Vulnerability-Lookup

CVE-2026-46519 (GCVE-0-2026-46519)

Vulnerability from cvelistv5 – Published: 2026-06-11 18:34 – Updated: 2026-06-11 19:40

Title

mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement

Summary

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (tools/list) but not at the execution layer (tools/call). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic. This issue has been patched in version 3.6.0.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-863 - Incorrect Authorization

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/Flux159/mcp-server-kubernetes/…	x_refsource_CONFIRM
https://github.com/Flux159/mcp-server-kubernetes/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Flux159	mcp-server-kubernetes	Affected: < 3.6.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-46519",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T19:39:57.663035Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-11T19:40:22.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mcp-server-kubernetes",
          "vendor": "Flux159",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (tools/list) but not at the execution layer (tools/call). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic. This issue has been patched in version 3.6.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T18:34:15.281Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m"
        },
        {
          "name": "https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.6.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.6.0"
        }
      ],
      "source": {
        "advisory": "GHSA-cr22-wjx7-2w6m",
        "discovery": "UNKNOWN"
      },
      "title": "mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-46519",
    "datePublished": "2026-06-11T18:34:15.281Z",
    "dateReserved": "2026-05-14T19:12:32.755Z",
    "dateUpdated": "2026-06-11T19:40:22.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-46519",
      "date": "2026-06-17",
      "epss": "0.00376",
      "percentile": "0.29181"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-46519\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-11T19:16:42.213\",\"lastModified\":\"2026-06-11T21:01:26.377\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (tools/list) but not at the execution layer (tools/call). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic. This issue has been patched in version 3.6.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.6.0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-46519\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-11T19:39:57.663035Z\"}}}], \"references\": [{\"url\": \"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-11T19:40:09.332Z\"}}], \"cna\": {\"title\": \"mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement\", \"source\": {\"advisory\": \"GHSA-cr22-wjx7-2w6m\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Flux159\", \"product\": \"mcp-server-kubernetes\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.6.0\"}]}], \"references\": [{\"url\": \"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m\", \"name\": \"https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.6.0\", \"name\": \"https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.6.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (tools/list) but not at the execution layer (tools/call). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic. This issue has been patched in version 3.6.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-11T18:34:15.281Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-46519\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-11T19:40:22.771Z\", \"dateReserved\": \"2026-05-14T19:12:32.755Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-11T18:34:15.281Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-46519

Vulnerability from fkie_nvd - Published: 2026-06-11 19:16 - Updated: 2026-06-17 10:53

Severity

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.6.0
	security-advisories@github.com	https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "mcp-server-kubernetes",
          "vendor": "Flux159",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.0"
            }
          ]
        }
      ],
      "source": "security-advisories@github.com"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (tools/list) but not at the execution layer (tools/call). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic. This issue has been patched in version 3.6.0."
    }
  ],
  "id": "CVE-2026-46519",
  "lastModified": "2026-06-17T10:53:44.683",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-46519",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-11T19:39:57.663035Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-06-11T19:16:42.213",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.6.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-CR22-WJX7-2W6M

Vulnerability from github – Published: 2026-05-21 20:33 – Updated: 2026-06-12 19:26

Summary

MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement

Details

Summary

mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (tools/list) but not at the execution layer (tools/call). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic.

Fixed in v3.6.0.

Impact

An attacker or misconfigured AI agent with network access to the MCP server's HTTP endpoint could invoke any Kubernetes tool regardless of the restriction mode configured by the operator -- including kubectl_delete, exec_in_pod, kubectl_generic, and node_management.

The project explicitly supports and documents multi-client HTTP deployment scenarios (Streamable HTTP and SSE transports, in-cluster deployments, Codex CLI and Gemini CLI integrations). In these deployments, operators relied on the tool restriction env vars to enforce least-privilege access across users or roles. The bypass invalidated that model entirely.

Severity scales with the Kubernetes service account's permissions. In environments where the MCP server runs with cluster-admin (common in dev/staging), this is equivalent to full cluster compromise for any client that can reach the endpoint.

The MCP_AUTH_TOKEN / X-MCP-AUTH mechanism controls who can reach the endpoint but provides no per-tool authorization. An authenticated client restricted to ALLOWED_TOOLS=kubectl_get could still invoke kubectl_delete after authentication.

