Vulnerability-Lookup

Vulnerability from cleanstart

Published

2026-06-08 14:16

Modified

2026-06-03 12:46

Summary

Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25680, CVE-2026-25681, CVE-2026-25934, CVE-2026-26958, CVE-2026-27136, CVE-2026-27145, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39882, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, CVE-2026-42508, CVE-2026-44740, CVE-2026-44973, CVE-2026-45022, CVE-2026-45570, CVE-2026-45571, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-389r-gv7p-r3rp, ghsa-3xc5-wrhm-f963, ghsa-78h2-9frx-2jm8, ghsa-crhj-59gh-8x96, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-m3xc-h892-ggx6, ghsa-m7cr-m3pv-hgrp, ghsa-p436-gjf2-799p, ghsa-qw64-3x98-g7q2, ghsa-w5pp-99ch-qj29, ghsa-w8rr-5gcm-pp58 applied in versions: 3.6.16-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0, 4.0.3-r0, 4.0.4-r0, 4.0.4-r1, 4.0.5-r0

Details

Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-15558	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://osv.dev/vulnerability/CVE-2026-25680	WEB
	https://osv.dev/vulnerability/CVE-2026-25681	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/CVE-2026-26958	WEB
	https://osv.dev/vulnerability/CVE-2026-27136	WEB
	https://osv.dev/vulnerability/CVE-2026-27145	WEB
	https://osv.dev/vulnerability/CVE-2026-33186	WEB
	https://osv.dev/vulnerability/CVE-2026-33811	WEB
	https://osv.dev/vulnerability/CVE-2026-33814	WEB
	https://osv.dev/vulnerability/CVE-2026-33815	WEB
	https://osv.dev/vulnerability/CVE-2026-33816	WEB
	https://osv.dev/vulnerability/CVE-2026-34986	WEB
	https://osv.dev/vulnerability/CVE-2026-35469	WEB
	https://osv.dev/vulnerability/CVE-2026-39817	WEB
	https://osv.dev/vulnerability/CVE-2026-39819	WEB
	https://osv.dev/vulnerability/CVE-2026-39820	WEB
	https://osv.dev/vulnerability/CVE-2026-39821	WEB
	https://osv.dev/vulnerability/CVE-2026-39823	WEB
	https://osv.dev/vulnerability/CVE-2026-39824	WEB
	https://osv.dev/vulnerability/CVE-2026-39825	WEB
	https://osv.dev/vulnerability/CVE-2026-39826	WEB
	https://osv.dev/vulnerability/CVE-2026-39827	WEB
	https://osv.dev/vulnerability/CVE-2026-39828	WEB
	https://osv.dev/vulnerability/CVE-2026-39829	WEB
	https://osv.dev/vulnerability/CVE-2026-39830	WEB
	https://osv.dev/vulnerability/CVE-2026-39831	WEB
	https://osv.dev/vulnerability/CVE-2026-39832	WEB
	https://osv.dev/vulnerability/CVE-2026-39833	WEB
	https://osv.dev/vulnerability/CVE-2026-39834	WEB
	https://osv.dev/vulnerability/CVE-2026-39835	WEB
	https://osv.dev/vulnerability/CVE-2026-39836	WEB
	https://osv.dev/vulnerability/CVE-2026-39882	WEB
	https://osv.dev/vulnerability/CVE-2026-39883	WEB
	https://osv.dev/vulnerability/CVE-2026-42499	WEB
	https://osv.dev/vulnerability/CVE-2026-42501	WEB
	https://osv.dev/vulnerability/CVE-2026-42502	WEB
	https://osv.dev/vulnerability/CVE-2026-42504	WEB
	https://osv.dev/vulnerability/CVE-2026-42506	WEB
	https://osv.dev/vulnerability/CVE-2026-42507	WEB
	https://osv.dev/vulnerability/CVE-2026-42508	WEB
	https://osv.dev/vulnerability/CVE-2026-44740	WEB
	https://osv.dev/vulnerability/CVE-2026-44973	WEB
	https://osv.dev/vulnerability/CVE-2026-45022	WEB
	https://osv.dev/vulnerability/CVE-2026-45570	WEB
	https://osv.dev/vulnerability/CVE-2026-45571	WEB
	https://osv.dev/vulnerability/CVE-2026-46595	WEB
	https://osv.dev/vulnerability/CVE-2026-46597	WEB
	https://osv.dev/vulnerability/CVE-2026-46598	WEB
	https://osv.dev/vulnerability/ghsa-2464-8j7c-4cjm	WEB
	https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm	WEB
	https://osv.dev/vulnerability/ghsa-37cx-329c-33x3	WEB
	https://osv.dev/vulnerability/ghsa-389r-gv7p-r3rp	WEB
	https://osv.dev/vulnerability/ghsa-3xc5-wrhm-f963	WEB
	https://osv.dev/vulnerability/ghsa-78h2-9frx-2jm8	WEB
	https://osv.dev/vulnerability/ghsa-crhj-59gh-8x96	WEB
	https://osv.dev/vulnerability/ghsa-fv92-fjc5-jj9h	WEB
	https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr	WEB
	https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx	WEB
	https://osv.dev/vulnerability/ghsa-j88v-2chj-qfwx	WEB
	https://osv.dev/vulnerability/ghsa-m3xc-h892-ggx6	WEB
	https://osv.dev/vulnerability/ghsa-m7cr-m3pv-hgrp	WEB
	https://osv.dev/vulnerability/ghsa-p436-gjf2-799p	WEB
	https://osv.dev/vulnerability/ghsa-qw64-3x98-g7q2	WEB
	https://osv.dev/vulnerability/ghsa-w5pp-99ch-qj29	WEB
	https://osv.dev/vulnerability/ghsa-w8rr-5gcm-pp58	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-15558	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25680	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25681	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-26958	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27136	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27145	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33186	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33811	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33814	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33815	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33816	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34986	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-35469	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39817	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39819	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39820	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39821	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39824	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39825	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39826	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39827	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39828	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39829	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39830	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39831	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39832	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39833	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39834	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39835	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39836	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39882	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39883	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42499	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42501	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42502	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42504	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42506	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42507	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42508	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44740	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44973	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-45022	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-45570	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-45571	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-46595	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-46597	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-46598	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-workflows"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.0.5-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-VD47610",
