Common Weakness Enumeration

CWE-1284

Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

CVE-2026-0428 (GCVE-0-2026-0428)

Vulnerability from cvelistv5 – Published: 2026-05-15 02:41 – Updated: 2026-05-15 16:34
VLAI
Summary
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
AMD
Date Public
2026-05-15 02:40
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0428",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-15T16:34:23.455427Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-15T16:34:39.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300A",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "BKC 26"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI300X",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ROCm 6.3.1"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI308X",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ROCm 6.4.2"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "AMD Instinct\u2122 MI325X",
          "vendor": "AMD",
          "versions": [
            {
              "status": "unaffected",
              "version": "ROCm 6.3.1"
            }
          ]
        }
      ],
      "datePublic": "2026-05-15T02:40:36.026Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.\u003cbr\u003e"
            }
          ],
          "value": "Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "baseScore": 1.8,
            "baseSeverity": "LOW",
            "privilegesRequired": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284  Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-15T02:41:13.879Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "AMD PSIRT Automation 1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2026-0428",
    "datePublished": "2026-05-15T02:41:13.879Z",
    "dateReserved": "2025-12-06T13:53:33.452Z",
    "dateUpdated": "2026-05-15T16:34:39.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0925 (GCVE-0-2026-0925)

Vulnerability from cvelistv5 – Published: 2026-01-26 17:51 – Updated: 2026-02-02 20:01
VLAI
Title
Tanium addressed an improper input validation vulnerability in Discover.
Summary
Tanium addressed an improper input validation vulnerability in Discover.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
Tanium Discover Affected: 4.10 , < 4.10.134 (custom)
Affected: 4.15 , < 4.15.130 (custom)
    cpe:2.3:a:tanium:service_asset:4.10.133:*:*:*:*:*:*:*
    cpe:2.3:a:tanium:service_asset:4.15.129:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2026-01-24 01:37
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-0925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-26T19:50:33.379257Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-26T19:50:46.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:tanium:service_asset:4.10.133:*:*:*:*:*:*:*",
            "cpe:2.3:a:tanium:service_asset:4.15.129:*:*:*:*:*:*:*"
          ],
          "product": "Discover",
          "vendor": "Tanium",
          "versions": [
            {
              "lessThan": "4.10.134",
              "status": "affected",
              "version": "4.10",
              "versionType": "custom"
            },
            {
              "lessThan": "4.15.130",
              "status": "affected",
              "version": "4.15",
              "versionType": "custom"
            }
          ]
        }
      ],
      "dateAssigned": "2026-01-13T20:48:10.331Z",
      "datePublic": "2026-01-24T01:37:51.794Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Tanium addressed an improper input validation vulnerability in Discover."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-02T20:01:37.786Z",
        "orgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
        "shortName": "Tanium"
      },
      "references": [
        {
          "name": "TAN-2026-002",
          "url": "https://security.tanium.com/TAN-2026-002"
        }
      ],
      "title": "Tanium addressed an improper input validation vulnerability in Discover."
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3938794e-25f5-4123-a1ba-5cbd7f104512",
    "assignerShortName": "Tanium",
    "cveId": "CVE-2026-0925",
    "datePublished": "2026-01-26T17:51:34.091Z",
    "dateReserved": "2026-01-13T20:48:10.968Z",
    "dateUpdated": "2026-02-02T20:01:37.786Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1092 (GCVE-0-2026-1092)

Vulnerability from cvelistv5 – Published: 2026-04-08 22:26 – Updated: 2026-04-09 15:09
VLAI
Title
Improper Validation of Specified Quantity in Input in GitLab
Summary
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
GitLab GitLab Affected: 12.10 , < 18.8.9 (semver)
Affected: 18.9 , < 18.9.5 (semver)
Affected: 18.10 , < 18.10.3 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1092",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T15:09:43.259973Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-09T15:09:51.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.8.9",
              "status": "affected",
              "version": "12.10",
              "versionType": "semver"
            },
            {
              "lessThan": "18.9.5",
              "status": "affected",
              "version": "18.9",
              "versionType": "semver"
            },
            {
              "lessThan": "18.10.3",
              "status": "affected",
              "version": "18.10",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T22:26:12.837Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "HackerOne Bug Bounty Report #3487030",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3487030"
        },
        {
          "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586479"
        },
        {
          "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.8.9, 18.9.5, 18.10.3 or above."
        }
      ],
      "title": "Improper Validation of Specified Quantity in Input in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-1092",
    "datePublished": "2026-04-08T22:26:12.837Z",
    "dateReserved": "2026-01-16T21:04:09.219Z",
    "dateUpdated": "2026-04-09T15:09:51.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1101 (GCVE-0-2026-1101)