Root Cause

In src/index.ts, the ListToolsRequestSchema handler applied the configured filtering logic before returning available tools. The CallToolRequestSchema handler dispatched directly by tool name with no equivalent check -- every tool was reachable unconditionally.

Proof of Concept

Tested across all three restriction modes against a live kind cluster. In each case, kubectl_delete was absent from tools/list but executed successfully via a direct tools/call request:

curl -s http://<HOST>:3003/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"kubectl_delete","arguments":{"resourceType":"pod","name":"test-pod","namespace":"default"}}}'

Result: {"result":{"content":[{"type":"text","text":"pod \"test-pod\" deleted\n"}]}}

Confirmed across ALLOW_ONLY_READONLY_TOOLS=true, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true, and ALLOWED_TOOLS=kubectl_get.

Remediation

The fix applies the same filtering logic from ListToolsRequestSchema at the start of the CallToolRequestSchema handler, returning an error for any tool call outside the active allowed set. Fixed in v3.6.0.

Credit

Discovered by Francisco Rosales of Manifold Security, coordinated by Ax Sharma, Head of Research at Manifold Security.

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "mcp-server-kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-46519"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-21T20:33:46Z",
    "nvd_published_at": "2026-06-11T19:16:42Z",
    "severity": "HIGH"
  },
  "details": "## Summary\n\n`mcp-server-kubernetes` exposes three environment variables (`ALLOW_ONLY_READONLY_TOOLS`, `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS`, `ALLOWED_TOOLS`) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (`tools/list`) but not at the execution layer (`tools/call`). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic.\n\nFixed in v3.6.0.\n\n## Impact\n\nAn attacker or misconfigured AI agent with network access to the MCP server\u0027s HTTP endpoint could invoke any Kubernetes tool regardless of the restriction mode configured by the operator -- including `kubectl_delete`, `exec_in_pod`, `kubectl_generic`, and `node_management`.\n\nThe project explicitly supports and documents multi-client HTTP deployment scenarios (Streamable HTTP and SSE transports, in-cluster deployments, Codex CLI and Gemini CLI integrations). In these deployments, operators relied on the tool restriction env vars to enforce least-privilege access across users or roles. The bypass invalidated that model entirely.\n\nSeverity scales with the Kubernetes service account\u0027s permissions. In environments where the MCP server runs with `cluster-admin` (common in dev/staging), this is equivalent to full cluster compromise for any client that can reach the endpoint.\n\nThe `MCP_AUTH_TOKEN` / `X-MCP-AUTH` mechanism controls who can reach the endpoint but provides no per-tool authorization. An authenticated client restricted to `ALLOWED_TOOLS=kubectl_get` could still invoke `kubectl_delete` after authentication.\n\n## Root Cause\n\nIn `src/index.ts`, the `ListToolsRequestSchema` handler applied the configured filtering logic before returning available tools. The `CallToolRequestSchema` handler dispatched directly by tool name with no equivalent check -- every tool was reachable unconditionally.\n\n## Proof of Concept\n\nTested across all three restriction modes against a live kind cluster. In each case, `kubectl_delete` was absent from `tools/list` but executed successfully via a direct `tools/call` request:\n\n```shell\ncurl -s http://\u003cHOST\u003e:3003/mcp \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -H \u0027Accept: application/json, text/event-stream\u0027 \\\n  -d \u0027{\"jsonrpc\":\"2.0\",\"id\":2,\"method\":\"tools/call\",\"params\":{\"name\":\"kubectl_delete\",\"arguments\":{\"resourceType\":\"pod\",\"name\":\"test-pod\",\"namespace\":\"default\"}}}\u0027\n```\n\nResult: `{\"result\":{\"content\":[{\"type\":\"text\",\"text\":\"pod \\\"test-pod\\\" deleted\\n\"}]}}`\n\nConfirmed across `ALLOW_ONLY_READONLY_TOOLS=true`, `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true`, and `ALLOWED_TOOLS=kubectl_get`.\n\n## Remediation\n\nThe fix applies the same filtering logic from `ListToolsRequestSchema` at the start of the `CallToolRequestSchema` handler, returning an error for any tool call outside the active allowed set. Fixed in v3.6.0.\n\n## Credit\n\nDiscovered by [Francisco Rosales](https://www.linkedin.com/in/francisco-rosales-celis/) of [Manifold Security](https://manifold.security), coordinated by [Ax Sharma](https://www.linkedin.com/in/axsharma/), Head of Research at Manifold Security.",
  "id": "GHSA-cr22-wjx7-2w6m",
  "modified": "2026-06-12T19:26:31Z",
  "published": "2026-05-21T20:33:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Flux159/mcp-server-kubernetes/security/advisories/GHSA-cr22-wjx7-2w6m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46519"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Flux159/mcp-server-kubernetes"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Flux159/mcp-server-kubernetes/releases/tag/v3.6.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filtering Without Execution-Layer Enforcement"
}

