Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

CVE-2026-41054 (GCVE-0-2026-41054)

Vulnerability from cvelistv5 – Published: 2026-05-20 08:56 – Updated: 2026-06-05 11:06
VLAI
Title
Missing exit out of permission check in haveged could lead to root exploit
Summary
In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
SUSE Container suse/sle-micro-rancher/5.3:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Container suse/sle-micro-rancher/5.4:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Container suse/sle-micro/5.5:latest Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-Hardened Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-Hardened-BYOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-Hardened-BYOS-Azure Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-Hardened-BYOS-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE Image SLES15-SP4-SAP-Hardened-GCE Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Desktop 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise High Performance Computing 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Micro 5.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Micro 5.4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Micro 5.5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server 15 SP4-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server 15 SP5-LTSS Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server 15 SP6-LTSS Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP4 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP5 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Linux Enterprise Server for SAP Applications 15 SP6 Affected: ? , < 1.9.14-150600.11.6.1 (custom)
Create a notification for this product.
SUSE SUSE Manager Proxy LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Manager Retail Branch Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
SUSE SUSE Manager Server LTS 4.3 Affected: ? , < 1.9.14-150400.3.11.1 (custom)
Create a notification for this product.
Credits
Dirk Mueller of SUSE
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-05T11:06:34.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/19/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/19/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/19/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/20/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/21/17"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/22/1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41054",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:33.848Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Container suse/sle-micro-rancher/5.3:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Container suse/sle-micro-rancher/5.3:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Container suse/sle-micro-rancher/5.4:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Container suse/sle-micro-rancher/5.4:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Container suse/sle-micro/5.5:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Container suse/sle-micro/5.5:latest",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-BYOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-BYOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-BYOS-Azure",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-BYOS-Azure",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-BYOS-EC2",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-BYOS-EC2",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-BYOS-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-BYOS-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-Azure",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-EC2",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-BYOS-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "Image SLES15-SP4-SAP-Hardened-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "Image SLES15-SP4-SAP-Hardened-GCE",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Desktop 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Desktop 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Desktop 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Micro 5.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Micro 5.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Micro 5.4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Micro 5.4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Micro 5.5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Micro 5.5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server 15 SP4-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server 15 SP5-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server 15 SP6-LTSS",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150600.11.6.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Manager Proxy LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Manager Proxy LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Manager Proxy LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Manager Retail Branch Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Manager Retail Branch Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Manager Retail Branch Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged",
          "product": "SUSE Manager Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "haveged-devel",
          "product": "SUSE Manager Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "packageName": "libhavege2",
          "product": "SUSE Manager Server LTS 4.3",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "1.9.14-150400.3.11.1",
              "status": "affected",
              "version": "?",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dirk Mueller of SUSE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cpre\u003eIn `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`.\u003c/pre\u003e\u003c/div\u003e"
            }
          ],
          "value": "In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it **fails to stop execution**. The code proceeds to the `switch` statement, allowing any local unprivileged user to execute privileged commands such as `MAGIC_CHROOT`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T08:56:14.466Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-41054"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Missing exit out of permission check in haveged could lead to root exploit",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41054",
    "datePublished": "2026-05-20T08:56:14.466Z",
    "dateReserved": "2026-04-16T13:37:50.680Z",
    "dateUpdated": "2026-06-05T11:06:34.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41052 (GCVE-0-2026-41052)

Vulnerability from cvelistv5 – Published: 2026-06-29 15:41 – Updated: 2026-06-30 03:55
VLAI
Title
Rancher Privilege Escalation from Project Owner to Host
Summary
Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication bypass by primary weakness
Assigner
References
Impacted products
Vendor Product Version
SUSE Rancher Affected: 2.12.0 , < 2.12.10 (semver)
Affected: 2.13.0 , < 2.13.6 (semver)
Affected: 2.14.0 , < 2.14.2 (semver)
Create a notification for this product.
Date Public
2026-05-28 11:14
Credits
Radtke Benedikt <Radtke@iabg.de> - github.com/Trolldemorted and Munier Marc <Munier@iabg.de> - github.com/mmunier
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41052",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:55:34.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Rancher",
          "product": "Rancher",
          "repo": "https://github.com/rancher/rancher/",
          "vendor": "SUSE",
          "versions": [
            {
              "lessThan": "2.12.10",
              "status": "affected",
              "version": "2.12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.13.6",
              "status": "affected",
              "version": "2.13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "2.14.2",
              "status": "affected",
              "version": "2.14.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Radtke Benedikt \u003cRadtke@iabg.de\u003e - github.com/Trolldemorted and Munier Marc \u003cMunier@iabg.de\u003e - github.com/mmunier"
        }
      ],
      "datePublic": "2026-05-28T11:14:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper privilege handling could be used by users with\u0026nbsp;Project Owner role to escalate privileges, in Rancher versions\u0026nbsp;2.14 before 2.14.2,\u0026nbsp;2.13 before 2.13.6, and\u0026nbsp;2.12 before 2.12.10."
