Common Weakness Enumeration

CWE-684

Allowed-with-Review

Incorrect Provision of Specified Functionality

Abstraction: Class · Status: Draft

The code does not function according to its published specifications, potentially leading to incorrect usage.

53 vulnerabilities reference this CWE, most recent first.

CVE-2026-44597 (GCVE-0-2026-44597)

Vulnerability from cvelistv5 – Published: 2026-05-07 00:56 – Updated: 2026-05-07 13:12
VLAI
Summary
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-684 - Incorrect Provision of Specified Functionality
Assigner
Impacted products
Vendor Product Version
torproject Tor Affected: 0 , < 0.4.9.7 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T13:11:47.868794Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-07T13:12:29.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Tor",
          "vendor": "torproject",
          "versions": [
            {
              "lessThan": "0.4.9.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:torproject:tor:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.4.9.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684 Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-07T03:24:05.985Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://forum.torproject.org/c/news/tor-release-announcement/28"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/05/06/8"
        },
        {
          "url": "https://gitlab.torproject.org/tpo/core/tor/-/work_items/41254"
        },
        {
          "url": "https://gitlab.torproject.org/tpo/core/tor/-/commit/8f98054b1982d00a14639864d03e9afd90b87481"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-44597",
    "datePublished": "2026-05-07T00:56:47.320Z",
    "dateReserved": "2026-05-07T00:56:46.891Z",
    "dateUpdated": "2026-05-07T13:12:29.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-42255 (GCVE-0-2026-42255)

Vulnerability from cvelistv5 – Published: 2026-04-26 02:48 – Updated: 2026-04-27 13:31
VLAI
Summary
Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-684 - Incorrect Provision of Specified Functionality
Assigner
Impacted products
Vendor Product Version
Technitium DnsServer Affected: 0 , < 15.0.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42255",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-27T13:20:27.700885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-27T13:31:57.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:docker/technitium/dns-server",
          "product": "DnsServer",
          "vendor": "Technitium",
          "versions": [
            {
              "lessThan": "15.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:technitium:dnsserver:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684 Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-26T03:10:30.349Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/TechnitiumSoftware/DnsServer/blob/master/CHANGELOG.md#technitium-dns-server-change-log"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-42255",
    "datePublished": "2026-04-26T02:48:44.810Z",
    "dateReserved": "2026-04-26T02:48:44.278Z",
    "dateUpdated": "2026-04-27T13:31:57.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40685 (GCVE-0-2026-40685)

Vulnerability from cvelistv5 – Published: 2026-04-30 00:00 – Updated: 2026-05-01 14:26
VLAI
Summary
In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-684 - Incorrect Provision of Specified Functionality
Assigner
Impacted products
Vendor Product Version
Exim Exim Affected: 0 , < 4.99.2 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40685",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-01T14:26:30.902958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-01T14:26:41.873Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Exim",
          "vendor": "Exim",
          "versions": [
            {
              "lessThan": "4.99.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.99.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \\ skipping."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684 Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-01T01:18:39.741Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/30/21"
        },
        {
          "url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40685.assessment"
        },
        {
          "url": "https://code.exim.org/exim/exim/commit/9fdc057e71b87c87a0d3d2288b2810a0efaaba57"
        },
        {
          "url": "https://exim.org/static/doc/security/CVE-2026-40685.txt"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-40685",
    "datePublished": "2026-04-30T00:00:00.000Z",
    "dateReserved": "2026-04-14T00:00:00.000Z",
    "dateUpdated": "2026-05-01T14:26:41.873Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40684 (GCVE-0-2026-40684)

Vulnerability from cvelistv5 – Published: 2026-04-30 00:00 – Updated: 2026-05-01 17:22
VLAI
Summary
In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-684 - Incorrect Provision of Specified Functionality
Assigner
Impacted products
Vendor Product Version
Exim Exim Affected: 0 , < 4.99.2 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40684",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-01T14:25:46.779854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-01T14:25:57.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-01T17:22:32.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Exim",
          "vendor": "Exim",
          "versions": [
            {
              "lessThan": "4.99.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.99.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684 Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-01T01:16:53.294Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2026/04/30/21"
        },
        {
          "url": "https://exim.org/static/doc/security/cve-2026-04.1/CVE2026-40684.assessment"
        },
        {
          "url": "https://code.exim.org/exim/exim/commit/628bbaca7672748d941a12e7cd5f0122a4e18c81"
        },
        {
          "url": "https://exim.org/static/doc/security/CVE-2026-40684.txt"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-40684",
    "datePublished": "2026-04-30T00:00:00.000Z",
    "dateReserved": "2026-04-14T00:00:00.000Z",
    "dateUpdated": "2026-05-01T17:22:32.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35381 (GCVE-0-2026-35381)