Vulnerability from cvelistv5 – Published: 2026-04-08 22:26 – Updated: 2026-04-09 15:41
VLAI
Title
Improper Validation of Specified Quantity in Input in GitLab
Summary
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
GitLab GitLab Affected: 18.2 , < 18.8.9 (semver)
Affected: 18.9 , < 18.9.5 (semver)
Affected: 18.10 , < 18.10.3 (semver)
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Thanks [sim4n6](https://hackerone.com/sim4n6) for reporting this vulnerability through our HackerOne bug bounty program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1101",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-09T15:40:51.074249Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-09T15:41:03.766Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "GitLab",
          "repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
          "vendor": "GitLab",
          "versions": [
            {
              "lessThan": "18.8.9",
              "status": "affected",
              "version": "18.2",
              "versionType": "semver"
            },
            {
              "lessThan": "18.9.5",
              "status": "affected",
              "version": "18.9",
              "versionType": "semver"
            },
            {
              "lessThan": "18.10.3",
              "status": "affected",
              "version": "18.10",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Thanks [sim4n6](https://hackerone.com/sim4n6) for reporting this vulnerability through our HackerOne bug bounty program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T22:26:07.834Z",
        "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
        "shortName": "GitLab"
      },
      "references": [
        {
          "name": "HackerOne Bug Bounty Report #3460228",
          "tags": [
            "technical-description",
            "exploit",
            "permissions-required"
          ],
          "url": "https://hackerone.com/reports/3460228"
        },
        {
          "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586488"
        },
        {
          "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to versions 18.8.9, 18.9.5, 18.10.3 or above."
        }
      ],
      "title": "Improper Validation of Specified Quantity in Input in GitLab"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
    "assignerShortName": "GitLab",
    "cveId": "CVE-2026-1101",
    "datePublished": "2026-04-08T22:26:07.834Z",
    "dateReserved": "2026-01-16T22:33:15.858Z",
    "dateUpdated": "2026-04-09T15:41:03.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11596 (GCVE-0-2026-11596)

Vulnerability from cvelistv5 – Published: 2026-06-10 17:15 – Updated: 2026-06-10 18:18
VLAI
Summary
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper validation of specified quantity in input
Assigner
Impacted products
Vendor Product Version
ConnectWise ScreenConnect Affected: All versions prior to 26.2
Create a notification for this product.
Credits
Damian West (Austin Group)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-10T18:18:34.629863Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T18:18:41.537Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Host Pass"
          ],
          "product": "ScreenConnect",
          "vendor": "ConnectWise",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 26.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Damian West (Austin Group)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn ScreenConnect\u2122 versions prior to 26.2, input\nvalidation within the Host Pass creation functionality could allow an\nauthenticated user with Host Pass creation privileges the ability to specify a\ntoken expiration duration beyond the intended maximum when generating delegated\naccess tokens.\u0026nbsp;\u003c/p\u003e"
            }
          ],
          "value": "In ScreenConnect\u2122 versions prior to 26.2, input\nvalidation within the Host Pass creation functionality could allow an\nauthenticated user with Host Pass creation privileges the ability to specify a\ntoken expiration duration beyond the intended maximum when generating delegated\naccess tokens."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper validation of specified quantity in input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T17:15:07.586Z",
        "orgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
        "shortName": "ConnectWise"
      },
      "references": [
        {
          "url": "https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cb\u003eCloud:\u0026nbsp;\u003c/b\u003e\u003cspan\u003eNo action is required. ScreenConnect servers hosted in the\nScreenConnect cloud environment have been updated to remediate this issue.\u003c/span\u003e\u003c/p\u003e\n\n\u003cp\u003e\u003cb\u003eOn-prem\u003c/b\u003e:\u0026nbsp;\u003cspan\u003eUpgrade to ScreenConnect version 26.2 or later.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "Cloud:\u00a0No action is required. ScreenConnect servers hosted in the\nScreenConnect cloud environment have been updated to remediate this issue.\n\n\n\n\n\nOn-prem:\u00a0Upgrade to ScreenConnect version 26.2 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d616e1a-3288-43b1-a0dd-0a65d3e70a49",
    "assignerShortName": "ConnectWise",
    "cveId": "CVE-2026-11596",
    "datePublished": "2026-06-10T17:15:07.586Z",
    "dateReserved": "2026-06-08T14:17:16.449Z",
    "dateUpdated": "2026-06-10T18:18:41.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-11906 (GCVE-0-2026-11906)