            }
          ],
          "value": "Improper privilege handling could be used by users with\u00a0Project Owner role to escalate privileges, in Rancher versions\u00a02.14 before 2.14.2,\u00a02.13 before 2.13.6, and\u00a02.12 before 2.12.10."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication bypass by primary weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T15:41:56.394Z",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/rancher/rancher/security/advisories/GHSA-vx8h-4prv-g744"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Rancher Privilege Escalation from Project Owner to Host",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2026-41052",
    "datePublished": "2026-06-29T15:41:56.394Z",
    "dateReserved": "2026-04-16T13:37:50.680Z",
    "dateUpdated": "2026-06-30T03:55:34.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40582 (GCVE-0-2026-40582)

Vulnerability from cvelistv5 – Published: 2026-04-17 23:16 – Updated: 2026-04-20 14:56
VLAI
Title
ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout
Summary
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication checks. An attacker with knowledge of a user's password can obtain API access even when the account is locked or has 2FA enabled, granting direct access to all protected API endpoints with that user's privileges. This issue has been fixed in version 7.2.0. Note: this issue had a duplicate, GHSA-472m-p3gf-46xp, which has been closed.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Vendor Product Version
ChurchCRM CRM Affected: < 7.2.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40582",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-20T14:45:32.404557Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T14:56:36.921Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CRM",
          "vendor": "ChurchCRM",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user\u0027s API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication checks. An attacker with knowledge of a user\u0027s password can obtain API access even when the account is locked or has 2FA enabled, granting direct access to all protected API endpoints with that user\u0027s privileges. This issue has been fixed in version 7.2.0. Note: this issue had a duplicate, GHSA-472m-p3gf-46xp, which has been closed."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-17T23:16:13.862Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-8cwr-x83m-mh9x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-8cwr-x83m-mh9x"
        },
        {
          "name": "https://github.com/ChurchCRM/CRM/pull/8607",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ChurchCRM/CRM/pull/8607"
        },
        {
          "name": "https://github.com/ChurchCRM/CRM/commit/214694eb83778e1f5e52b3dfa2a99d0e965c1850",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ChurchCRM/CRM/commit/214694eb83778e1f5e52b3dfa2a99d0e965c1850"
        }
      ],
      "source": {
        "advisory": "GHSA-8cwr-x83m-mh9x",
        "discovery": "UNKNOWN"
      },
      "title": "ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40582",
    "datePublished": "2026-04-17T23:16:13.862Z",
    "dateReserved": "2026-04-14T13:24:29.475Z",
    "dateUpdated": "2026-04-20T14:56:36.921Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40039 (GCVE-0-2026-40039)

Vulnerability from cvelistv5 – Published: 2026-04-13 18:10 – Updated: 2026-05-12 01:02
VLAI
Title
Pachno 1.0.6 Open Redirection via return_to Parameter
Summary
Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and steal user credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
Pachno Pachno Affected: 1.0.6
Create a notification for this product.
Date Public
2026-04-12 00:00
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40039",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T13:19:53.368830Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T13:26:41.264Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Pachno",
          "vendor": "Pachno",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.6"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:pachno:pachno:1.0.6:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
        }
      ],
      "datePublic": "2026-04-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and steal user credentials."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T01:02:25.047Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "Zero Science Lab Disclosure",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5981.php"
        },
        {
          "name": "VulnCheck Advisory: Pachno 1.0.6 Open Redirection via return_to Parameter",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/pachno-open-redirection-via-return-to-parameter"
        }
      ],
      "title": "Pachno 1.0.6 Open Redirection via return_to Parameter",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2026-40039",
    "datePublished": "2026-04-13T18:10:55.592Z",
    "dateReserved": "2026-04-08T13:39:22.100Z",
    "dateUpdated": "2026-05-12T01:02:25.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35159 (GCVE-0-2026-35159)

Vulnerability from cvelistv5 – Published: 2026-07-03 08:08 – Updated: 2026-07-07 02:13
VLAI
Summary
Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
Dell Inspiron 15 3520 Affected: 0 , < 1.41.0 or later (semver)
Create a notification for this product.
Dell G15 5530 Affected: 0 , < 1.33.0 or later (semver)
Create a notification for this product.
Dell Alienware 16 Area-51 AA16250 Affected: 0 , < 2.4.1 or later (semver)
Create a notification for this product.
Dell Alienware 16 Aurora AC16250 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell Alienware 16X Aurora AC16251 Affected: 0 , < 2.4.0 or later (semver)
Create a notification for this product.
Dell Alienware 18 Area-51 AA18250 Affected: 0 , < 2.4.1 or later (semver)
Create a notification for this product.
Dell Alienware Area-51 AAT2250 Affected: 0 , < 1.17.2 or later (semver)
Create a notification for this product.
Dell Alienware Aurora ACT1250 Affected: 0 , < 1.16.2 or later (semver)
Create a notification for this product.
Dell Alienware m15 R6 Affected: 0 , < 1.44.0 or later (semver)
Create a notification for this product.
Dell Alienware m15 R7 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell Alienware m16 R1 Affected: 0 , < 1.34.0 or later (semver)
Create a notification for this product.
Dell Alienware m16 R2 Affected: 0 , < 1.21.0 or later (semver)
Create a notification for this product.
Dell Alienware m18 R1 Affected: 0 , < 1.34.0 or later (semver)
Create a notification for this product.
Dell Alienware M18 R2 Affected: 0 , < 1.22.0 or later (semver)
Create a notification for this product.
Dell Alienware x14 R2 Affected: 0 , < 1.32.0 or later (semver)
Create a notification for this product.
Dell Alienware x16 R1 Affected: 0 , < 1.32.0 or later (semver)
Create a notification for this product.
Dell Alienware X16 R2 Affected: 0 , < 1.22.0 or later (semver)
Create a notification for this product.
Dell ChengMing 3900 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell ChengMing 3910/3911 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Dell 14 DC14250 Affected: 0 , < 1.7.0 or later (semver)
Create a notification for this product.
Dell 14 Plus 2-in-1 DB04250 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell 14 Plus DB14250 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell 15 DC15250 Affected: 0 , < 1.10.0 or later (semver)
Create a notification for this product.
Dell 16 Plus 2-in-1 DB06250 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell 16 Plus DB16250 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell 24 All-in-One EC24250 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell 27 All-in-One EC27250 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell G15 5510 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell G15 5511 Affected: 0 , < 1.43.0 or later (semver)
Create a notification for this product.
Dell G15 5520 Affected: 0 , < 1.41.0 or later (semver)
Create a notification for this product.
Dell G16 7620 Affected: 0 , < 1.41.0 or later (semver)
Create a notification for this product.
Dell G16 7630 Affected: 0 , < 1.33.0 or later (semver)
Create a notification for this product.
Dell Pro 13 Plus PB13250 Affected: 0 , < 2.13.4 or later (semver)
Create a notification for this product.
Dell Pro 13 Plus PB13255 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell Pro 13 Premium PA13250 Affected: 0 , < 2.13.4 or later (semver)
Create a notification for this product.
