CWE-538
AllowedInsertion of Sensitive Information into Externally-Accessible File or Directory
Abstraction: Base · Status: Draft
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
155 vulnerabilities reference this CWE, most recent first.
CVE-2026-50565 (GCVE-0-2026-50565)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:28 – Updated: 2026-06-10 18:42| URL | Tags |
|---|---|
| https://github.com/fission/fission/security/advis… | x_refsource_CONFIRM |
| https://github.com/fission/fission/pull/3390 | x_refsource_MISC |
| https://github.com/fission/fission/releases/tag/v1.24.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T18:38:05.730903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T18:42:31.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fission",
"vendor": "fission",
"versions": [
{
"status": "affected",
"version": "\u003c 1.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod \u2014 including the user-supplied builder image. This issue has been patched in version 1.24.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:28:27.457Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fission/fission/security/advisories/GHSA-8wcj-mfrc-jx5q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fission/fission/security/advisories/GHSA-8wcj-mfrc-jx5q"
},
{
"name": "https://github.com/fission/fission/pull/3390",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3390"
},
{
"name": "https://github.com/fission/fission/releases/tag/v1.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/releases/tag/v1.24.0"
}
],
"source": {
"advisory": "GHSA-8wcj-mfrc-jx5q",
"discovery": "UNKNOWN"
},
"title": "Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-50565",
"datePublished": "2026-06-10T17:28:27.457Z",
"dateReserved": "2026-06-04T21:34:34.426Z",
"dateUpdated": "2026-06-10T18:42:31.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50099 (GCVE-0-2026-50099)
Vulnerability from cvelistv5 – Published: 2026-06-12 18:24 – Updated: 2026-06-12 18:58- CWE-538 - Insertion of sensitive information into Externally-Accessible file or directory
| Vendor | Product | Version | |
|---|---|---|---|
| Naxclow | Smart Doorbell X3 |
Affected:
All
|
|
| Naxclow | X Smart Home |
Affected:
All
|
|
| Naxclow | V720 |
Affected:
All
|
|
| Naxclow | ix cam |
Affected:
All
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T18:58:18.400404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T18:58:23.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Smart Doorbell X3",
"vendor": "Naxclow",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "X Smart Home",
"vendor": "Naxclow",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "V720",
"vendor": "Naxclow",
"versions": [
{
"status": "affected",
"version": "All"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ix cam",
"vendor": "Naxclow",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Temuri Takalandze reported this vulnerability to CISA."
}
],
"datePublic": "2026-06-11T15:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "During WiFi association, Naxclow device firmware prints the host network\u2019s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks.\u003cbr\u003e"
}
],
"value": "During WiFi association, Naxclow device firmware prints the host network\u2019s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits arbitrary memory reads, enabling full firmware extraction. An attacker with brief physical access, common for outdoor-mounted devices, can therefore recover WiFi credentials and bootstrap firmware-side attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of sensitive information into Externally-Accessible file or directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T18:24:14.760Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-162-02.json"
}
],
"source": {
"advisory": "ICSA-26-162-02",
"discovery": "EXTERNAL"
},
"title": "Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Naxclow did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Naxclow for more information."
}
],
"value": "Naxclow did not respond to CISA\u0027s attempts to coordinate these \nvulnerabilities. Users should contact Naxclow for more information."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2026-50099",
"datePublished": "2026-06-12T18:24:14.760Z",
"dateReserved": "2026-06-08T20:04:55.558Z",
"dateUpdated": "2026-06-12T18:58:23.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49298 (GCVE-0-2026-49298)
Vulnerability from cvelistv5 – Published: 2026-06-01 07:34 – Updated: 2026-06-02 16:43- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
| URL | Tags |
|---|---|
| https://github.com/apache/airflow/pull/60108 | patch |
| https://lists.apache.org/thread/wo09vrks8189dzsot… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Affected:
0 , < 3.2.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-49298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T15:56:22.010586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T16:43:36.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nikolai Dvoinishnikov (nikdvy@gmail.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Anton Kuznetsov (piratusxp@gmail.com)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Anish Giri"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A bug in Apache Airflow\u0026#x27;s KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints \u2014 triggering Dag runs, clearing runs, reading or writing Variables / Connections / XComs \u2014 as if they were a running task. Affects deployments using the `KubernetesExecutor`. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. This is the airflow-core half of the same vulnerability addressed by [CVE-2026-27173](https://www.cve.org/CVERecord?id=CVE-2026-27173), which shipped the apache-airflow-providers-cncf-kubernetes side of the fix. Deployments that already upgraded `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or later per the CVE-2026-27173 advisory should additionally upgrade `apache-airflow` to 3.2.2 or later to close the core-side surface \u2014 the two fixes are complementary, not duplicates."