OPENSUSE-SU-2026:10914-1

Vulnerability from csaf_opensuse - Published: 2026-05-31 00:00 - Updated: 2026-05-31 00:00

Summary

atril-1.28.4-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: atril-1.28.4-1.1 on GA media

Description of the patch: These are all security issues fixed in the atril-1.28.4-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10914

CVE-2026-46519

Affected products

Recommended 44 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:atril-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-backends-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-backends-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-backends-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-backends-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-devel-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-devel-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-devel-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-devel-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-doc-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-doc-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-doc-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-doc-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-lang-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-lang-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-lang-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-lang-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

4 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2026-46519/	self
https://www.suse.com/security/cve/CVE-2026-46519	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "atril-1.28.4-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the atril-1.28.4-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10914",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10914-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-46519 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-46519/"
      }
    ],
    "title": "atril-1.28.4-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-05-31T00:00:00Z",
      "generator": {
        "date": "2026-05-31T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10914-1",
      "initial_release_date": "2026-05-31T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-05-31T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atril-1.28.4-1.1.aarch64",
                "product": {
                  "name": "atril-1.28.4-1.1.aarch64",
                  "product_id": "atril-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-backends-1.28.4-1.1.aarch64",
                "product": {
                  "name": "atril-backends-1.28.4-1.1.aarch64",
                  "product_id": "atril-backends-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-devel-1.28.4-1.1.aarch64",
                "product": {
                  "name": "atril-devel-1.28.4-1.1.aarch64",
                  "product_id": "atril-devel-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-doc-1.28.4-1.1.aarch64",
                "product": {
                  "name": "atril-doc-1.28.4-1.1.aarch64",
                  "product_id": "atril-doc-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-lang-1.28.4-1.1.aarch64",
                "product": {
                  "name": "atril-lang-1.28.4-1.1.aarch64",
                  "product_id": "atril-lang-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-thumbnailer-1.28.4-1.1.aarch64",
                "product": {
                  "name": "atril-thumbnailer-1.28.4-1.1.aarch64",
                  "product_id": "atril-thumbnailer-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "caja-extension-atril-1.28.4-1.1.aarch64",
                "product": {
                  "name": "caja-extension-atril-1.28.4-1.1.aarch64",
                  "product_id": "caja-extension-atril-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libatrildocument3-1.28.4-1.1.aarch64",
                "product": {
                  "name": "libatrildocument3-1.28.4-1.1.aarch64",
                  "product_id": "libatrildocument3-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libatrilview3-1.28.4-1.1.aarch64",
                "product": {
                  "name": "libatrilview3-1.28.4-1.1.aarch64",
                  "product_id": "libatrilview3-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64",
                "product": {
                  "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64",
                  "product_id": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64",
                "product": {
                  "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64",
                  "product_id": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atril-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "atril-1.28.4-1.1.ppc64le",
                  "product_id": "atril-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "atril-backends-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "atril-backends-1.28.4-1.1.ppc64le",
                  "product_id": "atril-backends-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "atril-devel-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "atril-devel-1.28.4-1.1.ppc64le",
                  "product_id": "atril-devel-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "atril-doc-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "atril-doc-1.28.4-1.1.ppc64le",
                  "product_id": "atril-doc-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "atril-lang-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "atril-lang-1.28.4-1.1.ppc64le",
                  "product_id": "atril-lang-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "atril-thumbnailer-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "atril-thumbnailer-1.28.4-1.1.ppc64le",
                  "product_id": "atril-thumbnailer-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "caja-extension-atril-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "caja-extension-atril-1.28.4-1.1.ppc64le",
                  "product_id": "caja-extension-atril-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libatrildocument3-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "libatrildocument3-1.28.4-1.1.ppc64le",
                  "product_id": "libatrildocument3-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libatrilview3-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "libatrilview3-1.28.4-1.1.ppc64le",
                  "product_id": "libatrilview3-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le",
                  "product_id": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le",
                "product": {
                  "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le",
                  "product_id": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atril-1.28.4-1.1.s390x",