Dell Pro 14 Essential PV14250 Affected: 0 , < 1.6.0 or later (semver)
Create a notification for this product.
Dell Pro 14 PC14250 Affected: 0 , < 1.15.2 or later (semver)
Create a notification for this product.
Dell Pro 14 Plus PB14250 Affected: 0 , < 2.13.4 or later (semver)
Create a notification for this product.
Dell Pro 14 Plus PB14255 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell Pro 14 Premium PA14250 Affected: 0 , < 2.13.4 or later (semver)
Create a notification for this product.
Dell Pro 16 PC16250 Affected: 0 , < 1.15.2 or later (semver)
Create a notification for this product.
Dell Pro 16 Plus PB16250 Affected: 0 , < 2.13.4 or later (semver)
Create a notification for this product.
Dell Pro 16 Plus PB16255 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell Pro 24 All-In-One Plus QB24250 / Pro 24 All-In-One QC24250 / Pro 24 All-In-One QC24251 Affected: 0 , < 1.15.1 or later (semver)
Create a notification for this product.
Dell Pro Laptop PC14250 Affected: 0 , < 1.15.2 or later (semver)
Create a notification for this product.
Dell Pro Laptop PC16250 Affected: 0 , < 1.15.2 or later (semver)
Create a notification for this product.
Dell Pro Max 14 MC14250 Affected: 0 , < 1.14.1 or later (semver)
Create a notification for this product.
Dell Pro Max 14 MC14255 Affected: 0 , < 2.4.0 or later (semver)
Create a notification for this product.
Dell Pro Max 16 MC16250 Affected: 0 , < 1.14.1 or later (semver)
Create a notification for this product.
Dell Pro Max 16 MC16255 Affected: 0 , < 2.4.0 or later (semver)
Create a notification for this product.
Dell Pro Max Micro FCM2250 Affected: 0 , < 1.15.2 or later (semver)
Create a notification for this product.
Dell Pro Max Slim FCS1250 Affected: 0 , < 1.15.2 or later (semver)
Create a notification for this product.
Dell Pro Max Tower T2 FCT2250 Affected: 0 , < 1.15.2 or later (semver)
Create a notification for this product.
Dell Pro Micro / QCM1255 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell Pro Micro Plus QBM1250 / Pro Micro QCM1250 Affected: 0 , < 1.15.1 or later (semver)
Create a notification for this product.
Dell Pro Micro/Micro Plus QCM1250/QBM1250 Affected: 0 , < 1.15.1 or later (semver)
Create a notification for this product.
Dell Pro Precision 7 T1 Affected: 0 , < 1.15.1 or later (semver)
Create a notification for this product.
Dell Pro Rugged 10 Tablets Affected: 0 , < 1.9.0 or later (semver)
Create a notification for this product.
Dell Pro Rugged 12 Tablet Affected: 0 , < 1.9.0 or later (semver)
Create a notification for this product.
Dell Pro Rugged 13 RA13250 Affected: 0 , < 1.16.1 or later (semver)
Create a notification for this product.
Dell Pro Rugged 14 RB14250 Affected: 0 , < 1.16.1 or later (semver)
Create a notification for this product.
Dell Pro Slim / QCS1255 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell Pro Slim Essential QVS1260 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell Pro Slim Plus QBS1250 / Pro Slim QCS1250 Affected: 0 , < 1.15.1 or later (semver)
Create a notification for this product.
Dell Pro Slim Plus QBS1250/Pro Slim QCS1250 Affected: 0 , < 1.15.1 or later (semver)
Create a notification for this product.
Dell Pro Tower / QCT1255 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell Pro Tower Essential QVT1260 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell Pro Tower Plus QBT1250 / Pro Tower QCT1250 Affected: 0 , < 1.15.1 or later (semver)
Create a notification for this product.
Dell Pro Tower Plus QBT1250/Pro Tower QCT1250 Affected: 0 , < 1.15.1 or later (semver)
Create a notification for this product.
Dell Slim ECS1250 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell Tower ECT1250 Affected: 0 , < 1.15.0 or later (semver)
Create a notification for this product.
Dell Inspiron 13 5330 Affected: 0 , < 1.31.0 or later (semver)
Create a notification for this product.
Dell Inspiron 14 5420 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Inspiron 14 5430 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Inspiron 14 5440 Affected: 0 , < 1.22.0 or later (semver)
Create a notification for this product.
Dell Inspiron 14 7430 2-in-1 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Inspiron 14 7440 2-in-1 Affected: 0 , < 1.22.0 or later (semver)
Create a notification for this product.
Dell Inspiron 14 Plus 7420 Affected: 0 , < 1.37.0 or later (semver)
Create a notification for this product.
Dell Inspiron 14 Plus 7430 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Inspiron 14 Plus 7440 Affected: 0 , < 1.25.0 or later (semver)
Create a notification for this product.
Dell Inspiron 15 3511 Affected: 0 , < 1.46.0 or later (semver)
Create a notification for this product.
Dell Inspiron 15 3530 Affected: 0 , < 1.32.0 or later (semver)
Create a notification for this product.
Dell Inspiron 16 5620 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Inspiron 16 5630 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Inspiron 16 5640 Affected: 0 , < 1.21.0 or later (semver)
Create a notification for this product.
Dell Inspiron 16 7630 2-in-1 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Inspiron 16 7640 2-in-1 Affected: 0 , < 1.21.0 or later (semver)
Create a notification for this product.
Dell Inspiron 16 Plus 7620 Affected: 0 , < 1.37.0 or later (semver)
Create a notification for this product.
Dell Inspiron 16 Plus 7630 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Inspiron 16 Plus 7640 Affected: 0 , < 1.25.0 or later (semver)
Create a notification for this product.
Dell Inspiron 24 5420 All-in-One Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Inspiron 24 5430 All-in-One Affected: 0 , < 1.22.0 or later (semver)
Create a notification for this product.
