Common Weakness Enumeration

CWE-841

Improper Enforcement of Behavioral Workflow

The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

CVE-2026-42246 (GCVE-0-2026-42246)

Vulnerability from cvelistv5 – Published: 2026-05-09 19:33 – Updated: 2026-07-02 12:05
VLAI
Title
net-imap vulnerable to STARTTLS stripping via invalid response timing
Summary
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-392 - Missing Report of Error Condition
  • CWE-393 - Return of Wrong Status Code
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
  • CWE-636 - Not Failing Securely ('Failing Open')
  • CWE-841 - Improper Enforcement of Behavioral Workflow
  • CWE-325 - Missing Cryptographic Step
Assigner
References
URL Tags
https://github.com/ruby/net-imap/security/advisor… x_refsource_CONFIRM
https://github.com/ruby/net-imap/commit/0ede4c40b… x_refsource_MISC
https://github.com/ruby/net-imap/commit/24a4e770b… x_refsource_MISC
https://github.com/ruby/net-imap/commit/97e2488fb… x_refsource_MISC
https://github.com/ruby/net-imap/commit/f79d35bf5… x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.3.10 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.4.24 x_refsource_MISC
https://github.com/ruby/net-imap/releases/tag/v0.5.14 x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2026-42246 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2468499 issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:33565 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33540 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33514 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33515 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34076 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33630 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33462 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33512 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33576 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33577 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33721 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33552 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:33551 vendor-advisoryx_refsource_REDHAT
Impacted products
Vendor Product Version
ruby net-imap Affected: < 0.3.10
Affected: >= 0.4.0, < 0.4.24
Affected: >= 0.5.0, < 0.5.14
Affected: >= 0.6.0, < 0.6.4
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.4)     cpe:/a:redhat:rhel_e4s:9.4::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
Create a notification for this product.
Red Hat Red Hat CodeReady Linux Builder EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::crb
Create a notification for this product.
Red Hat Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)     cpe:/a:redhat:enterprise_linux:9::crb
Create a notification for this product.
Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42246",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T02:29:05.120225Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T02:29:15.333Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::crb"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::crb"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-05-09T19:33:17.880Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAP#starttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle (MITM) attacker can inject a predicted tagged OK response before the client completes the STARTTLS command, causing the operation to appear successful without establishing a TLS session. As a result, the connection may continue to transmit sensitive information in cleartext and enable modification of data exchanged over the affected connection, while the application incorrectly believes that encryption has been enabled."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-325",
                "description": "Missing Cryptographic Step",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T12:05:26.468Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-42246"
          },
          {
            "name": "RHBZ#2468499",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468499"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42246.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33565"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33540"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33514"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33515"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:34076"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33630"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33462"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33512"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33576"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33577"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33721"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33552"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33551"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:33565: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33540: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33514: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33515: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:34076: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33630: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33462: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33512: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33576: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33577: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33721: Red Hat Hardened Images"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33552: Red Hat Hardened Images"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33551: Red Hat Hardened Images"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-09T20:01:04.782Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-05-09T19:33:17.880Z",
            "value": "Made public."
          }
        ],
        "title": "net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS",
        "workarounds": [
          {
            "lang": "en",
            "value": "As a temporary workaround, Users are strongly encouraged to switch from explicit TLS upgrading mechanisms (STARTTLS on port 143) to Implicit TLS connections (such as IMAPS on port 993).\n\nBy enforcing implicit TLS via port 993 from the initial socket creation step, the connection is mathematically protected against packet injection and connection degradation tactics entirely, bypassing the vulnerable implementation path."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "net-imap",
          "vendor": "ruby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.3.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.4.0, \u003c 0.4.24"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.5.0, \u003c 0.5.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.6.0, \u003c 0.6.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAP#starttls to return \"successfully\", without starting TLS. This issue has been patched in versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-392",
              "description": "CWE-392: Missing Report of Error Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-393",
              "description": "CWE-393: Return of Wrong Status Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-636",
              "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-09T19:33:17.880Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ruby/net-imap/security/advisories/GHSA-vcgp-9326-pqcp"
        },
        {
          "name": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/commit/0ede4c40b1523dfeaf95777b2678e54cc0fd9618"
        },
        {
          "name": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/commit/24a4e770b43230286a05aa2a9746cdbb3eb8485e"
        },
        {
          "name": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/commit/97e2488fb5401a1783bddd959dde007d9fbce42c"
        },
        {
          "name": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/commit/f79d35bf5833f186e81044c57c843eda30c873da"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.3.10",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.3.10"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.4.24",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.4.24"
        },
        {
          "name": "https://github.com/ruby/net-imap/releases/tag/v0.5.14",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ruby/net-imap/releases/tag/v0.5.14"
        }
      ],
      "source": {
        "advisory": "GHSA-vcgp-9326-pqcp",
        "discovery": "UNKNOWN"
      },
      "title": "net-imap vulnerable to STARTTLS stripping via invalid response timing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42246",
    "datePublished": "2026-05-09T19:33:17.880Z",
    "dateReserved": "2026-04-25T05:37:12.118Z",
    "dateUpdated": "2026-07-02T12:05:26.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42303 (GCVE-0-2026-42303)