Vulnerability from cvelistv5 – Published: 2026-06-30 19:42 – Updated: 2026-07-01 15:53
VLAI
Title
IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7277423 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
Affected: 12.1.0 , ≤ 12.1.4 (semver)
    cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-11906",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:53:15.458939Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:53:31.824Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.4",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u0026nbsp;authenticated user to cause a denial of service due to improper neutralization of special\u0026nbsp;elements in the data query logic of XMLTable-derived columns.\u003c/p\u003e"
            }
          ],
          "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u00a0authenticated user to cause a denial of service due to improper neutralization of special\u00a0elements in the data query logic of XMLTable-derived columns."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-30T19:42:08.459Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7277423"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BsUv/dt466352\" rel=\"nofollow\"\u003eDT466352\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #84653 or later for V11.5.9 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000BsUv/dt466352\" rel=\"nofollow\"\u003eDT466352\u003c/a\u003e\u003cbr/\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #86230 or later for V12.1.4 available at this link:\u003cbr/\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release:V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\n\n\nV12.1\n\n\n\n\n\n\n\nTBD\n\n\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
        }
      ],
      "title": "IBM\u00ae Db2\u00ae federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-11906",
    "datePublished": "2026-06-30T19:42:08.459Z",
    "dateReserved": "2026-06-10T16:11:41.935Z",
    "dateUpdated": "2026-07-01T15:53:31.824Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12059 (GCVE-0-2026-12059)

Vulnerability from cvelistv5 – Published: 2026-06-12 06:30 – Updated: 2026-06-12 13:58
VLAI
Title
Cellopoint|CelloOS - Improper Access Control
Summary
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper validation of specified quantity in input
Assigner
References
Impacted products
Vendor Product Version
Cellopoint CelloOS Affected: 0 , < 4.8.0 Build 20260316 (custom)
Create a notification for this product.
Date Public
2026-06-12 06:27
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-12059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T13:55:06.257796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T13:58:36.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CelloOS",
          "vendor": "Cellopoint",
          "versions": [
            {
              "lessThan": "4.8.0 Build 20260316",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-06-12T06:27:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope."
            }
          ],
          "value": "The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper validation of specified quantity in input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T06:30:54.990Z",
        "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "shortName": "twcert"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/tw/cp-132-10966-3258e-1.html"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.twcert.org.tw/en/cp-139-10965-3ce75-2.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u0026nbsp;Systems connected to the vendor update service received vendor-side remediation on 2026-03-18. Systems that are offline, isolated, or otherwise unable to receive remote patches should be manually updated to any fixed release made available on or after 2026-03-18."
            }
          ],
          "value": "Systems connected to the vendor update service received vendor-side remediation on 2026-03-18. Systems that are offline, isolated, or otherwise unable to receive remote patches should be manually updated to any fixed release made available on or after 2026-03-18."
        }
      ],
      "source": {
        "advisory": "TVN-202606002",
        "discovery": "EXTERNAL"
      },
      "title": "Cellopoint\uff5cCelloOS - Improper Access Control",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
    "assignerShortName": "twcert",
    "cveId": "CVE-2026-12059",
    "datePublished": "2026-06-12T06:30:54.990Z",
    "dateReserved": "2026-06-12T06:01:41.825Z",
    "dateUpdated": "2026-06-12T13:58:36.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-12755 (GCVE-0-2026-12755)

Vulnerability from cvelistv5 – Published: 2026-06-25 13:12 – Updated: 2026-06-25 14:52
VLAI
Summary
Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2 challenge-response, via a crafted DomainName parameter.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper validation of specified quantity in input
Assigner
Impacted products
Vendor Product Version
Devolutions Server Affected: 2026.2.4.0 , < 2026.2.7.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 2.7,
              "baseSeverity": "LOW",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-12755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T14:52:17.880696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T14:52:29.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Server",
          "vendor": "Devolutions",
          "versions": [
            {
              "lessThan": "2026.2.7.0",
              "status": "affected",
              "version": "2026.2.4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper input validation in the PAM AD discovery endpoints in \nDevolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated\n user with the UserGroupsView permission to coerce server-side \nauthentication to an attacker-controlled host, exposing PAM provider \ncredentials as a NTLMv2 challenge-response, via a crafted DomainName \nparameter."
            }
          ],
          "value": "Improper input validation in the PAM AD discovery endpoints in \nDevolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated\n user with the UserGroupsView permission to coerce server-side \nauthentication to an attacker-controlled host, exposing PAM provider \ncredentials as a NTLMv2 challenge-response, via a crafted DomainName \nparameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper validation of specified quantity in input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-25T13:12:54.439Z",
        "orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
        "shortName": "DEVOLUTIONS"
      },
      "references": [
        {
          "url": "https://devolutions.net/security/advisories/DEVO-2026-0020/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
    "assignerShortName": "DEVOLUTIONS",
    "cveId": "CVE-2026-12755",
    "datePublished": "2026-06-25T13:12:54.439Z",
    "dateReserved": "2026-06-19T19:30:39.329Z",
    "dateUpdated": "2026-06-25T14:52:29.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1352 (GCVE-0-2026-1352)