Dell Inspiron 27 7720 All-in-One Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Inspiron 27 7730 All-in-One Affected: 0 , < 1.22.0 or later (semver)
Create a notification for this product.
Dell Inspiron 3020 Desktop Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Inspiron 3020 S Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Inspiron 3030 Affected: 0 , < 1.26.0 or later (semver)
Create a notification for this product.
Dell Inspiron 3030S Affected: 0 , < 1.26.0 or later (semver)
Create a notification for this product.
Dell Inspiron 5410 All-in-One Affected: 0 , < 1.38.0 or later (semver)
Create a notification for this product.
Dell Inspiron 7710 All-in-One Affected: 0 , < 1.38.0 or later (semver)
Create a notification for this product.
Dell Latitude 3320 Affected: 0 , < 1.44.0 or later (semver)
Create a notification for this product.
Dell Latitude 3340 Affected: 0 , < 1.31.0 or later (semver)
Create a notification for this product.
Dell Latitude 5320 Affected: 0 , < 1.51.0 or later (semver)
Create a notification for this product.
Dell Latitude 5330 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Latitude 5340 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Latitude 5350 Affected: 0 , < 1.23.0 or later (semver)
Create a notification for this product.
Dell Latitude 5421 Affected: 0 , < 1.46.0 or later (semver)
Create a notification for this product.
Dell Latitude 5430 Affected: 0 , < 1.39.1 or later (semver)
Create a notification for this product.
Dell Latitude 5430 Rugged Laptop Affected: 0 , < 1.43.0 or later (semver)
Create a notification for this product.
Dell Latitude 5431 Affected: 0 , < 1.39.0 or later (semver)
Create a notification for this product.
Dell Latitude 5440 Affected: 0 , < 1.31.1 or later (semver)
Create a notification for this product.
Dell Latitude 5450 Affected: 0 , < 1.23.1 or later (semver)
Create a notification for this product.
Dell Latitude 5520 Affected: 0 , < 1.51.0 or later (semver)
Create a notification for this product.
Dell Latitude 5521 Affected: 0 , < 1.43.0 or later (semver)
Create a notification for this product.
Dell Latitude 5530 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Latitude 5531 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Latitude 5540 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Latitude 5550 Affected: 0 , < 1.23.0 or later (semver)
Create a notification for this product.
Dell Latitude 7030 Rugged Extreme Affected: 0 , < 1.23.0 or later (semver)
Create a notification for this product.
Dell Latitude 7230 Rugged Extreme Affected: 0 , < 1.32.0 or later (semver)
Create a notification for this product.
Dell Latitude 7320 Affected: 0 , < 1.50.1 or later (semver)
Create a notification for this product.
Dell Latitude 7320 Detachable Affected: 0 , < 1.47.0 or later (semver)
Create a notification for this product.
Dell Latitude 7330 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell Latitude 7330 Rugged Laptop Affected: 0 , < 1.43.0 or later (semver)
Create a notification for this product.
Dell Latitude 7340 Affected: 0 , < 1.30.0 or later (semver)
Create a notification for this product.
Dell Latitude 7350 Affected: 0 , < 1.23.0 or later (semver)
Create a notification for this product.
Dell Latitude 7420 Affected: 0 , < 1.50.1 or later (semver)
Create a notification for this product.
Dell Latitude 7430 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell Latitude 7440 Affected: 0 , < 1.31.1 or later (semver)
Create a notification for this product.
Dell Latitude 7450 Affected: 0 , < 1.23.1 or later (semver)
Create a notification for this product.
Dell Latitude 7520 Affected: 0 , < 1.50.1 or later (semver)
Create a notification for this product.
Dell Latitude 7530 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell Latitude 7640 Affected: 0 , < 1.31.1 or later (semver)
Create a notification for this product.
Dell Latitude 7650 Affected: 0 , < 1.23.1 or later (semver)
Create a notification for this product.
Dell Latitude 9330 Affected: 0 , < 1.37.0 or later (semver)
Create a notification for this product.
Dell Latitude 9420 Affected: 0 , < 1.47.0 or later (semver)
Create a notification for this product.
Dell Latitude 9430 Affected: 0 , < 1.40.1 or later (semver)
Create a notification for this product.
Dell Latitude 9440 2-in-1 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Latitude 9450 Affected: 0 , < 1.21.1 or later (semver)
Create a notification for this product.
Dell Latitude 9520 Affected: 0 , < 1.47.1 or later (semver)
Create a notification for this product.
Dell OptiPlex 3000 Micro / OptiPlex 3000 Small Form Factor / OptiPlex 3000 Tower Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 3000 Thin Client Affected: 0 , < 1.34.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 3090 Ultra Affected: 0 , < 1.42.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 5000 Micro / OptiPlex 5000 Small Form Factor / OptiPlex 5000 Tower Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 5090 Micro / OptiPlex 5090 Small Form Factor / OptiPlex 5090 Tower Affected: 0 , < 1.42.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 5400 All-In-One Affected: 0 , < 1.1.59 or later (semver)
Create a notification for this product.
Dell OptiPlex 5490 AIO Affected: 0 , < 1.47.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 7000 Micro / OptiPlex 7000 Small Form Factor / OptiPlex 7000 Tower / OptiPlex 7000 XE Micro Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 7000 OEM MT+ Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 7090 Tower Affected: 0 , < 1.42.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 7090 Ultra Affected: 0 , < 1.42.0 or later (semver)
Create a notification for this product.
Dell OptiPlex 7400 All-In-One Affected: 0 , < 1.1.59 or later (semver)
Create a notification for this product.
Dell OptiPlex 7490 AIO Affected: 0 , < 1.47.0 or later (semver)
Create a notification for this product.
Dell OptiPlex AIO 7420 Affected: 0 , < 1.26.1 or later (semver)
Create a notification for this product.
Dell OptiPlex All-in-One 7410 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell OptiPlex Micro 7010 / OptiPlex Micro Plus 7010 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell OptiPlex Micro 7020 Affected: 0 , < 1.26.1 or later (semver)
Create a notification for this product.