  "modified": "2026-06-03T12:46:00Z",
  "published": "2026-06-08T14:16:36.248364Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VD47610.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25680"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25681"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-26958"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27136"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27145"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33815"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33816"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34986"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-35469"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39821"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39827"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39828"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39829"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39830"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39831"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39832"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39833"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39834"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39835"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39882"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39883"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42501"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42502"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42504"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42506"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42507"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42508"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44740"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44973"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-45022"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-45570"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-45571"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-46595"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-46597"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-46598"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2464-8j7c-4cjm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-389r-gv7p-r3rp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3xc5-wrhm-f963"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-78h2-9frx-2jm8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-crhj-59gh-8x96"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fv92-fjc5-jj9h"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j88v-2chj-qfwx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-m3xc-h892-ggx6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-m7cr-m3pv-hgrp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p436-gjf2-799p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qw64-3x98-g7q2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w5pp-99ch-qj29"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w8rr-5gcm-pp58"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25680"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25681"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26958"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27136"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27145"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33815"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33816"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35469"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39827"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39831"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39832"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39833"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39834"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39882"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42502"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42504"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42506"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42507"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44740"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44973"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45022"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45570"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45571"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46597"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46598"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25680, CVE-2026-25681, CVE-2026-25934, CVE-2026-26958, CVE-2026-27136, CVE-2026-27145, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39882, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, CVE-2026-42508, CVE-2026-44740, CVE-2026-44973, CVE-2026-45022, CVE-2026-45570, CVE-2026-45571, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-389r-gv7p-r3rp, ghsa-3xc5-wrhm-f963, ghsa-78h2-9frx-2jm8, ghsa-crhj-59gh-8x96, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-m3xc-h892-ggx6, ghsa-m7cr-m3pv-hgrp, ghsa-p436-gjf2-799p, ghsa-qw64-3x98-g7q2, ghsa-w5pp-99ch-qj29, ghsa-w8rr-5gcm-pp58 applied in versions: 3.6.16-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0, 4.0.3-r0, 4.0.4-r0, 4.0.4-r1, 4.0.5-r0",
  "upstream": [
    "CVE-2025-15558",
    "CVE-2025-61729",
    "CVE-2026-25680",
    "CVE-2026-25681",
    "CVE-2026-25934",
    "CVE-2026-26958",
    "CVE-2026-27136",
    "CVE-2026-27145",
    "CVE-2026-33186",
    "CVE-2026-33811",
    "CVE-2026-33814",
    "CVE-2026-33815",
    "CVE-2026-33816",
    "CVE-2026-34986",
    "CVE-2026-35469",
    "CVE-2026-39817",
    "CVE-2026-39819",
    "CVE-2026-39820",
    "CVE-2026-39821",
    "CVE-2026-39823",
    "CVE-2026-39824",
    "CVE-2026-39825",
    "CVE-2026-39826",
    "CVE-2026-39827",
    "CVE-2026-39828",
    "CVE-2026-39829",
    "CVE-2026-39830",
    "CVE-2026-39831",
    "CVE-2026-39832",
    "CVE-2026-39833",
    "CVE-2026-39834",
    "CVE-2026-39835",
    "CVE-2026-39836",
    "CVE-2026-39882",
    "CVE-2026-39883",
    "CVE-2026-42499",
    "CVE-2026-42501",
    "CVE-2026-42502",
    "CVE-2026-42504",
    "CVE-2026-42506",
    "CVE-2026-42507",
    "CVE-2026-42508",
    "CVE-2026-44740",
    "CVE-2026-44973",
    "CVE-2026-45022",
    "CVE-2026-45570",
    "CVE-2026-45571",
    "CVE-2026-46595",
    "CVE-2026-46597",
    "CVE-2026-46598",
    "ghsa-2464-8j7c-4cjm",
    "ghsa-2x5j-vhc8-9cwm",
    "ghsa-37cx-329c-33x3",
    "ghsa-389r-gv7p-r3rp",
    "ghsa-3xc5-wrhm-f963",
    "ghsa-78h2-9frx-2jm8",
    "ghsa-crhj-59gh-8x96",
    "ghsa-fv92-fjc5-jj9h",
    "ghsa-fw7p-63qq-7hpr",
    "ghsa-hfvc-g4fc-pqhx",
    "ghsa-j88v-2chj-qfwx",
    "ghsa-m3xc-h892-ggx6",
    "ghsa-m7cr-m3pv-hgrp",
    "ghsa-p436-gjf2-799p",
    "ghsa-qw64-3x98-g7q2",
    "ghsa-w5pp-99ch-qj29",
    "ghsa-w8rr-5gcm-pp58"
  ]
}