                "product": {
                  "name": "atril-1.28.4-1.1.s390x",
                  "product_id": "atril-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "atril-backends-1.28.4-1.1.s390x",
                "product": {
                  "name": "atril-backends-1.28.4-1.1.s390x",
                  "product_id": "atril-backends-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "atril-devel-1.28.4-1.1.s390x",
                "product": {
                  "name": "atril-devel-1.28.4-1.1.s390x",
                  "product_id": "atril-devel-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "atril-doc-1.28.4-1.1.s390x",
                "product": {
                  "name": "atril-doc-1.28.4-1.1.s390x",
                  "product_id": "atril-doc-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "atril-lang-1.28.4-1.1.s390x",
                "product": {
                  "name": "atril-lang-1.28.4-1.1.s390x",
                  "product_id": "atril-lang-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "atril-thumbnailer-1.28.4-1.1.s390x",
                "product": {
                  "name": "atril-thumbnailer-1.28.4-1.1.s390x",
                  "product_id": "atril-thumbnailer-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "caja-extension-atril-1.28.4-1.1.s390x",
                "product": {
                  "name": "caja-extension-atril-1.28.4-1.1.s390x",
                  "product_id": "caja-extension-atril-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libatrildocument3-1.28.4-1.1.s390x",
                "product": {
                  "name": "libatrildocument3-1.28.4-1.1.s390x",
                  "product_id": "libatrildocument3-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libatrilview3-1.28.4-1.1.s390x",
                "product": {
                  "name": "libatrilview3-1.28.4-1.1.s390x",
                  "product_id": "libatrilview3-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x",
                "product": {
                  "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x",
                  "product_id": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x",
                "product": {
                  "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x",
                  "product_id": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atril-1.28.4-1.1.x86_64",
                "product": {
                  "name": "atril-1.28.4-1.1.x86_64",
                  "product_id": "atril-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-backends-1.28.4-1.1.x86_64",
                "product": {
                  "name": "atril-backends-1.28.4-1.1.x86_64",
                  "product_id": "atril-backends-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-devel-1.28.4-1.1.x86_64",
                "product": {
                  "name": "atril-devel-1.28.4-1.1.x86_64",
                  "product_id": "atril-devel-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-doc-1.28.4-1.1.x86_64",
                "product": {
                  "name": "atril-doc-1.28.4-1.1.x86_64",
                  "product_id": "atril-doc-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-lang-1.28.4-1.1.x86_64",
                "product": {
                  "name": "atril-lang-1.28.4-1.1.x86_64",
                  "product_id": "atril-lang-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "atril-thumbnailer-1.28.4-1.1.x86_64",
                "product": {
                  "name": "atril-thumbnailer-1.28.4-1.1.x86_64",
                  "product_id": "atril-thumbnailer-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "caja-extension-atril-1.28.4-1.1.x86_64",
                "product": {
                  "name": "caja-extension-atril-1.28.4-1.1.x86_64",
                  "product_id": "caja-extension-atril-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libatrildocument3-1.28.4-1.1.x86_64",
                "product": {
                  "name": "libatrildocument3-1.28.4-1.1.x86_64",
                  "product_id": "libatrildocument3-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libatrilview3-1.28.4-1.1.x86_64",
                "product": {
                  "name": "libatrilview3-1.28.4-1.1.x86_64",
                  "product_id": "libatrilview3-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64",
                "product": {
                  "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64",
                  "product_id": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64",
                "product": {
                  "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64",
                  "product_id": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-1.28.4-1.1.aarch64"
        },
        "product_reference": "atril-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-1.28.4-1.1.ppc64le"
        },
        "product_reference": "atril-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-1.28.4-1.1.s390x"
        },
        "product_reference": "atril-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-1.28.4-1.1.x86_64"
        },
        "product_reference": "atril-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-backends-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.aarch64"
        },
        "product_reference": "atril-backends-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-backends-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.ppc64le"
        },
        "product_reference": "atril-backends-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-backends-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.s390x"
        },
        "product_reference": "atril-backends-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-backends-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.x86_64"
        },
        "product_reference": "atril-backends-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-devel-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.aarch64"
        },
        "product_reference": "atril-devel-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-devel-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.ppc64le"
        },
        "product_reference": "atril-devel-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-devel-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.s390x"
        },
        "product_reference": "atril-devel-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-devel-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.x86_64"
        },
        "product_reference": "atril-devel-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-doc-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.aarch64"
        },
        "product_reference": "atril-doc-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-doc-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.ppc64le"