Vulnerability from cvelistv5 – Published: 2026-04-22 16:09 – Updated: 2026-04-22 16:53
VLAI
Title
uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering
Summary
A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code path that fails to check the record suppression status. Consequently, uutils cut emits the entire record plus a NUL byte instead of suppressing it. This divergence from GNU coreutils behavior creates a data integrity risk for automated pipelines that rely on cut -s to filter out undelimited data.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-684 - Incorrect Provision of Specified Functionality
Assigner
References
Impacted products
Vendor Product Version
Uutils coreutils Affected: 0 , < 0.8.0 (semver)
Create a notification for this product.
Credits
Zellic
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35381",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T16:52:48.799157Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T16:53:09.992Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/uutils",
          "defaultStatus": "unaffected",
          "packageName": "coreutils",
          "platforms": [
            "Linux",
            "Unix",
            "macOS"
          ],
          "product": "coreutils",
          "repo": "https://github.com/uutils/coreutils",
          "vendor": "Uutils",
          "versions": [
            {
              "lessThan": "0.8.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zellic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d \u0027\u0027 (empty delimiter) options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code path that fails to check the record suppression status. Consequently, uutils cut emits the entire record plus a NUL byte instead of suppressing it. This divergence from GNU coreutils behavior creates a data integrity risk for automated pipelines that rely on cut -s to filter out undelimited data."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153: Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684: Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T16:09:22.228Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/uutils/coreutils/pull/11394"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/uutils/coreutils/releases/tag/0.8.0"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2026-35381",
    "datePublished": "2026-04-22T16:09:22.228Z",
    "dateReserved": "2026-04-02T12:58:56.089Z",
    "dateUpdated": "2026-04-22T16:53:09.992Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-35379 (GCVE-0-2026-35379)

Vulnerability from cvelistv5 – Published: 2026-04-22 16:09 – Updated: 2026-04-22 16:59
VLAI
Title
uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling
Summary
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space character (0x20) in the [:graph:] class and excludes it from the [:print:] class, effectively reversing the standard behavior established by POSIX and GNU coreutils. This vulnerability leads to unintended data modification or loss when the utility is used in automated scripts or data-cleaning pipelines that rely on standard character class semantics. For example, a command executed to delete all graphical characters while intending to preserve whitespace will incorrectly delete all ASCII spaces, potentially resulting in data corruption or logic failures in downstream processing.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-684 - Incorrect Provision of Specified Functionality
Assigner
References
Impacted products
Vendor Product Version
Uutils coreutils Affected: 0 , < 0.8.0 (semver)
Create a notification for this product.
Credits
Zellic
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35379",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T16:58:58.741199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T16:59:11.751Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/uutils",
          "defaultStatus": "unaffected",
          "packageName": "coreutils",
          "platforms": [
            "Linux",
            "Unix",
            "macOS"
          ],
          "product": "coreutils",
          "repo": "https://github.com/uutils/coreutils",
          "vendor": "Uutils",
          "versions": [
            {
              "lessThan": "0.8.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Zellic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space character (0x20) in the [:graph:] class and excludes it from the [:print:] class, effectively reversing the standard behavior established by POSIX and GNU coreutils. This vulnerability leads to unintended data modification or loss when the utility is used in automated scripts or data-cleaning pipelines that rely on standard character class semantics. For example, a command executed to delete all graphical characters while intending to preserve whitespace will incorrectly delete all ASCII spaces, potentially resulting in data corruption or logic failures in downstream processing."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153: Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684: Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-22T16:09:17.114Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "issue-tracking",
            "patch"
          ],
          "url": "https://github.com/uutils/coreutils/pull/11405"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/uutils/coreutils/releases/tag/0.8.0"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2026-35379",
    "datePublished": "2026-04-22T16:09:17.114Z",
    "dateReserved": "2026-04-02T12:58:56.089Z",
    "dateUpdated": "2026-04-22T16:59:11.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34478 (GCVE-0-2026-34478)