Vulnerability from cvelistv5 – Published: 2026-04-22 23:37 – Updated: 2026-04-23 13:57
VLAI
Title
IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index
Summary
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7269433 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Db2 Affected: 11.5.0 , ≤ 11.5.9 (semver)
Affected: 12.1.0 , ≤ 12.1.4 (semver)
    cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1352",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-23T13:57:26.724539Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-23T13:57:34.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:11.5.9:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*"
          ],
          "product": "Db2",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.5.9",
              "status": "affected",
              "version": "11.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "12.1.4",
              "status": "affected",
              "version": "12.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u0026nbsp;authenticated user to cause a denial of service due to improper neutralization of special\u0026nbsp;elements in data query logic.\u003c/p\u003e"
            }
          ],
          "value": "IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an\u00a0authenticated user to cause a denial of service due to improper neutralization of special\u00a0elements in data query logic."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T23:37:41.981Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7269433"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCustomers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eRelease\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed in mod pack\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAPAR\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eDownload URL\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eV11.5\u003c/td\u003e\u003ctd\u003eTBD\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000913J/dt459558\" rel=\"nofollow\"\u003eDT459558\u003c/a\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #79671 or later for V11.5.9 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7087189\" rel=\"noopener noreferrer nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7087189\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eV12.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eTBD\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/mysupport/s/defect/aCIgJ000000913J/dt459558\" rel=\"nofollow\"\u003eDT459558\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003eSpecial Build #80714 or later for V12.1.4 available at this link:\u003cbr\u003e\u003ca href=\"https://www.ibm.com/support/pages/node/7267513\" rel=\"nofollow\"\u003ehttps://www.ibm.com/support/pages/node/7267513\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.\n\n\n\nReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189 \n\nV12.1\n\n\n\nTBD\n\n\n\n https://www.ibm.com/support/pages/node/7267513 \n\n\n\n\n\nIBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability."
        }
      ],
      "title": "IBM\u00ae Db2\u00ae is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSet the following registry variable to avoid SORT operations that are used for some JOIN optimization techniques:\u003c/p\u003e\u003cp\u003edb2set -im DB2_REDUCED_OPTIMIZATION=\"NO_SORT_NLJOIN,NO_SORT_MGJOIN\"\u003c/p\u003e"
            }
          ],
          "value": "Set the following registry variable to avoid SORT operations that are used for some JOIN optimization techniques:\n\ndb2set -im DB2_REDUCED_OPTIMIZATION=\"NO_SORT_NLJOIN,NO_SORT_MGJOIN\""
        }
      ],
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-1352",
    "datePublished": "2026-04-22T23:37:35.127Z",
    "dateReserved": "2026-01-22T17:35:12.277Z",
    "dateUpdated": "2026-04-23T13:57:34.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1528 (GCVE-0-2026-1528)