CVE-2025-15558 (GCVE-0-2025-15558)

Vulnerability from cvelistv5 – Published: 2026-03-04 16:14 – Updated: 2026-03-05 04:55

Title

Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Summary

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.

Severity

7 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

Docker

References

3 references

URL	Tags
https://docs.docker.com/desktop/release-notes/
https://www.zerodayinitiative.com/advisories/ZDI-…	third-party-advisory
https://github.com/docker/cli/pull/6713	patch

Impacted products

2 products

Vendor	Product	Version
Docker	Docker CLI	Unaffected: 29.2.0 (semver)
Docker	Compose	Unaffected: 5.1.0 (semver)

Credits

Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-04T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-05T04:55:47.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "platforms": [
            "Windows"
          ],
          "product": "Docker CLI",
          "vendor": "Docker",
          "versions": [
            {
              "status": "unaffected",
              "version": "29.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Compose",
          "vendor": "Docker",
          "versions": [
            {
              "status": "unaffected",
              "version": "5.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDocker CLI for Windows searches for plugin binaries in \u003ccode\u003eC:\\ProgramData\\Docker\\cli-plugins\u003c/code\u003e, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the \u003ccode\u003edocker\u003c/code\u003e\u0026nbsp;CLI is executed as a privileged user.\u003c/p\u003e\u003cp\u003eThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager\"\u003e\u003ccode\u003egithub.com/docker/cli/cli-plugins/manager\u003c/code\u003e\u003c/a\u003e\u0026nbsp;package, such as Docker Compose.\u003c/p\u003e\u003cp\u003eThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker\u00a0CLI is executed as a privileged user.\n\nThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the  github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager \u00a0package, such as Docker Compose.\n\nThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-38",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
            }
          ]
        },
        {
          "capecId": "CAPEC-471",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-471 Search Order Hijacking"
            }
          ]
        },
        {
          "capecId": "CAPEC-640",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-640 Inclusion of Code in Existing Process"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NO",
            "Recovery": "USER",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-04T16:14:32.045Z",
        "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "shortName": "Docker"
      },
      "references": [
        {
          "url": "https://docs.docker.com/desktop/release-notes/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/docker/cli/pull/6713"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
    "assignerShortName": "Docker",
    "cveId": "CVE-2025-15558",
    "datePublished": "2026-03-04T16:14:32.045Z",
    "dateReserved": "2026-02-03T19:51:18.184Z",
    "dateUpdated": "2026-03-05T04:55:47.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-61729 (GCVE-0-2025-61729)