}
],
"value": "A bug in Apache Airflow\u0027s KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints \u2014 triggering Dag runs, clearing runs, reading or writing Variables / Connections / XComs \u2014 as if they were a running task. Affects deployments using the `KubernetesExecutor`. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. This is the airflow-core half of the same vulnerability addressed by [CVE-2026-27173](https://www.cve.org/CVERecord?id=CVE-2026-27173), which shipped the apache-airflow-providers-cncf-kubernetes side of the fix. Deployments that already upgraded `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or later per the CVE-2026-27173 advisory should additionally upgrade `apache-airflow` to 3.2.2 or later to close the core-side surface \u2014 the two fixes are complementary, not duplicates."
}
],
"metrics": [
{
"other": {
"content": {
"text": "Moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:34:32.229Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/60108"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/wo09vrks8189dzsot39rvrx3vnx102tt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments",
"x_generator": {
"engine": "airflow-s/generate_cve_json.py"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-49298",
"datePublished": "2026-06-01T07:34:32.229Z",
"dateReserved": "2026-05-28T21:14:03.813Z",
"dateUpdated": "2026-06-02T16:43:36.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46617 (GCVE-0-2026-46617)
Vulnerability from cvelistv5 – Published: 2026-06-10 17:20 – Updated: 2026-06-10 18:20| URL | Tags |
|---|---|
| https://github.com/fission/fission/security/advis… | x_refsource_CONFIRM |
| https://github.com/fission/fission/pull/3366 | x_refsource_MISC |
| https://github.com/fission/fission/releases/tag/v1.23.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T18:20:03.806936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T18:20:14.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fission",
"vendor": "fission",
"versions": [
{
"status": "affected",
"version": "\u003c 1.23.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted namespace-wide get on secrets and configmaps (it needs that to load function code, env vars, and config). The runtime pod\u0027s automounted token was reachable from inside the user\u0027s function container at /var/run/secrets/kubernetes.io/serviceaccount/token, so user-supplied function code inherited the same Kubernetes API privileges and could read any secret or configmap in the function\u0027s namespace \u2014 far beyond the Function.spec.secrets allowlist that the function specification suggests. This issue has been patched in version 1.23.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T17:20:10.375Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/fission/fission/security/advisories/GHSA-85g2-pmrx-r49q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fission/fission/security/advisories/GHSA-85g2-pmrx-r49q"
},
{
"name": "https://github.com/fission/fission/pull/3366",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/pull/3366"
},
{
"name": "https://github.com/fission/fission/releases/tag/v1.23.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fission/fission/releases/tag/v1.23.0"
}
],
"source": {
"advisory": "GHSA-85g2-pmrx-r49q",
"discovery": "UNKNOWN"
},
"title": "Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-46617",
"datePublished": "2026-06-10T17:20:10.375Z",
"dateReserved": "2026-05-15T19:34:14.012Z",
"dateUpdated": "2026-06-10T18:20:14.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33705 (GCVE-0-2026-33705)
Vulnerability from cvelistv5 – Published: 2026-04-10 18:32 – Updated: 2026-04-15 15:02- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
| URL | Tags |
|---|---|
| https://github.com/chamilo/chamilo-lms/security/a… | x_refsource_CONFIRM |
| https://github.com/chamilo/chamilo-lms/commit/4ef… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| chamilo | chamilo-lms |
Affected:
< 1.11.38
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T15:02:23.156125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T15:02:39.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "chamilo-lms",
"vendor": "chamilo",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.38"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel structure. This vulnerability is fixed in 1.11.38."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T18:33:44.062Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-5wjg-8x28-px57",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-5wjg-8x28-px57"
},
{
"name": "https://github.com/chamilo/chamilo-lms/commit/4efb5ee8ed849ca147ca1fe7472ef7b98db17bff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/chamilo/chamilo-lms/commit/4efb5ee8ed849ca147ca1fe7472ef7b98db17bff"
}
],
"source": {
"advisory": "GHSA-5wjg-8x28-px57",
"discovery": "UNKNOWN"
},
"title": "Chamilo LMS has unauthenticated access to Twig template source files exposes application logic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33705",
"datePublished": "2026-04-10T18:32:45.193Z",
"dateReserved": "2026-03-23T17:06:05.746Z",
"dateUpdated": "2026-04-15T15:02:39.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29114 (GCVE-0-2026-29114)
Vulnerability from cvelistv5 – Published: 2026-06-10 05:44 – Updated: 2026-06-10 14:59- CWE-538 - Insertion of sensitive information into Externally-Accessible file or directory