Vulnerability from cvelistv5 – Published: 2026-05-12 17:29 – Updated: 2026-05-12 18:40
VLAI
Title
Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
Summary
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletion of a data subject's records across every integration configured in the affected deployment. This vulnerability is fixed in 2.83.2.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
  • CWE-306 - Missing Authentication for Critical Function
  • CWE-841 - Improper Enforcement of Behavioral Workflow
Assigner
Impacted products
Vendor Product Version
ethyca fides Affected: >= 2.75.0, < 2.83.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42303",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T18:39:40.374950Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T18:40:09.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/ethyca/fides/security/advisories/GHSA-qx5f-ghc2-7g5c"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fides",
          "vendor": "ethyca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.75.0, \u003c 2.83.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletion of a data subject\u0027s records across every integration configured in the affected deployment. This vulnerability is fixed in 2.83.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306: Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T17:29:22.285Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ethyca/fides/security/advisories/GHSA-qx5f-ghc2-7g5c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ethyca/fides/security/advisories/GHSA-qx5f-ghc2-7g5c"
        },
        {
          "name": "https://github.com/ethyca/fides/pull/7971",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ethyca/fides/pull/7971"
        },
        {
          "name": "https://github.com/ethyca/fides/pull/7972",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ethyca/fides/pull/7972"
        },
        {
          "name": "https://github.com/ethyca/fides/commit/0e320b20934eb5af3a3d5127dba2691605d7ff37",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ethyca/fides/commit/0e320b20934eb5af3a3d5127dba2691605d7ff37"
        },
        {
          "name": "https://github.com/ethyca/fides/commit/e7a6527b0f9fdc9887b86a89bb5453e7421882dd",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ethyca/fides/commit/e7a6527b0f9fdc9887b86a89bb5453e7421882dd"
        },
        {
          "name": "https://github.com/ethyca/fides/releases/tag/2.83.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ethyca/fides/releases/tag/2.83.2"
        }
      ],
      "source": {
        "advisory": "GHSA-qx5f-ghc2-7g5c",
        "discovery": "UNKNOWN"
      },
      "title": "Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-42303",
    "datePublished": "2026-05-12T17:29:22.285Z",
    "dateReserved": "2026-04-26T12:13:55.552Z",
    "dateUpdated": "2026-05-12T18:40:09.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-43937 (GCVE-0-2026-43937)

Vulnerability from cvelistv5 – Published: 2026-05-12 14:00 – Updated: 2026-05-12 15:42
VLAI
Title
YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`
Summary
YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and passes it straight to IDbAccess.RunSql with no caller check, yielding arbitrary SQL execution for any low-privileged user. This vulnerability is fixed in 4.0.5.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • CWE-841 - Improper Enforcement of Behavioral Workflow
Assigner
References
Impacted products
Vendor Product Version
YAFNET YAFNET Affected: < 4.0.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-43937",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T15:42:40.301152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T15:42:43.601Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-xhw7-j96h-c3g5"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "YAFNET",
          "vendor": "YAFNET",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, Any admin OnPost\u2026 handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and passes it straight to IDbAccess.RunSql with no caller check, yielding arbitrary SQL execution for any low-privileged user. This vulnerability is fixed in 4.0.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T14:00:35.599Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-xhw7-j96h-c3g5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/YAFNET/YAFNET/security/advisories/GHSA-xhw7-j96h-c3g5"
        }
      ],
      "source": {
        "advisory": "GHSA-xhw7-j96h-c3g5",
        "discovery": "UNKNOWN"
      },
      "title": "YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-43937",
    "datePublished": "2026-05-12T14:00:35.599Z",
    "dateReserved": "2026-05-04T16:59:09.089Z",
    "dateUpdated": "2026-05-12T15:42:43.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-43974 (GCVE-0-2026-43974)