Vulnerability from cvelistv5 – Published: 2025-12-02 18:54 – Updated: 2025-12-03 19:37

Title

Excessive resource consumption when printing error string for host certificate validation in crypto/x509

Summary

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

4 references

URL	Tags
https://go.dev/cl/725920
https://go.dev/issue/76445
https://groups.google.com/g/golang-announce/c/8FJ…
https://pkg.go.dev/vuln/GO-2025-4155

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/x509	Affected: 0 , < 1.24.11 (semver) Affected: 1.25.0 , < 1.25.5 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-61729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-02T21:52:36.341575Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-02T21:52:58.224Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "Certificate.VerifyHostname"
            },
            {
              "name": "Certificate.Verify"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.5",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-03T19:37:14.903Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/725920"
        },
        {
          "url": "https://go.dev/issue/76445"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4155"
        }
      ],
      "title": "Excessive resource consumption when printing error string for host certificate validation in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-61729",
    "datePublished": "2025-12-02T18:54:10.166Z",
    "dateReserved": "2025-09-30T15:05:03.605Z",
    "dateUpdated": "2025-12-03T19:37:14.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25680 (GCVE-0-2026-25680)

Vulnerability from cvelistv5 – Published: 2026-05-22 15:01 – Updated: 2026-05-22 17:00

Title

Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Summary

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

References

4 references

URL	Tags
https://go.dev/cl/781702
https://go.dev/issue/79573
https://groups.google.com/g/golang-announce/c/iI-…
https://pkg.go.dev/vuln/GO-2026-5028

Impacted products

1 product

Vendor	Product	Version
golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.55.0 (semver)

Credits

IPC Labs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-25680",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T17:00:30.926552Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T17:00:35.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parser.parse"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.55.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "IPC Labs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T15:01:21.805Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/781702"
        },
        {
          "url": "https://go.dev/issue/79573"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5028"
        }
      ],
      "title": "Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-25680",
    "datePublished": "2026-05-22T15:01:21.805Z",
    "dateReserved": "2026-02-05T01:35:43.737Z",
    "dateUpdated": "2026-05-22T17:00:35.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25681 (GCVE-0-2026-25681)

Vulnerability from cvelistv5 – Published: 2026-05-22 15:01 – Updated: 2026-05-22 17:46

Title

Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Summary

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

References

4 references

URL	Tags
https://go.dev/issue/79574
https://groups.google.com/g/golang-announce/c/iI-…
https://go.dev/cl/781703
https://pkg.go.dev/vuln/GO-2026-5029

Impacted products

1 product

Vendor	Product	Version
golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.55.0 (semver)

Credits

ensy

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-25681",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T17:46:00.775026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T17:46:20.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parser.parse"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.55.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ensy"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T15:01:21.975Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/79574"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
        },
        {
          "url": "https://go.dev/cl/781703"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5029"
        }
      ],
      "title": "Invoking  incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-25681",
    "datePublished": "2026-05-22T15:01:21.975Z",
    "dateReserved": "2026-02-05T01:35:43.738Z",
    "dateUpdated": "2026-05-22T17:46:20.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-25934 (GCVE-0-2026-25934)

Vulnerability from cvelistv5 – Published: 2026-02-09 22:13 – Updated: 2026-02-11 21:23

Title

go-git improperly verifies data integrity values for .idx and .pack files

Summary

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-354 - Improper Validation of Integrity Check Value

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/go-git/go-git/security/advisor…	x_refsource_CONFIRM
https://github.com/go-git/go-git/releases/tag/v5.16.5	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
go-git	go-git	Affected: < 5.16.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T21:23:04.617787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T21:23:14.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "go-git",
          "vendor": "go-git",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "CWE-354: Improper Validation of Integrity Check Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T22:13:41.974Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3"
        },
        {
          "name": "https://github.com/go-git/go-git/releases/tag/v5.16.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-git/go-git/releases/tag/v5.16.5"
        }
      ],
      "source": {
        "advisory": "GHSA-37cx-329c-33x3",
        "discovery": "UNKNOWN"
      },
      "title": "go-git improperly verifies data integrity values for .idx and .pack files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25934",
    "datePublished": "2026-02-09T22:13:41.974Z",
    "dateReserved": "2026-02-09T16:22:17.786Z",
    "dateUpdated": "2026-02-11T21:23:14.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-26958 (GCVE-0-2026-26958)

Vulnerability from cvelistv5 – Published: 2026-02-19 23:01 – Updated: 2026-02-20 15:39

Title

filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if receiver is not the identity

Summary

filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1.