Vulnerability from cvelistv5 – Published: 2026-04-10 15:40 – Updated: 2026-04-10 17:50
VLAI
Title
Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility
Summary
Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly: * The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output. * The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping. Users of the SyslogAppender are not affected, as its configuration attributes were not modified. Users are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-684 - Incorrect Provision of Specified Functionality
  • CWE-117 - Improper Output Neutralization for Logs
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Log4j Core Affected: 2.21.0 , < 2.25.4 (maven)
Affected: 3.0.0-beta1 , ≤ 3.0.0-beta3 (maven)
    cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Samuli Leinonen
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-10T16:18:17.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/10/7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34478",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T17:48:27.852992Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T17:50:12.484Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "cpes": [
            "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.apache.logging.log4j:log4j-core",
          "packageURL": "pkg:maven/org.apache.logging.log4j/log4j-core",
          "product": "Apache Log4j Core",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.25.4",
              "status": "affected",
              "version": "2.21.0",
              "versionType": "maven"
            },
            {
              "lessThanOrEqual": "3.0.0-beta3",
              "status": "affected",
              "version": "3.0.0-beta1",
              "versionType": "maven"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Samuli Leinonen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eApache Log4j Core\u0027s \u003ccode\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout\"\u003eRfc5424Layout\u003c/a\u003e\u003c/code\u003e, in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes.\u003c/p\u003e\u003cp\u003eTwo distinct issues affect users of stream-based syslog services who configure \u003ccode\u003eRfc5424Layout\u003c/code\u003e directly:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe \u003ccode\u003enewLineEscape\u003c/code\u003e attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output.\u003c/li\u003e\u003cli\u003eThe \u003ccode\u003euseTlsMessageFormat\u003c/code\u003e attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eUsers of the \u003ccode\u003eSyslogAppender\u003c/code\u003e are not affected, as its configuration attributes were not modified.\u003c/p\u003e\u003cp\u003eUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue.\u003c/p\u003e"
            }
          ],
          "value": "Apache Log4j Core\u0027s  Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes.\n\nTwo distinct issues affect users of stream-based syslog services who configure Rfc5424Layout directly:\n\n  *  The newLineEscape attribute was silently renamed, causing newline escaping to stop working for users of TCP framing (RFC 6587), exposing them to CRLF injection in log output.\n  *  The useTlsMessageFormat attribute was silently renamed, causing users of TLS framing (RFC 5425) to be silently downgraded to unframed TCP (RFC 6587), without newline escaping.\n\n\nUsers of the SyslogAppender are not affected, as its configuration attributes were not modified.\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684 Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-117",
              "description": "CWE-117 Improper Output Neutralization for Logs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-10T15:40:17.713Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/logging-log4j2/pull/4074"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://logging.apache.org/security.html#CVE-2026-34478"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://logging.apache.org/cyclonedx/vdr.xml"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/3k1clr2l6vkdnl4cbhjrnt1nyjvb5gwt"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-25T12:58:00.000Z",
          "value": "Vulnerability reported by Samuli Leinonen"
        },
        {
          "lang": "en",
          "time": "2026-03-10T16:00:00.000Z",
          "value": "Candidate patch shared internally by Piotr P. Karwasz"
        },
        {
          "lang": "en",
          "time": "2026-03-24T18:41:00.000Z",
          "value": "Fix shared publicly by Piotr P. Karwasz as pull request #4074"
        },
        {
          "lang": "en",
          "time": "2026-03-25T11:02:00.000Z",
          "value": "Fix verified by reporter"
        },
        {
          "lang": "en",
          "time": "2026-03-28T11:19:00.000Z",
          "value": "Log4j 2.25.4 released"
        }
      ],
      "title": "Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-34478",
    "datePublished": "2026-04-10T15:40:17.713Z",
    "dateReserved": "2026-03-28T13:17:35.586Z",
    "dateUpdated": "2026-04-10T17:50:12.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-30791 (GCVE-0-2026-30791)