Dell OptiPlex SFF 7020 Affected: 0 , < 1.26.1 or later (semver)
Create a notification for this product.
Dell OptiPlex Small Form Factor 7010 / OptiPlex Small Form Factor Plus 7010 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell OptiPlex Tower 7010 / OptiPlex Tower Plus 7010 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell OptiPlex Tower 7020 Affected: 0 , < 1.26.1 or later (semver)
Create a notification for this product.
Dell OptiPlex XE4 SFF Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell PC14255 Affected: 0 , < 1.14.1 or later (semver)
Create a notification for this product.
Dell PC16255 Affected: 0 , < 1.14.1 or later (semver)
Create a notification for this product.
Dell Precision 3260 XE Compact / Precision 3260 Compact Affected: 0 , < 3.26.0 or later (semver)
Create a notification for this product.
Dell Precision 3280 CFF Affected: 0 , < 1.24.1 or later (semver)
Create a notification for this product.
Dell Precision 3450 Affected: 0 , < 1.42.0 or later (semver)
Create a notification for this product.
Dell Precision 3460 XE Small Form Factor / Precision 3460 Small Form Factor Affected: 0 , < 3.26.0 or later (semver)
Create a notification for this product.
Dell Precision 3470 Affected: 0 , < 1.39.0 or later (semver)
Create a notification for this product.
Dell Precision 3480 Affected: 0 , < 1.31.1 or later (semver)
Create a notification for this product.
Dell Precision 3490 Affected: 0 , < 1.23.1 or later (semver)
Create a notification for this product.
Dell Precision 3560 Affected: 0 , < 1.51.0 or later (semver)
Create a notification for this product.
Dell Precision 3561 Affected: 0 , < 1.43.0 or later (semver)
Create a notification for this product.
Dell Precision 3570 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Precision 3571 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Precision 3580 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Precision 3581 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Precision 3590 Affected: 0 , < 1.23.0 or later (semver)
Create a notification for this product.
Dell Precision 3591 Affected: 0 , < 1.23.0 or later (semver)
Create a notification for this product.
Dell Precision 3650 MT Affected: 0 , < 1.47.0 or later (semver)
Create a notification for this product.
Dell Precision 3660 Affected: 0 , < 2.37.1 or later (semver)
Create a notification for this product.
Dell Precision 3680 Tower Affected: 0 , < 1.26.1 or later (semver)
Create a notification for this product.
Dell Precision 5470 Affected: 0 , < 1.39.0 or later (semver)
Create a notification for this product.
Dell Precision 5480 Affected: 0 , < 1.27.0 or later (semver)
Create a notification for this product.
Dell Precision 5490 Affected: 0 , < 1.21.1 or later (semver)
Create a notification for this product.
Dell Precision 5560 Affected: 0 , < 1.46.0 or later (semver)
Create a notification for this product.
Dell Precision 5570 Affected: 0 , < 1.41.0 or later (semver)
Create a notification for this product.
Dell Precision 5680 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Precision 5690 Affected: 0 , < 1.23.0 or later (semver)
Create a notification for this product.
Dell Precision 5770 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell Precision 5860 Tower Affected: 0 , < 3.8.0 or later (semver)
Create a notification for this product.
Dell Precision 7560 Affected: 0 , < 1.47.0 or later (semver)
Create a notification for this product.
Dell Precision 7670 Affected: 0 , < 1.38.0 or later (semver)
Create a notification for this product.
Dell Precision 7680 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Precision 7760 Affected: 0 , < 1.47.0 or later (semver)
Create a notification for this product.
Dell Precision 7770 Affected: 0 , < 1.38.0 or later (semver)
Create a notification for this product.
Dell Precision 7780 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Precision 7875 Tower Affected: 0 , < 02.10.01 or later (semver)
Create a notification for this product.
Dell Precision 7960 Tower Affected: 0 , < 2.20.0 or later (semver)
Create a notification for this product.
Dell Precision Tower 7865 Affected: 0 , < 1.26.0 or later (semver)
Create a notification for this product.
Dell Vostro 14 3420 Affected: 0 , < 1.41.0 or later (semver)
Create a notification for this product.
Dell Vostro 14 3430 Affected: 0 , < 1.32.0 or later (semver)
Create a notification for this product.
Dell Vostro 14 3440 Affected: 0 , < 1.22.0 or later (semver)
Create a notification for this product.
Dell Vostro 15 3510 Affected: 0 , < 1.46.0 or later (semver)
Create a notification for this product.
Dell Vostro 15 3520 Affected: 0 , < 1.41.0 or later (semver)
Create a notification for this product.
Dell Vostro 15 3530 Affected: 0 , < 1.32.0 or later (semver)
Create a notification for this product.
Dell Vostro 16 5630 Affected: 0 , < 1.29.0 or later (semver)
Create a notification for this product.
Dell Vostro 16 5640 Affected: 0 , < 1.21.0 or later (semver)
Create a notification for this product.
Dell Vostro 3020 Small Desktop Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Vostro 3020 Tower Desktop Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Vostro 3030 Affected: 0 , < 1.26.0 or later (semver)
Create a notification for this product.
Dell Vostro 3030S Affected: 0 , < 1.26.0 or later (semver)
Create a notification for this product.
Dell Vostro 3910 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell Vostro 5620 Affected: 0 , < 1.36.0 or later (semver)
Create a notification for this product.
Dell Vostro 5890 Affected: 0 , < 1.42.0 or later (semver)
Create a notification for this product.
Dell Vostro 7620 Affected: 0 , < 1.37.0 or later (semver)
Create a notification for this product.
Dell XPS 13 9315 Affected: 0 , < 1.38.0 or later (semver)
Create a notification for this product.
Dell XPS 13 9340 Affected: 0 , < 1.26.0 or later (semver)
Create a notification for this product.
Dell XPS 13 9350 Affected: 0 , < 1.21.0 or later (semver)
Create a notification for this product.
Dell XPS 13 Plus 9320 Affected: 0 , < 2.30.0 or later (semver)
Create a notification for this product.