Vulnerability from cvelistv5 – Published: 2026-06-08 14:12 – Updated: 2026-06-08 16:34
VLAI
Title
gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM
Summary
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gun_http:handle_inform/8, when a 101 Switching Protocols response is received over HTTP/1.1, the function verifies only that the Upgrade header is syntactically valid and that the stream reference is a plain reference(). It does not check whether the client ever sent an Upgrade or Connection: upgrade header on the corresponding request. Because this check is absent, any 101 response (solicited or not) causes gun to dispatch a gun_upgrade message to the caller and transition the entire connection to raw protocol mode. A malicious or compromised HTTP server can send an unsolicited 101 response to any HTTP/1.1 request, causing the gun client to abandon HTTP framing for that connection. Once in raw mode, gun_raw applies no flow control (flow=infinity) and re-arms socket active mode after every received packet, so the server can flood the client with arbitrary bytes. These are forwarded as unbounded gun_data messages to the owner process, exhausting its mailbox and BEAM memory, ultimately crashing the VM. This issue affects gun: from 2.0.0 before 2.4.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-841 - Improper Enforcement of Behavioral Workflow
Assigner
EEF
Impacted products
Vendor Product Version
ninenines gun Affected: 2.0.0 , < 2.4.0 (semver)
    cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*
Create a notification for this product.
ninenines gun Affected: a3c2edbb8c807717e2f10520c6cf1e77a62eab2e , < 5b48068c29ce5e112cb149b5857c7d4dc319a81b (git)
    cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Peter Ullrich Loïc Hoguin
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-43974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-08T15:41:42.657559Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-08T15:41:49.498Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "gun_http"
          ],
          "packageName": "gun",
          "packageURL": "pkg:hex/gun",
          "product": "gun",
          "programFiles": [
            "src/gun_http.erl"
          ],
          "programRoutines": [
            {
              "name": "gun_http:handle_inform/8"
            }
          ],
          "repo": "https://github.com/ninenines/gun",
          "vendor": "ninenines",
          "versions": [
            {
              "lessThan": "2.4.0",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://github.com",
          "cpes": [
            "cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "modules": [
            "gun_http"
          ],
          "packageName": "ninenines/gun",
          "packageURL": "pkg:github/ninenines/gun",
          "product": "gun",
          "programFiles": [
            "src/gun_http.erl"
          ],
          "programRoutines": [
            {
              "name": "gun_http:handle_inform/8"
            }
          ],
          "repo": "https://github.com/ninenines/gun.git",
          "vendor": "ninenines",
          "versions": [
            {
              "lessThan": "5b48068c29ce5e112cb149b5857c7d4dc319a81b",
              "status": "affected",
              "version": "a3c2edbb8c807717e2f10520c6cf1e77a62eab2e",
              "versionType": "git"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ninenines:gun:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.4.0",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "AND"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Peter Ullrich"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Lo\u00efc Hoguin"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unexpected Status Code or Return Value vulnerability in ninenines gun (\u003ctt\u003egun_http\u003c/tt\u003e module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response.\u003cp\u003eIn \u003ctt\u003egun_http:handle_inform/8\u003c/tt\u003e, when a \u003ctt\u003e101 Switching Protocols\u003c/tt\u003e response is received over HTTP/1.1, the function verifies only that the \u003ctt\u003eUpgrade\u003c/tt\u003e header is syntactically valid and that the stream reference is a plain \u003ctt\u003ereference()\u003c/tt\u003e. It does not check whether the client ever sent an \u003ctt\u003eUpgrade\u003c/tt\u003e or \u003ctt\u003eConnection: upgrade\u003c/tt\u003e header on the corresponding request. Because this check is absent, any 101 response (solicited or not) causes gun to dispatch a \u003ctt\u003egun_upgrade\u003c/tt\u003e message to the caller and transition the entire connection to raw protocol mode.\u003c/p\u003e\u003cp\u003eA malicious or compromised HTTP server can send an unsolicited 101 response to any HTTP/1.1 request, causing the gun client to abandon HTTP framing for that connection. Once in raw mode, \u003ctt\u003egun_raw\u003c/tt\u003e applies no flow control (\u003ctt\u003eflow=infinity\u003c/tt\u003e) and re-arms socket \u003ctt\u003eactive\u003c/tt\u003e mode after every received packet, so the server can flood the client with arbitrary bytes. These are forwarded as unbounded \u003ctt\u003egun_data\u003c/tt\u003e messages to the owner process, exhausting its mailbox and BEAM memory, ultimately crashing the VM.\u003c/p\u003e\u003cp\u003eThis issue affects gun: from 2.0.0 before 2.4.0.\u003c/p\u003e"
            }
          ],
          "value": "Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response.\n\nIn gun_http:handle_inform/8, when a 101 Switching Protocols response is received over HTTP/1.1, the function verifies only that the Upgrade header is syntactically valid and that the stream reference is a plain reference(). It does not check whether the client ever sent an Upgrade or Connection: upgrade header on the corresponding request. Because this check is absent, any 101 response (solicited or not) causes gun to dispatch a gun_upgrade message to the caller and transition the entire connection to raw protocol mode.\n\nA malicious or compromised HTTP server can send an unsolicited 101 response to any HTTP/1.1 request, causing the gun client to abandon HTTP framing for that connection. Once in raw mode, gun_raw applies no flow control (flow=infinity) and re-arms socket active mode after every received packet, so the server can flood the client with arbitrary bytes. These are forwarded as unbounded gun_data messages to the owner process, exhausting its mailbox and BEAM memory, ultimately crashing the VM.\n\nThis issue affects gun: from 2.0.0 before 2.4.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-220",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-220 Client-Server Protocol Manipulation"
            }
          ]
        },
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841 Improper Enforcement of Behavioral Workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-08T16:34:38.989Z",
        "orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
        "shortName": "EEF"
      },
      "references": [
        {
          "tags": [
            "related",
            "third-party-advisory"
          ],
          "url": "https://cna.erlef.org/cves/CVE-2026-43974.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://osv.dev/vulnerability/EEF-CVE-2026-43974"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/ninenines/gun/commit/5b48068c29ce5e112cb149b5857c7d4dc319a81b"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
    "assignerShortName": "EEF",
    "cveId": "CVE-2026-43974",
    "datePublished": "2026-06-08T14:12:36.957Z",
    "dateReserved": "2026-05-04T18:23:25.574Z",
    "dateUpdated": "2026-06-08T16:34:38.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-45023 (GCVE-0-2026-45023)