Vulnerability from cvelistv5 – Published: 2026-03-05 14:47 – Updated: 2026-03-06 18:16
VLAI
Title
RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation
Summary
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig(). This issue affects RustDesk Client: through 1.4.5.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://rustdesk.com/docs/en/client/ technical-descriptionx_--config documentation
https://docs.google.com/document/d/e/2PACX-1vSds6… third-party-advisoryexploit
https://www.vulsec.org/ vdb-entrythird-party-advisory
Impacted products
Vendor Product Version
rustdesk-client RustDesk Client Affected: 0 , ≤ 1.4.5 (custom)
Create a notification for this product.
Date Public
2026-03-05 13:45
Credits
Erez Kalman Erez Kalman
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-30791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T18:16:06.560937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:16:16.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/rustdesk/rustdesk/releases",
          "defaultStatus": "affected",
          "modules": [
            "Config import",
            "URI scheme handler",
            "CLI --config"
          ],
          "packageName": "rustdesk-client",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux",
            "iOS",
            "Android",
            "WebClient"
          ],
          "product": "RustDesk Client",
          "programFiles": [
            "flutter/lib/common.dart",
            "hbb_common/src/config.rs"
          ],
          "programRoutines": [
            {
              "name": "parseRustdeskUri()"
            },
            {
              "name": "importConfig()"
            }
          ],
          "repo": "https://github.com/rustdesk/rustdesk,https://github.com/rustdesk/hbb_common",
          "vendor": "rustdesk-client",
          "versions": [
            {
              "lessThanOrEqual": "1.4.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Default \u2014 any deployment using \"Encrypted Config\" strings\u003cbr\u003e"
            }
          ],
          "value": "Default \u2014 any deployment using \"Encrypted Config\" strings"
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:windows:*:*:*:*:*",
                  "versionEndIncluding": "1.4.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:macos:*:*:*:*:*",
                  "versionEndIncluding": "1.4.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:linux:*:*:*:*:*",
                  "versionEndIncluding": "1.4.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:ios:*:*:*:*:*",
                  "versionEndIncluding": "1.4.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:android:*:*:*:*:*",
                  "versionEndIncluding": "1.4.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rustdesk-client:rustdesk_client:*:*:webclient:*:*:*:*:*",
                  "versionEndIncluding": "1.4.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Erez Kalman"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Erez Kalman"
        }
      ],
      "datePublic": "2026-03-05T13:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003eflutter/lib/common.Dart\u003c/tt\u003e, \u003ctt\u003ehbb_common/src/config.Rs\u003c/tt\u003e and program routines \u003ctt\u003eparseRustdeskUri()\u003c/tt\u003e, \u003ctt\u003eimportConfig()\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects RustDesk Client: through 1.4.5.\u003c/p\u003e"
            }
          ],
          "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig().\n\nThis issue affects RustDesk Client: through 1.4.5."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "PoC available. Trivially exploitable.\u003cbr\u003e"
            }
          ],
          "value": "PoC available. Trivially exploitable."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T16:38:34.973Z",
        "orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
        "shortName": "VULSec"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "x_--config documentation"
          ],
          "url": "https://rustdesk.com/docs/en/client/"
        },
        {
          "tags": [
            "third-party-advisory",
            "exploit"
          ],
          "url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
        },
        {
          "tags": [
            "vdb-entry",
            "third-party-advisory"
          ],
          "url": "https://www.vulsec.org/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Implement AES-256-GCM AEAD or equivalent authenticated encryption\u003cbr\u003e"
            }
          ],
          "value": "Implement AES-256-GCM AEAD or equivalent authenticated encryption"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RustDesk Client Accepts Pseudo-Encrypted Config Strings Without Cryptographic Validation",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Treat config strings as public; restrict distribution to trusted channels only\u003cbr\u003e"
            }
          ],
          "value": "Treat config strings as public; restrict distribution to trusted channels only"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
    "assignerShortName": "VULSec",
    "cveId": "CVE-2026-30791",
    "datePublished": "2026-03-05T14:47:56.960Z",
    "dateReserved": "2026-03-05T14:13:37.203Z",
    "dateUpdated": "2026-03-06T18:16:16.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3598 (GCVE-0-2026-3598)

