at rest using a platform-native data-protection mechanism (Windows DPAPI on Windows)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-19T00:00:00.000Z",
"value": "Initial coordinated disclosure submission received from SpecterOps."
},
{
"lang": "en",
"time": "2025-12-12T00:00:00.000Z",
"value": "Vendor reproduction testing performed on StrongDM Desktop Application 23.51.0."
},
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Fix released in StrongDM Desktop Application 23.74.0 / Desktop Client 53.77.0."
},
{
"lang": "en",
"time": "2026-04-01T13:20:00.000Z",
"value": "Patch validation completed; condition not reproducible on the fixed release."
},
{
"lang": "en",
"time": "2026-05-30T00:00:00.000Z",
"value": "Public disclosure and CVE publication."
}
],
"title": "Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ebf2cdfb-f390-4894-8ec9-f81bf1c57e6b",
"assignerShortName": "StrongDM",
"cveId": "CVE-2026-4387",
"datePublished": "2026-05-29T18:28:00.572Z",
"dateReserved": "2026-03-18T13:52:47.802Z",
"dateUpdated": "2026-06-01T16:26:35.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4346 (GCVE-0-2026-4346)
Vulnerability from cvelistv5 – Published: 2026-03-26 21:16 – Updated: 2026-03-27 19:39- CWE-312 - Cleartext storage of sensitive information
| URL | Tags |
|---|---|
| https://www.tp-link.com/in/support/download/tl-wr… | patch |
| https://www.tp-link.com/us/support/faq/5034/ | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| TP-Link Systems Inc. | TL-WR850N v3 |
Affected:
0 , < V3_0.9.1 Build251205
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T19:28:00.222478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:39:20.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "TL-WR850N v3",
"vendor": "TP-Link Systems Inc.",
"versions": [
{
"lessThan": "V3_0.9.1 Build251205",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anirudh Tarikere Shankarappa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device\u2019s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router\u2019s management password and wireless network key.\n\u003cbr\u003eSuccessful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device\u2019s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the serial port can recover sensitive information, including the router\u2019s management password and wireless network key.\n\nSuccessful exploitation can lead to full administrative control of the device and unauthorized access to the associated wireless network."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext storage of sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T21:16:44.860Z",
"orgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"shortName": "TPLink"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.tp-link.com/in/support/download/tl-wr850n/#Firmware"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.tp-link.com/us/support/faq/5034/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link\u0027s TL-WR850N",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "f23511db-6c3e-4e32-a477-6aa17d310630",
"assignerShortName": "TPLink",
"cveId": "CVE-2026-4346",
"datePublished": "2026-03-26T21:16:44.860Z",
"dateReserved": "2026-03-17T16:03:38.913Z",
"dateUpdated": "2026-03-27T19:39:20.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3277 (GCVE-0-2026-3277)
Vulnerability from cvelistv5 – Published: 2026-02-27 15:11 – Updated: 2026-03-30 20:43- CWE-312 - Cleartext Storage of Sensitive Information
| Vendor | Product | Version | |
|---|---|---|---|
| Devolutions | PowerShell Universal |
Affected:
0 , < 2026.1.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T17:26:17.157053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T20:43:33.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerShell Universal",
"vendor": "Devolutions",
"versions": [
{
"lessThan": "2026.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The OpenID Connect (OIDC) authentication configuration in PowerShell \nUniversal before 2026.1.3 stores the OIDC client secret in cleartext in \nthe \u003ccode\u003e.universal/authentication.ps1\u003c/code\u003e script, which allows an attacker with read access to that file to obtain the OIDC client credentials"
}
],
"value": "The OpenID Connect (OIDC) authentication configuration in PowerShell \nUniversal before 2026.1.3 stores the OIDC client secret in cleartext in \nthe .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T15:11:18.252Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2026-0006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2026-3277",
"datePublished": "2026-02-27T15:11:18.252Z",
"dateReserved": "2026-02-26T15:29:18.531Z",
"dateUpdated": "2026-03-30T20:43:33.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to encrypt the data at rest. [REF-1297] [REF-1299] [REF-1301]
Mitigation
In some systems/environments such as cloud, the use of "double encryption" (at both the software and hardware layer) might be required, and the developer might be solely responsible for both layers, instead of shared responsibility with the administrator of the broader system/environment.
CAPEC-37: Retrieve Embedded Sensitive Data
An attacker examines a target system to find sensitive data that has been embedded within it. This information can reveal confidential contents, such as account numbers or individual keys/credentials that can be used as an intermediate step in a larger attack.