Vulnerability from cvelistv5 – Published: 2026-05-28 21:30 – Updated: 2026-06-18 16:07
VLAI
Title
AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute
Summary
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes blocks without consuming any credits, regardless of the user's balance. The credit check that exists in the graph execution path (manager.py) is never reached when blocks are called directly via the external API, allowing unlimited free execution of all blocks. This vulnerability is fixed in 0.6.59.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-770 - Allocation of Resources Without Limits or Throttling
  • CWE-841 - Improper Enforcement of Behavioral Workflow
Assigner
References
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45023",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T13:36:55.269880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T13:36:58.698Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-8pjg-mfqm-vrhr"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AutoGPT",
          "vendor": "Significant-Gravitas",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.6.59"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.59, POST /api/blocks/{block_id}/execute endpoint executes blocks without consuming any credits, regardless of the user\u0027s balance. The credit check that exists in the graph execution path (manager.py) is never reached when blocks are called directly via the external API, allowing unlimited free execution of all blocks. This vulnerability is fixed in 0.6.59."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T16:07:47.596Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-8pjg-mfqm-vrhr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Significant-Gravitas/AutoGPT/security/advisories/GHSA-8pjg-mfqm-vrhr"
        }
      ],
      "source": {
        "advisory": "GHSA-8pjg-mfqm-vrhr",
        "discovery": "UNKNOWN"
      },
      "title": "AutoGPT: Credit system bypassed via direct block execution in POST /api/blocks/{block_id}/execute"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45023",
    "datePublished": "2026-05-28T21:30:55.329Z",
    "dateReserved": "2026-05-08T16:58:28.896Z",
    "dateUpdated": "2026-06-18T16:07:47.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-46540 (GCVE-0-2026-46540)