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29114",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T14:55:17.548173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T14:59:30.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IPC",
"vendor": "Dahua",
"versions": [
{
"status": "affected",
"version": "Some IPC models are affected, specifically those with a build date before April 15, 2026.",
"versionType": "date"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability has been found in some Dahua products. An attacker\nmay obtain the device\u2019s CA root certificate. If that CA is installed and\ntrusted on client systems, the attacker could issue fraudulent certificates\ntrusted by those clients and undermine the certificate trust chain.\u003c/p\u003e"
}
],
"value": "A vulnerability has been found in some Dahua products. An attacker\nmay obtain the device\u2019s CA root certificate. If that CA is installed and\ntrusted on client systems, the attacker could issue fraudulent certificates\ntrusted by those clients and undermine the certificate trust chain."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of sensitive information into Externally-Accessible file or directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T05:44:50.397Z",
"orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"shortName": "dahua"
},
"references": [
{
"url": "https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
"assignerShortName": "dahua",
"cveId": "CVE-2026-29114",
"datePublished": "2026-06-10T05:44:50.397Z",
"dateReserved": "2026-03-04T03:32:28.880Z",
"dateUpdated": "2026-06-10T14:59:30.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27173 (GCVE-0-2026-27173)
Vulnerability from cvelistv5 – Published: 2026-05-19 19:19 – Updated: 2026-05-19 19:57- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow CNCF Kubernetes provider |
Affected:
0 , < 10.17.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-19T19:34:01.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/19/35"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-27173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T19:56:34.624709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T19:57:11.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow-providers-cncf-kubernetes",
"product": "Apache Airflow CNCF Kubernetes provider",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "10.17.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nikolai Dvoinishnikov, Welltory"
},
{
"lang": "en",
"type": "finder",
"value": "Anton Kuznetsov, Welltory"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Anish Giri"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks."
}
],
"value": "JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks."
}
],
"metrics": [
{
"other": {
"content": {
"text": "Moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T19:19:00.266Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/airflow/pull/60108"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/pk3m2z4s2rkmc0v6gh9hnch9spc6stqw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments",
"x_generator": {
"engine": "airflow-s/generate_cve_json.py"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-27173",
"datePublished": "2026-05-19T19:19:00.266Z",
"dateReserved": "2026-02-18T14:18:43.403Z",
"dateUpdated": "2026-05-19T19:57:11.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23838 (GCVE-0-2026-23838)
Vulnerability from cvelistv5 – Published: 2026-01-19 18:14 – Updated: 2026-01-20 21:41- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
| URL | Tags |
|---|---|
| https://github.com/NixOS/nixpkgs/security/advisor… | x_refsource_CONFIRM |
| https://github.com/NixOS/nixpkgs/issues/338339 | x_refsource_MISC |
| https://github.com/NixOS/nixpkgs/pull/427845 | x_refsource_MISC |
| https://github.com/NixOS/nixpkgs/pull/481140 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23838",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T21:41:20.975315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:41:34.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nixpkgs",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 23.05, \u003c 26.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default `MEDIA_ROOT`, the full database file may be externally accessible, potentially on the Internet. The root cause is that the NixOS module configures the working directory of Tandoor Recipes, as well as the value of `MEDIA_ROOT`, to be `/var/lib/tandoor-recipes`. This causes Tandoor Recipes to create its `db.sqlite3` database file in the same directory as `MEDIA_ROOT` causing it to be accessible without authentication through HTTP like any other media file. This is the case when using `GUNICORN_MEDIA=1` or when using a web server like nginx to serve media files. NixOS 26.05 changes the default value of `MEDIA_ROOT` to a sub folder of the data directory. This only applies to configurations with `system.stateVersion` \u003e= 26.05. For older configurations, one of the workarounds should be applied instead. NixOS 25.11 has received a backport of this patch, though it doesn\u0027t fix this vulnerability without user intervention. A recommended workaround is to move `MEDIA_ROOT` into a subdirectory. Non-recommended workarounds include switching to PostgreSQL or disallowing access to `db.sqlite3`."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-19T18:14:55.567Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-g8w3-p77x-mmxh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-g8w3-p77x-mmxh"