Severity

1.7 (Low)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-665 - Improper Initialization

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/FiloSottile/edwards25519/secur…	x_refsource_CONFIRM
https://github.com/FiloSottile/edwards25519/commi…	x_refsource_MISC
https://github.com/FiloSottile/edwards25519/relea…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FiloSottile	filippo.io/edwards25519	Affected: < 1.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-26958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-20T15:27:08.887006Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-20T15:39:04.748Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "filippo.io/edwards25519",
          "vendor": "FiloSottile",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior if the receiver is not the identity point. If (*Point).MultiScalarMult is called on an initialized point that is not the identity point, it returns an incorrect result. If the method is called on an uninitialized point, the behavior is undefined. In particular, if the receiver is the zero value, MultiScalarMult returns an invalid point that compares Equal to every other point. Note that MultiScalarMult is a rarely used, advanced API. For example, users who depend on filippo.io/edwards25519 only through github.com/go-sql-driver/mysql are not affected. This issue has been fixed in version 1.1.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 1.7,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-665",
              "description": "CWE-665: Improper Initialization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-19T23:01:26.923Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FiloSottile/edwards25519/security/advisories/GHSA-fw7p-63qq-7hpr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FiloSottile/edwards25519/security/advisories/GHSA-fw7p-63qq-7hpr"
        },
        {
          "name": "https://github.com/FiloSottile/edwards25519/commit/d1c650afb95fad0742b98d95f2eb2cf031393abb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FiloSottile/edwards25519/commit/d1c650afb95fad0742b98d95f2eb2cf031393abb"
        },
        {
          "name": "https://github.com/FiloSottile/edwards25519/releases/tag/v1.1.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FiloSottile/edwards25519/releases/tag/v1.1.1"
        }
      ],
      "source": {
        "advisory": "GHSA-fw7p-63qq-7hpr",
        "discovery": "UNKNOWN"
      },
      "title": "filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if receiver is not the identity"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-26958",
    "datePublished": "2026-02-19T23:01:26.923Z",
    "dateReserved": "2026-02-16T22:20:28.611Z",
    "dateUpdated": "2026-02-20T15:39:04.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27136 (GCVE-0-2026-27136)

Vulnerability from cvelistv5 – Published: 2026-05-22 15:01 – Updated: 2026-05-22 16:59

Title

Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Summary

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

References

4 references

URL	Tags
https://go.dev/issue/79575
https://groups.google.com/g/golang-announce/c/iI-…
https://go.dev/cl/781685
https://pkg.go.dev/vuln/GO-2026-5030

Impacted products

1 product

Vendor	Product	Version
golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.55.0 (semver)

Credits

ensy

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-27136",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-22T16:59:35.355098Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-22T16:59:52.807Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parser.parse"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.55.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ensy"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-22T15:01:22.111Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/79575"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
        },
        {
          "url": "https://go.dev/cl/781685"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5030"
        }
      ],
      "title": "Invoking  duplicate attributes can cause XSS in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-27136",
    "datePublished": "2026-05-22T15:01:22.111Z",
    "dateReserved": "2026-02-17T19:57:28.434Z",
    "dateUpdated": "2026-05-22T16:59:52.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27145 (GCVE-0-2026-27145)

Vulnerability from cvelistv5 – Published: 2026-06-02 22:01 – Updated: 2026-06-04 12:34

Title

Inefficient candidate hostname parsing in crypto/x509

Summary

(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, ".") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname's label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-407 - Inefficient Algorithmic Complexity

Assigner

References

4 references

URL	Tags
https://go.dev/cl/783621
https://go.dev/issue/79694
https://groups.google.com/g/golang-announce/c/tKs…
https://pkg.go.dev/vuln/GO-2026-5037

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/x509	Affected: 0 , < 1.25.11 (semver) Affected: 1.26.0-0 , < 1.26.4 (semver)