Vulnerability from cvelistv5 – Published: 2026-06-09 23:45 – Updated: 2026-06-10 13:00
VLAI
Title
Nimiq light-blockchain: Light blockchain rebranch issue
Summary
Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates self.head but fails to update self.macro_head, self.election_head, self.current_validators, or store the election header in the chain_store. This is in direct contrast with the full Blockchain::rebranch() at blockchain/src/blockchain/push.rs:504-518, which correctly updates all macro/election state when the new head is a macro block. After a rebranch to a macro block, the stale macro_head causes subsequent macro blocks pushed via push() to be verified against the wrong predecessor via verify_macro_successor(&this.macro_head). If the rebranch target was an election block, the stale current_validators causes every subsequent block to fail verify_validators(), completely stalling the light client's chain progression. This issue has been patched in version 1.4.0.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-841 - Improper Enforcement of Behavioral Workflow
Assigner
Impacted products
Vendor Product Version
nimiq core-rs-albatross Affected: < 1.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-46540",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T12:59:40.645536Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T13:00:12.382Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "core-rs-albatross",
          "vendor": "nimiq",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip is a macro block (checkpoint or election), it only updates self.head but fails to update self.macro_head, self.election_head, self.current_validators, or store the election header in the chain_store. This is in direct contrast with the full Blockchain::rebranch() at blockchain/src/blockchain/push.rs:504-518, which correctly updates all macro/election state when the new head is a macro block. After a rebranch to a macro block, the stale macro_head causes subsequent macro blocks pushed via push() to be verified against the wrong predecessor via verify_macro_successor(\u0026this.macro_head). If the rebranch target was an election block, the stale current_validators causes every subsequent block to fail verify_validators(), completely stalling the light client\u0027s chain progression. This issue has been patched in version 1.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T23:45:01.847Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-m3pg-qc2q-mg8c",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-m3pg-qc2q-mg8c"
        },
        {
          "name": "https://github.com/nimiq/core-rs-albatross/pull/3706",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nimiq/core-rs-albatross/pull/3706"
        },
        {
          "name": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nimiq/core-rs-albatross/releases/tag/v1.4.0"
        }
      ],
      "source": {
        "advisory": "GHSA-m3pg-qc2q-mg8c",
        "discovery": "UNKNOWN"
      },
      "title": "Nimiq light-blockchain: Light blockchain rebranch issue"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-46540",
    "datePublished": "2026-06-09T23:45:01.847Z",
    "dateReserved": "2026-05-14T20:42:31.368Z",
    "dateUpdated": "2026-06-10T13:00:12.382Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-48505 (GCVE-0-2026-48505)

Vulnerability from cvelistv5 – Published: 2026-06-22 21:39 – Updated: 2026-06-23 14:28
VLAI
Title
Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission
Summary
Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. If an attacker gains access to both the user's password and their recovery codes, they get two authenticated sessions per recovery code burned instead of one, or more if they batch the parallel submissions wider, materially extending the attacker's window of access compared to what the single-use guarantee implies. This vulnerability is fixed in 4.11.5 and 5.6.5.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-841 - Improper Enforcement of Behavioral Workflow
Assigner
References
Impacted products
Vendor Product Version
filamentphp filament Affected: >= 4.0.0, < 4.11.5
Affected: >= 5.0.0, < 5.6.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-48505",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-23T14:28:27.382918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-23T14:28:42.081Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "filament",
          "vendor": "filamentphp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.11.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, a flaw in the handling of recovery codes for app-based multi-factor authentication allows the same recovery code to be reused via concurrent submission. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. If an attacker gains access to both the user\u0027s password and their recovery codes, they get two authenticated sessions per recovery code burned instead of one, or more if they batch the parallel submissions wider, materially extending the attacker\u0027s window of access compared to what the single-use guarantee implies. This vulnerability is fixed in 4.11.5 and 5.6.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841: Improper Enforcement of Behavioral Workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-22T21:42:19.537Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/filamentphp/filament/security/advisories/GHSA-mc5j-f6wx-h9qh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/filamentphp/filament/security/advisories/GHSA-mc5j-f6wx-h9qh"
        }
      ],
      "source": {
        "advisory": "GHSA-mc5j-f6wx-h9qh",
        "discovery": "UNKNOWN"
      },
      "title": "Filament: Multi-factor authentication (app) recovery codes can still be used multiple times via concurrent submission"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-48505",
    "datePublished": "2026-06-22T21:39:26.304Z",
    "dateReserved": "2026-05-21T16:18:10.618Z",
    "dateUpdated": "2026-06-23T14:28:42.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-57536 (GCVE-0-2026-57536)