Dell XPS 14 (14 Premium) DA14250 Affected: 0 , < 1.11.0 or later (semver)
Create a notification for this product.
Dell XPS 14 9440 Affected: 0 , < 1.24.0 or later (semver)
Create a notification for this product.
Dell XPS 15 9510 Affected: 0 , < 1.46.0 or later (semver)
Create a notification for this product.
Dell XPS 15 9520 Affected: 0 , < 1.41.0 or later (semver)
Create a notification for this product.
Dell XPS 15 9530 Affected: 0 , < 1.31.0 or later (semver)
Create a notification for this product.
Dell XPS 16 (16 Premium) DA16250 Affected: 0 , < 1.13.0 or later (semver)
Create a notification for this product.
Dell XPS 16 9640 Affected: 0 , < 1.23.0 or later (semver)
Create a notification for this product.
Dell XPS 17 9720 Affected: 0 , < 1.40.0 or later (semver)
Create a notification for this product.
Dell XPS 17 9730 Affected: 0 , < 1.27.0 or later (semver)
Create a notification for this product.
Dell XPS 9320 Affected: 0 , < 2.30.0 or later (semver)
Create a notification for this product.
Date Public
2026-06-30 06:30
Credits
Dell would like to thank alexVinarskis for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35159",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-07T02:13:05.435803Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-07T02:13:16.372Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 15 3520",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.41.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G15 5530",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.33.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware 16 Area-51 AA16250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.4.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware 16 Aurora AC16250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware 16X Aurora AC16251",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.4.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware 18 Area-51 AA18250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.4.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware Area-51 AAT2250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.17.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware Aurora ACT1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.16.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware m15 R6",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.44.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware m15 R7",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware m16 R1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.34.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware m16 R2",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.21.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware m18 R1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.34.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware M18 R2",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.22.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware x14 R2",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.32.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware x16 R1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.32.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Alienware X16 R2",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.22.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ChengMing 3900",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ChengMing 3910/3911",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Dell 14 DC14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.7.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "14 Plus 2-in-1 DB04250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "14 Plus DB14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "15 DC15250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.10.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "16 Plus 2-in-1 DB06250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "16 Plus DB16250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "24 All-in-One EC24250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "27 All-in-One EC27250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G15 5510",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G15 5511",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.43.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G15 5520",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.41.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G16 7620",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.41.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "G16 7630",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.33.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 13 Plus PB13250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.13.4 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 13 Plus PB13255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 13 Premium PA13250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.13.4 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 14 Essential PV14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.6.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 14 PC14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 14 Plus PB14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.13.4 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 14 Plus PB14255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 14 Premium PA14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.13.4 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 16 PC16250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 16 Plus PB16250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.13.4 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 16 Plus PB16255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro 24 All-In-One Plus QB24250 / Pro 24 All-In-One QC24250 / Pro 24 All-In-One QC24251",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Laptop PC14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Laptop PC16250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Max 14 MC14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.14.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Max 14 MC14255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.4.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Max 16 MC16250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.14.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Max 16 MC16255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.4.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Max Micro FCM2250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Max Slim FCS1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Max Tower T2 FCT2250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Micro / QCM1255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Micro Plus QBM1250 / Pro Micro QCM1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Micro/Micro Plus QCM1250/QBM1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Precision 7 T1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Rugged 10 Tablets",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.9.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Rugged 12 Tablet",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.9.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Rugged 13 RA13250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.16.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Rugged 14 RB14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.16.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Slim / QCS1255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Slim Essential QVS1260",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Slim Plus QBS1250 / Pro Slim QCS1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Slim Plus QBS1250/Pro Slim QCS1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Tower / QCT1255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Tower Essential QVT1260",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Tower Plus QBT1250 / Pro Tower QCT1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Pro Tower Plus QBT1250/Pro Tower QCT1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Slim ECS1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Tower ECT1250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.15.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 13 5330",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.31.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 14 5420",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 14 5430",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 14 5440",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.22.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 14 7430 2-in-1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 14 7440 2-in-1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.22.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 14 Plus 7420",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.37.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 14 Plus 7430",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 14 Plus 7440",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.25.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 15 3511",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.46.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 15 3530",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.32.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 16 5620",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 16 5630",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 16 5640",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.21.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 16 7630 2-in-1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 16 7640 2-in-1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.21.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 16 Plus 7620",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.37.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 16 Plus 7630",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 16 Plus 7640",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.25.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 24 5420 All-in-One",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 24 5430 All-in-One",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.22.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 27 7720 All-in-One",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 27 7730 All-in-One",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.22.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 3020 Desktop",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 3020 S",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 3030",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 3030S",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 5410 All-in-One",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.38.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inspiron 7710 All-in-One",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.38.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 3320",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.44.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 3340",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.31.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5320",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.51.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5330",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5340",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5350",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5421",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.46.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5430",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.39.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5430 Rugged Laptop",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.43.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5431",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.39.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5440",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.31.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5450",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5520",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.51.