Credits

Jakub Ciolek - https://ciolek.dev/

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-27145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-04T12:34:03.859208Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-04T12:34:53.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/x509",
          "product": "crypto/x509",
          "programRoutines": [
            {
              "name": "HostnameError.Error"
            },
            {
              "name": "matchHostnames"
            },
            {
              "name": "Certificate.Verify"
            },
            {
              "name": "Certificate.VerifyHostname"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.25.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.4",
              "status": "affected",
              "version": "1.26.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Ciolek - https://ciolek.dev/"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "(*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused strings.Split(host, \".\") to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number of SAN entries multiplied by the hostname\u0027s label count. Because x509.Verify validates hostnames before building the certificate chain, this overhead occurred even for untrusted certificates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-02T22:01:36.954Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/783621"
        },
        {
          "url": "https://go.dev/issue/79694"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-5037"
        }
      ],
      "title": "Inefficient candidate hostname parsing in crypto/x509"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-27145",
    "datePublished": "2026-06-02T22:01:36.954Z",
    "dateReserved": "2026-02-17T19:57:28.435Z",
    "dateUpdated": "2026-06-04T12:34:53.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33186 (GCVE-0-2026-33186)

Vulnerability from cvelistv5 – Published: 2026-03-20 22:23 – Updated: 2026-03-24 18:09

Title

gRPC-Go has an authorization bypass via missing leading slash in :path

Summary

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, "deny" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback "allow" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific "deny" rules for canonical paths but allows other requests by default (a fallback "allow" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-285 - Improper Authorization

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/grpc/grpc-go/security/advisori…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
grpc	grpc-go	Affected: < 1.79.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33186",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T18:08:38.989284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T18:09:13.422Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grpc-go",
          "vendor": "grpc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.79.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T22:23:32.147Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
        }
      ],
      "source": {
        "advisory": "GHSA-p77j-4mvh-x3m3",
        "discovery": "UNKNOWN"
      },
      "title": "gRPC-Go has an authorization bypass via missing leading slash in :path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33186",
    "datePublished": "2026-03-20T22:23:32.147Z",
    "dateReserved": "2026-03-17T22:16:36.720Z",
    "dateUpdated": "2026-03-24T18:09:13.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33811 (GCVE-0-2026-33811)

Vulnerability from cvelistv5 – Published: 2026-05-07 19:41 – Updated: 2026-05-08 14:25

Title

Crash when handling long CNAME response in net

Summary

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-415 - Double Free

Assigner

References

4 references

URL	Tags
https://go.dev/issue/78803
https://go.dev/cl/767860
https://groups.google.com/g/golang-announce/c/qcC…
https://pkg.go.dev/vuln/GO-2026-4981

Impacted products

1 product

Vendor	Product	Version
Go standard library	net	Affected: 0 , < 1.25.10 (semver) Affected: 1.26.0-0 , < 1.26.3 (semver)

Credits

hamayanhamayan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33811",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-08T14:25:39.702568Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-08T14:25:43.896Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net",
          "product": "net",
          "programRoutines": [
            {
              "name": "cgoResSearch"
            },
            {
              "name": "LookupCNAME"
            },
            {
              "name": "Resolver.LookupCNAME"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.25.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.3",
              "status": "affected",
              "version": "1.26.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "hamayanhamayan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-415: Double Free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T19:41:19.285Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/78803"
        },
        {
          "url": "https://go.dev/cl/767860"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4981"
        }
      ],
      "title": "Crash when handling long CNAME response in net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2026-33811",
    "datePublished": "2026-05-07T19:41:19.285Z",
    "dateReserved": "2026-03-23T20:35:32.814Z",
    "dateUpdated": "2026-05-08T14:25:43.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from cleanstart

CVE-2025-15558 (GCVE-0-2025-15558)

CVE-2025-61729 (GCVE-0-2025-61729)

CVE-2026-25680 (GCVE-0-2026-25680)

CVE-2026-25681 (GCVE-0-2026-25681)

CVE-2026-25934 (GCVE-0-2026-25934)

CVE-2026-26958 (GCVE-0-2026-26958)

CVE-2026-27136 (GCVE-0-2026-27136)

CVE-2026-27145 (GCVE-0-2026-27145)

CVE-2026-33186 (GCVE-0-2026-33186)

CVE-2026-33811 (GCVE-0-2026-33811)

Tags

Sightings

Nomenclature