Vulnerability from cvelistv5 – Published: 2026-06-25 14:08 – Updated: 2026-06-25 15:13
VLAI
Title
Insufficient validation of payment status in pretix-mollie
Summary
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-841 - Improper enforcement of behavioral workflow
Assigner
Impacted products
Vendor Product Version
pretix pretix-mollie Affected: 0 , < 2.5.6 (python)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-57536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T15:13:22.598137Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T15:13:30.071Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "pretix-mollie",
          "product": "pretix-mollie",
          "repo": "https://github.com/pretix/pretix-mollie",
          "vendor": "pretix",
          "versions": [
            {
              "lessThan": "2.5.6",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Our payment integration with Mollie did not properly validate payment \nstatus responses. An attacker could use a successful payment status \nresponse from one payment and supply it to the system for a different \npayment, gaining access to multiple valid tickets with only one payment."
            }
          ],
          "value": "Our payment integration with Mollie did not properly validate payment \nstatus responses. An attacker could use a successful payment status \nresponse from one payment and supply it to the system for a different \npayment, gaining access to multiple valid tickets with only one payment."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-21",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-21 Exploitation of Trusted Identifiers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841 Improper enforcement of behavioral workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-25T14:16:39.008Z",
        "orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
        "shortName": "rami.io"
      },
      "references": [
        {
          "url": "https://pretix.eu/about/en/blog/20260625-release-2026-5-2/"
        }
      ],
      "title": "Insufficient validation of payment status in pretix-mollie",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
    "assignerShortName": "rami.io",
    "cveId": "CVE-2026-57536",
    "datePublished": "2026-06-25T14:08:37.928Z",
    "dateReserved": "2026-06-24T15:59:32.629Z",
    "dateUpdated": "2026-06-25T15:13:30.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8477 (GCVE-0-2026-8477)

Vulnerability from cvelistv5 – Published: 2026-05-22 15:27 – Updated: 2026-05-22 16:51
VLAI
Summary
Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue affects : * Devolutions Server 2026.1.6.0 through 2026.1.16.0 * Devolutions Server 2025.3.20.0 and earlier
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-841 - Improper enforcement of behavioral workflow
Assigner
Impacted products
Vendor Product Version
Devolutions Server Affected: 2026.1.6.0 , ≤ 2026.1.16.0 (custom)
Affected: 0 , ≤ 2025.3.20.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 2.7,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8477",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T16:51:27.424786Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T16:51:48.017Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Server",
          "vendor": "Devolutions",
          "versions": [
            {
              "lessThanOrEqual": "2026.1.16.0",
              "status": "affected",
              "version": "2026.1.6.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2025.3.20.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request.\u003cp\u003eThis issue affects :\u003c/p\u003e\u003cul\u003e\u003cli\u003eDevolutions Server 2026.1.6.0 through 2026.1.16.0\u003c/li\u003e\u003cli\u003eDevolutions Server 2025.3.20.0 and earlier\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request.\n\nThis issue affects :\n\n  *  Devolutions Server 2026.1.6.0 through 2026.1.16.0\n  *  Devolutions Server 2025.3.20.0 and earlier"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-841",
              "description": "CWE-841 Improper enforcement of behavioral workflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T15:27:34.768Z",
        "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
        "shortName": "DEVOLUTIONS"
      },
      "references": [
        {
          "url": "https://devolutions.net/security/advisories/DEVO-2026-0013/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
    "assignerShortName": "DEVOLUTIONS",
    "cveId": "CVE-2026-8477",
    "datePublished": "2026-05-22T15:27:34.768Z",
    "dateReserved": "2026-05-13T13:25:05.015Z",
    "dateUpdated": "2026-05-22T16:51:48.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page