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5521",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.43.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5530",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5531",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5540",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 5550",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7030 Rugged Extreme",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7230 Rugged Extreme",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.32.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7320",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.50.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7320 Detachable",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.47.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7330",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7330 Rugged Laptop",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.43.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7340",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.30.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7350",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7420",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.50.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7430",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7440",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.31.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7450",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7520",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.50.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7530",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7640",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.31.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 7650",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 9330",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.37.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 9420",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.47.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 9430",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 9440 2-in-1",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 9450",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.21.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Latitude 9520",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.47.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 3000 Micro / OptiPlex 3000 Small Form Factor / OptiPlex 3000 Tower",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 3000 Thin Client",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.34.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 3090 Ultra",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.42.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 5000 Micro / OptiPlex 5000 Small Form Factor / OptiPlex 5000 Tower",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 5090 Micro / OptiPlex 5090 Small Form Factor / OptiPlex 5090 Tower",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.42.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 5400 All-In-One",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.1.59 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 5490 AIO",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.47.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 7000 Micro / OptiPlex 7000 Small Form Factor / OptiPlex 7000 Tower / OptiPlex 7000 XE Micro",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 7000 OEM MT+",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 7090 Tower",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.42.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 7090 Ultra",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.42.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 7400 All-In-One",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.1.59 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex 7490 AIO",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.47.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex AIO 7420",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex All-in-One 7410",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex Micro 7010 / OptiPlex Micro Plus 7010",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex Micro 7020",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex SFF 7020",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex Small Form Factor 7010 / OptiPlex Small Form Factor Plus 7010",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex Tower 7010 / OptiPlex Tower Plus 7010",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex Tower 7020",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "OptiPlex XE4 SFF",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PC14255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.14.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PC16255",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.14.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3260 XE Compact / Precision 3260 Compact",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "3.26.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3280 CFF",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.24.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3450",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.42.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3460 XE Small Form Factor / Precision 3460 Small Form Factor",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "3.26.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3470",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.39.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3480",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.31.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3490",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3560",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.51.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3561",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.43.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3570",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3571",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3580",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3581",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3590",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3591",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3650 MT",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.47.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3660",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.37.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 3680 Tower",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5470",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.39.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5480",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.27.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5490",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.21.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5560",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.46.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5570",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.41.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5680",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5690",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5770",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 5860 Tower",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "3.8.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 7560",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.47.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 7670",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.38.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 7680",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 7760",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.47.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 7770",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.38.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 7780",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 7875 Tower",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "02.10.01 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision 7960 Tower",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.20.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Precision Tower 7865",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 14 3420",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.41.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 14 3430",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.32.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 14 3440",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.22.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 15 3510",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.46.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 15 3520",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.41.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 15 3530",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.32.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 16 5630",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.29.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 16 5640",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.21.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 3020 Small Desktop",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 3020 Tower Desktop",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 3030",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 3030S",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 3910",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 5620",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.36.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 5890",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.42.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vostro 7620",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.37.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 13 9315",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.38.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 13 9340",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.26.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 13 9350",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.21.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 13 Plus 9320",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.30.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 14 (14 Premium) DA14250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.11.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 14 9440",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.24.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 15 9510",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.46.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 15 9520",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.41.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 15 9530",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.31.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 16 (16 Premium) DA16250",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.13.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 16 9640",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.23.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 17 9720",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.40.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 17 9730",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "1.27.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "XPS 9320",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "2.30.0 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "other",
          "value": "Dell would like to thank alexVinarskis for reporting this issue."
        }
      ],
      "datePublic": "2026-06-30T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure."
            }
          ],
          "value": "Dell Client Platform BIOS contains an Authentication Bypass by Primary Weakness vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-03T08:54:57.716Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000452197/dsa-2026-195"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2026-35159",