Vulnerability from cvelistv5 – Published: 2026-03-12 20:21 – Updated: 2026-07-02 12:05
VLAI
Title
undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client
Summary
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-248 - Uncaught exception
  • CWE-1284 - Improper validation of specified quantity in input
  • CWE-248 - Uncaught Exception
Assigner
References
URL Tags
https://github.com/nodejs/undici/security/advisor…
https://hackerone.com/reports/3537648
https://cna.openjsf.org/security-advisories.html
https://access.redhat.com/security/cve/CVE-2026-1528 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2447145 issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:17789 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7310 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7080 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7675 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7123 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7670 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7983 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7302 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7350 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34342 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9742 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13826 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5807 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21772 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:21931 vendor-advisoryx_refsource_REDHAT
Impacted products
Vendor Product Version
undici undici Affected: >= 6.0.0 < 6.24.0; 7.0.0 < 7.24.0
Unaffected: 6.24.0: 7.24.0
Create a notification for this product.
Red Hat Cryostat 4 on RHEL 9     cpe:/a:redhat:cryostat:4::el9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream EUS (v. 10.0)     cpe:/o:redhat:enterprise_linux_eus:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.6)     cpe:/a:redhat:rhel_eus:9.6::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
Create a notification for this product.
Red Hat Cluster Observability Operator 1.5.0     cpe:/a:redhat:cluster_observability_operator:1.5::el9
Create a notification for this product.
Red Hat Red Hat Developer Hub 1.8     cpe:/a:redhat:rhdh:1.8::el9
Create a notification for this product.
Red Hat Red Hat Developer Hub 1.9     cpe:/a:redhat:rhdh:1.9::el9
Create a notification for this product.
Red Hat Red Hat OpenShift AI 2.16     cpe:/a:redhat:openshift_ai:2.16::el8
Create a notification for this product.
Red Hat Red Hat OpenShift Dev Spaces 3.28     cpe:/a:redhat:openshift_devspaces:3.28::el9
Create a notification for this product.
Red Hat Red Hat OpenShift Pipelines 1.2     cpe:/a:redhat:openshift_pipelines:1.20::el9
Create a notification for this product.
Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
Create a notification for this product.
Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
Create a notification for this product.
Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
Create a notification for this product.
Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
Create a notification for this product.
Red Hat Self-service automation portal 2     cpe:/a:redhat:ansible_portal:2
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform 8     cpe:/a:redhat:jboss_enterprise_application_platform:8
Create a notification for this product.
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack     cpe:/a:redhat:jbosseapxp
Create a notification for this product.
Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
Create a notification for this product.
Credits
Matteo Collina Ulises Gascón
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1528",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-13T13:03:59.738320Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-13T13:04:57.048Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:cryostat:4::el9"
            ],
            "defaultStatus": "affected",
            "product": "Cryostat 4 on RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cluster_observability_operator:1.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Cluster Observability Operator 1.5.0",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.9::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.16::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 2.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3.28::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces 3.28",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Pipelines 1.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_lightspeed"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Lightspeed",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Pipelines",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_portal:2"
            ],
            "defaultStatus": "affected",
            "product": "Self-service automation portal 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jbosseapxp"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Dev Spaces",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-03-12T20:21:57.775Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in undici. A remote attacker could exploit this vulnerability by sending a specially crafted WebSocket frame with an extremely large 64-bit length. This causes undici\u0027s ByteParser to overflow its internal calculations, leading to an invalid state and a fatal TypeError. The primary consequence is a Denial of Service (DoS), which terminates the process."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-248",
                "description": "Uncaught Exception",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T12:05:22.329Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-1528"
          },
          {
            "name": "RHBZ#2447145",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447145"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1528.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17789"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7310"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7080"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7675"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7123"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7670"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7983"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7302"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7350"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:34342"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9742"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13826"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5807"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21772"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21931"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:17789: Cryostat 4 on RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7310: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7080: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7675: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7123: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7670: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7983: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7302: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7350: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21931: Red Hat OpenShift Pipelines 1.2"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-03-12T21:01:36.954Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-03-12T20:21:57.775Z",
            "value": "Made public."
          }
        ],
        "title": "undici: undici: Denial of Service via crafted WebSocket frame with large length",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/nodejs/undici/",
          "defaultStatus": "unaffected",
          "packageName": "undici",
          "product": "undici",
          "repo": "https://github.com/nodejs/undici/",
          "vendor": "undici",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 6.0.0 \u003c 6.24.0; 7.0.0 \u003c 7.24.0"
            },
            {
              "status": "unaffected",
              "version": "6.24.0: 7.24.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Matteo Collina"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Ulises Gasc\u00f3n"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003ch3\u003e\u003cspan\u003eImpact\u003c/span\u003e\u003c/h3\u003e\u003cp\u003eA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici\u0027s ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.\u003cbr\u003e\u003cbr\u003e\u003cb\u003ePatches\u003cbr\u003e\u003c/b\u003e\u003cbr\u003ePatched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici\u0027s ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.\n\nPatches\n\nPatched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248 Uncaught exception",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper validation of specified quantity in input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-12T20:21:57.775Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
        },
        {
          "url": "https://hackerone.com/reports/3537648"
        },
        {
          "url": "https://cna.openjsf.org/security-advisories.html"
        }
      ],
      "source": {
        "advisory": "GHSA-f269-vfmq-vjvj",
        "discovery": "UNKNOWN"
      },
      "title": "undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client",
      "x_generator": {
        "engine": "Vulnogram 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2026-1528",
    "datePublished": "2026-03-12T20:21:57.775Z",
    "dateReserved": "2026-01-28T12:05:10.024Z",
    "dateUpdated": "2026-07-02T12:05:22.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-5

Phase: Implementation

Strategy: Input Validation

Description:

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page