},
{
"name": "https://github.com/NixOS/nixpkgs/issues/338339",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/issues/338339"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/427845",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/427845"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/481140",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/481140"
}
],
"source": {
"advisory": "GHSA-g8w3-p77x-mmxh",
"discovery": "UNKNOWN"
},
"title": "Tandoor Recipes module allows SQLite database to be externally accessible with the default settings"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23838",
"datePublished": "2026-01-19T18:14:55.567Z",
"dateReserved": "2026-01-16T15:46:40.842Z",
"dateUpdated": "2026-01-20T21:41:34.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21672 (GCVE-0-2026-21672)
Vulnerability from cvelistv5 – Published: 2026-03-12 16:26 – Updated: 2026-05-10 13:00- CWE-538 - File and Directory Information Exposure
| Vendor | Product | Version | |
|---|---|---|---|
| Veeam | Backup and Replication |
Affected:
12 , < 12.3.2
(semver)
Affected: 13 , < 13.0.1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-21672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T03:55:47.868321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T13:00:07.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Backup and Replication",
"vendor": "Veeam",
"versions": [
{
"lessThan": "12.3.2",
"status": "affected",
"version": "12",
"versionType": "semver"
},
{
"lessThan": "13.0.1",
"status": "affected",
"version": "13",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability allowing local privilege escalation on Windows-based Veeam Backup \u0026 Replication servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T15:32:11.662Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://www.veeam.com/kb4831"
},
{
"url": "https://www.veeam.com/kb4830"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-21672",
"datePublished": "2026-03-12T16:26:52.213Z",
"dateReserved": "2026-01-02T15:00:02.872Z",
"dateUpdated": "2026-05-10T13:00:07.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15574 (GCVE-0-2026-15574)
Vulnerability from cvelistv5 – Published: 2026-07-13 08:01 – Updated: 2026-07-13 14:41- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-15574 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2499594 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15574",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T14:41:50.451291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T14:41:57.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unknown",
"packageName": "rhoai/odh-trustyai-vllm-orchestrator-gateway-rhel9",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
}
],
"datePublic": "2026-07-10T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the vllm-orchestrator-gateway component. The system\u0027s production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information (PII) and secrets, to persistent logs. This sensitive data, including bearer tokens and chat content, can be accessed by any user with logging privileges. This vulnerability leads to information disclosure, potentially allowing an attacker to harvest credentials and sensitive conversation content."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T08:01:26.253Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-15574"
},
{
"name": "RHBZ#2499594",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2499594"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T07:38:33.195Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-07-10T09:00:00.000Z",
"value": "Made public."
}
],
"title": "Vllm-orchestrator-gateway: vllm-orchestrator-gateway: authorization header and full chat payloads logged at hard-coded debug default",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, configure the `RUST_LOG` environment variable for the `vllm-orchestrator-gateway` component to a level higher than DEBUG, such as `INFO`. This will prevent the logging of sensitive authorization headers and full chat payloads to persistent logs. For example, set `RUST_LOG=info` in the deployment configuration. A restart of the affected pods or services is required for this change to take effect."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-15574",
"datePublished": "2026-07-13T08:01:26.253Z",
"dateReserved": "2026-07-13T07:52:38.428Z",
"dateUpdated": "2026-07-13T14:41:57.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Do not expose file and directory information to the user.
CAPEC-95: WSDL Scanning
This attack targets the WSDL interface made available by a web service. The attacker may scan the WSDL interface to reveal sensitive information about invocation patterns, underlying technology implementations and associated vulnerabilities. This type of probing is carried out to perform more serious attacks (e.g. parameter tampering, malicious content injection, command injection, etc.). WSDL files provide detailed information about the services ports and bindings available to consumers. For instance, the attacker can submit special characters or malicious content to the Web service and can cause a denial of service condition or illegal access to database records. In addition, the attacker may try to guess other private methods by using the information provided in the WSDL files.