    "datePublished": "2026-07-03T08:08:31.672Z",
    "dateReserved": "2026-04-01T17:04:27.475Z",
    "dateUpdated": "2026-07-07T02:13:16.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33892 (GCVE-0-2026-33892)

Vulnerability from cvelistv5 – Published: 2026-04-14 08:40 – Updated: 2026-04-14 13:46
VLAI
Summary
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-14T13:46:06.348573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-14T13:46:34.636Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Management Pro V1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V1.15.17",
              "status": "affected",
              "version": "V1.7.6",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Management Pro V2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.1.1",
              "status": "affected",
              "version": "V2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Industrial Edge Management Virtual",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.8.0",
              "status": "affected",
              "version": "V2.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions \u003e= V1.7.6 \u003c V1.15.17), Industrial Edge Management Pro V2 (All versions \u003e= V2.0.0 \u003c V2.1.1), Industrial Edge Management Virtual (All versions \u003e= V2.2.0 \u003c V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices.\r\nThis could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user.\r\nSuccessful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device.\r\n\r\nExploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-14T08:40:46.807Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-609469.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2026-33892",
    "datePublished": "2026-04-14T08:40:46.807Z",
    "dateReserved": "2026-03-24T15:32:19.390Z",
    "dateUpdated": "2026-04-14T13:46:34.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33496 (GCVE-0-2026-33496)

Vulnerability from cvelistv5 – Published: 2026-03-26 17:29 – Updated: 2026-03-30 11:20
VLAI
Title
Ory Oathkeeper has an authentication bypass by cache key confusion
Summary
ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Ory Oathkeeper has to be configured with multiple `oauth2_introspection` authenticator servers, each accepting different tokens. The authenticators also must be configured to use caching. An attacker has to have a way to gain a valid token for one of the configured introspection servers. Starting in version 26.2.0, Ory Oathkeeper includes the introspection server URL in the cache key, preventing confusion of tokens. Update to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for `oauth2_introspection` authenticators.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1289 - Improper Validation of Unsafe Equivalence in Input
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
ory oathkeeper Affected: < 26.2.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33496",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-30T11:19:21.527197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-30T11:20:55.765Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "oathkeeper",
          "vendor": "ory",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 26.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ORY Oathkeeper is an Identity \u0026 Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are  vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Ory Oathkeeper has to be configured with multiple `oauth2_introspection` authenticator servers, each accepting different tokens. The authenticators also must be configured to use caching. An attacker has to have a way to gain a valid token for one of the configured introspection servers. Starting in version 26.2.0, Ory Oathkeeper includes the introspection server URL in the cache key, preventing confusion of tokens. Update to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for `oauth2_introspection` authenticators."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1289",
              "description": "CWE-1289: Improper Validation of Unsafe Equivalence in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T17:29:41.564Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/ory/oathkeeper/security/advisories/GHSA-4mq7-pvjg-xp2r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ory/oathkeeper/security/advisories/GHSA-4mq7-pvjg-xp2r"
        },
        {
          "name": "https://github.com/ory/oathkeeper/commit/198a2bc82a99e0a77bd0ffe290cbdd5285a1b17c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ory/oathkeeper/commit/198a2bc82a99e0a77bd0ffe290cbdd5285a1b17c"
        }
      ],
      "source": {
        "advisory": "GHSA-4mq7-pvjg-xp2r",
        "discovery": "UNKNOWN"
      },
      "title": "Ory Oathkeeper has an authentication bypass by cache key confusion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33496",
    "datePublished": "2026-03-26T17:29:41.564Z",
    "dateReserved": "2026-03-20T16:59:08.887Z",
    "dateUpdated": "2026-03-30T11:20:55.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33472 (GCVE-0-2026-33472)

Vulnerability from cvelistv5 – Published: 2026-04-16 21:12 – Updated: 2026-04-20 15:00
VLAI
Title
Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)
Summary
Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
  • CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
Impacted products
Vendor Product Version
cryptomator cryptomator Affected: >= 1.19.1, < 1.19.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33472",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T14:50:12.860065Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-20T15:00:33.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cryptomator",
          "vendor": "cryptomator",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.19.1, \u003c 1.19.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass the security fix for CVE-2026-32303. The method hardcodes the URI scheme based on port number, causing HTTPS URLs with port 80 to produce the same authority string as HTTP URLs, which defeats both the consistency check and the HTTP block validation. An attacker with write access to a cloud-synced vault.cryptomator file can craft a Hub configuration where apiBaseUrl and authEndpoint use HTTPS with port 80 to pass auto-trust validation, while tokenEndpoint uses plaintext HTTP. The vault is auto-trusted without user prompt, and a network-positioned attacker can intercept the OAuth token exchange to access the Cryptomator Hub API as the victim. This issue has been fixed in version 1.19.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319: Cleartext Transmission of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T21:12:37.076Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cryptomator/cryptomator/security/advisories/GHSA-9q8x-whrw-x44p"
        },
        {
          "name": "https://github.com/cryptomator/cryptomator/pull/4179",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cryptomator/cryptomator/pull/4179"
        },
        {
          "name": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cryptomator/cryptomator/releases/tag/1.19.2"
        }
      ],
      "source": {
        "advisory": "GHSA-9q8x-whrw-x44p",
        "discovery": "UNKNOWN"
      },
      "title": "Cryptomator Hub OAuth token exchange HTTP downgrade via getAuthority() scheme confusion (CVE-2026-32303 bypass)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33472",
    "datePublished": "2026-04-16T21:12:37.076Z",
    "dateReserved": "2026-03-20T16:16:48.969Z",
    "dateUpdated": "2026-04-20T15:00:33.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-32730 (GCVE-0-2026-32730)

Vulnerability from cvelistv5 – Published: 2026-03-18 22:00 – Updated: 2026-03-19 16:12
VLAI
Title
ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware
Summary
ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login tokens — where the password was verified but TOTP/MFA requirements were NOT — to be used as fully authenticated bearer tokens. This completely bypasses multi-factor authentication for any ApostropheCMS deployment using `@apostrophecms/login-totp` or any custom `afterPasswordVerified` login requirement. Version 4.28.0 fixes the issue.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-287 - Improper Authentication
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
apostrophecms apostrophe Affected: < 4.28.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32730",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-19T16:12:00.481300Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-19T16:12:15.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "apostrophe",
          "vendor": "apostrophecms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.28.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incorrect MongoDB query that allows incomplete login tokens \u2014 where the password was verified but TOTP/MFA requirements were NOT \u2014 to be used as fully authenticated bearer tokens. This completely bypasses multi-factor authentication for any ApostropheCMS deployment using `@apostrophecms/login-totp` or any custom `afterPasswordVerified` login requirement. Version 4.28.0 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-18T22:00:14.612Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-v9xm-ffx2-7h35",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-v9xm-ffx2-7h35"
        }
      ],
      "source": {
        "advisory": "GHSA-v9xm-ffx2-7h35",
        "discovery": "UNKNOWN"
      },
      "title": "ApostropheCMS MFA/TOTP Bypass via Incorrect MongoDB Query in Bearer Token Middleware"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-32730",
    "datePublished": "2026-03-18T22:00:14.612Z",
    "dateReserved": "2026-03-13T15:02:00.626Z",
    "dateUpdated": "2026-03-19T16:12:15.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-30849 (GCVE-0-2026-30849)

Vulnerability from cvelistv5 – Published: 2026-03-23 19:10 – Updated: 2026-03-24 18:30
VLAI
Title
MantisBT SOAP API has an authentication bypass vulnerability on MySQL
Summary
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion from string to integer. Using a crafted SOAP envelope, an attacker knowing the victim's username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to. Version 2.28.1 contains a patch. Disabling the SOAP API significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
Impacted products
Vendor Product Version
mantisbt mantisbt Affected: < 2.28.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-30849",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T18:29:55.283729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T18:30:05.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mantisbt",
          "vendor": "mantisbt",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.28.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions prior to 2.28.1 running on MySQL family databases are affected by an authentication bypass vulnerability in the SOAP API, as a result of an improper type checking on the password parameter. Other database backends are not affected, as they do not perform implicit type conversion from string to integer. Using a crafted SOAP envelope, an attacker knowing the victim\u0027s username is able to login to the SOAP API with their account without knowledge of the actual password, and execute any API function they have access to. Version 2.28.1 contains a patch. Disabling the SOAP API significantly reduces the risk, but still allows the attacker to retrieve user account information including email address and real name."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-305",
              "description": "CWE-305: Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-23T19:10:34.345Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-phrq-pc6r-f6gh"
        },
        {
          "name": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mantisbt/mantisbt/commit/b349e5c890eeda9bd82e7c7e14479853f8a30d9f"
        }
      ],
      "source": {
        "advisory": "GHSA-phrq-pc6r-f6gh",
        "discovery": "UNKNOWN"
      },
      "title": "MantisBT SOAP API has an authentication bypass vulnerability on MySQL"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-30849",
    "datePublished": "2026-03-23T19:10:34.345Z",
    "dateReserved": "2026-03-05T21:27:35.341Z",
    "dateUpdated": "2026-03-24T18:30:05.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.