        },
        "product_reference": "atril-doc-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-doc-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.s390x"
        },
        "product_reference": "atril-doc-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-doc-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.x86_64"
        },
        "product_reference": "atril-doc-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-lang-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.aarch64"
        },
        "product_reference": "atril-lang-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-lang-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.ppc64le"
        },
        "product_reference": "atril-lang-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-lang-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.s390x"
        },
        "product_reference": "atril-lang-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-lang-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.x86_64"
        },
        "product_reference": "atril-lang-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-thumbnailer-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.aarch64"
        },
        "product_reference": "atril-thumbnailer-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-thumbnailer-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.ppc64le"
        },
        "product_reference": "atril-thumbnailer-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-thumbnailer-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.s390x"
        },
        "product_reference": "atril-thumbnailer-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atril-thumbnailer-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.x86_64"
        },
        "product_reference": "atril-thumbnailer-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "caja-extension-atril-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.aarch64"
        },
        "product_reference": "caja-extension-atril-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "caja-extension-atril-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.ppc64le"
        },
        "product_reference": "caja-extension-atril-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "caja-extension-atril-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.s390x"
        },
        "product_reference": "caja-extension-atril-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "caja-extension-atril-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.x86_64"
        },
        "product_reference": "caja-extension-atril-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libatrildocument3-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.aarch64"
        },
        "product_reference": "libatrildocument3-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libatrildocument3-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.ppc64le"
        },
        "product_reference": "libatrildocument3-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libatrildocument3-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.s390x"
        },
        "product_reference": "libatrildocument3-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libatrildocument3-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.x86_64"
        },
        "product_reference": "libatrildocument3-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libatrilview3-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.aarch64"
        },
        "product_reference": "libatrilview3-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libatrilview3-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.ppc64le"
        },
        "product_reference": "libatrilview3-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libatrilview3-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.s390x"
        },
        "product_reference": "libatrilview3-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libatrilview3-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.x86_64"
        },
        "product_reference": "libatrilview3-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64"
        },
        "product_reference": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le"
        },
        "product_reference": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x"
        },
        "product_reference": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64"
        },
        "product_reference": "typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64"
        },
        "product_reference": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le"
        },
        "product_reference": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x"
        },
        "product_reference": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64"
        },
        "product_reference": "typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-46519",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-46519"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "unknown",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:atril-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:atril-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:atril-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:atril-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x",
          "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-46519",
          "url": "https://www.suse.com/security/cve/CVE-2026-46519"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:atril-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:atril-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:atril-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:atril-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:atril-backends-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:atril-devel-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:atril-doc-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:atril-lang-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:atril-thumbnailer-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:caja-extension-atril-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:libatrildocument3-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:libatrilview3-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-AtrilDocument-1_5_0-1.28.4-1.1.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.s390x",
            "openSUSE Tumbleweed:typelib-1_0-AtrilView-1_5_0-1.28.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-05-31T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-46519"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-46519 (GCVE-0-2026-46519)

FKIE_CVE-2026-46519

GHSA-CR22-WJX7-2W6M

Summary

Impact

Root Cause

Proof of Concept

Remediation

Credit

OPENSUSE-SU-2026:10914-1

Tags

Sightings

Nomenclature