Vulnerability from cvelistv5 – Published: 2026-03-05 14:14 – Updated: 2026-03-06 18:18
VLAI
Title
RustDesk Server Generates Config Strings Using Reversible Encoding (Base64 + Reverse) Instead of Encryption
Summary
Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routines Config export/generation routines. This issue affects RustDesk Server Pro: through 1.7.5.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://rustdesk.com/docs/en/client/ technical-descriptionx_--config documentation
https://docs.google.com/document/d/e/2PACX-1vSds6… third-party-advisoryexploit
https://www.vulsec.org/ vdb-entrythird-party-advisory
Impacted products
Vendor Product Version
rustdesk-server-pro RustDesk Server Pro Affected: 0 , ≤ 1.7.5 (custom)
Create a notification for this product.
Date Public
2026-03-05 13:45
Credits
Erez Kalman Erez Kalman
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3598",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-06T18:18:09.054262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-06T18:18:16.491Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/rustdesk/rustdesk-server-pro/releases",
          "defaultStatus": "affected",
          "modules": [
            "Config string generation",
            "web console export"
          ],
          "packageName": "rustdesk-server-pro",
          "platforms": [
            "Windows",
            "MacOS",
            "Linux"
          ],
          "product": "RustDesk Server Pro",
          "programRoutines": [
            {
              "name": "Config export/generation routines"
            }
          ],
          "vendor": "rustdesk-server-pro",
          "versions": [
            {
              "changes": [
                {
                  "at": "Server Pro",
                  "status": "affected"
                }
              ],
              "lessThanOrEqual": "1.7.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Default \u2014 any deployment using \"Encrypted Config\" strings\u003cbr\u003e"
            }
          ],
          "value": "Default \u2014 any deployment using \"Encrypted Config\" strings"
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:rustdesk-server-pro:rustdesk_server_pro:*:*:windows:*:*:*:*:*",
                  "versionEndIncluding": "1.7.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rustdesk-server-pro:rustdesk_server_pro:*:*:macos:*:*:*:*:*",
                  "versionEndIncluding": "1.7.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:rustdesk-server-pro:rustdesk_server_pro:*:*:linux:*:*:*:*:*",
                  "versionEndIncluding": "1.7.5",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Erez Kalman"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Erez Kalman"
        }
      ],
      "datePublic": "2026-03-05T13:45:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export modules) allows Retrieve Embedded Sensitive Data.\u003cp\u003e This vulnerability is associated with program routines \u003ctt\u003eConfig export/generation routines\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects RustDesk Server Pro: through 1.7.5.\u003c/p\u003e"
            }
          ],
          "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routines Config export/generation routines.\n\nThis issue affects RustDesk Server Pro: through 1.7.5."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "PoC available. Trivially exploitable.\u003cbr\u003e"
            }
          ],
          "value": "PoC available. Trivially exploitable."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-37",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-37 Retrieve Embedded Sensitive Data"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T16:34:14.352Z",
        "orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
        "shortName": "VULSec"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "x_--config documentation"
          ],
          "url": "https://rustdesk.com/docs/en/client/"
        },
        {
          "tags": [
            "third-party-advisory",
            "exploit"
          ],
          "url": "https://docs.google.com/document/d/e/2PACX-1vSds6jjpd38oO_yIAyd1HYtKNUuea-I-ozAPpGhYI7QgAU-QGJ7D8a4rOZVj1vmiUXV1EcdRHf9aZAW/pub"
        },
        {
          "tags": [
            "vdb-entry",
            "third-party-advisory"
          ],
          "url": "https://www.vulsec.org/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Implement AES-256-GCM AEAD or equivalent authenticated encryption\u003cbr\u003e"
            }
          ],
          "value": "Implement AES-256-GCM AEAD or equivalent authenticated encryption"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RustDesk Server Generates Config Strings Using Reversible Encoding (Base64 + Reverse) Instead of Encryption",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Treat config strings as public; restrict distribution to trusted channels only\u003cbr\u003e"
            }
          ],
          "value": "Treat config strings as public; restrict distribution to trusted channels only"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
    "assignerShortName": "VULSec",
    "cveId": "CVE-2026-3598",
    "datePublished": "2026-03-05T14:14:11.125Z",
    "dateReserved": "2026-03-05T13:26:50.447Z",
    "dateUpdated": "2026-03-06T18:18:16.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66384 (GCVE-0-2025-66384)

Vulnerability from cvelistv5 – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:23
VLAI
Summary
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-684 - Incorrect Provision of Specified Functionality
Assigner
Impacted products
Vendor Product Version
MISP MISP Affected: 0 , < 2.5.24 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66384",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-28T15:23:40.777415Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-28T15:23:46.656Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MISP",
          "vendor": "MISP",
          "versions": [
            {
              "lessThan": "2.5.24",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.5.24",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-684",
              "description": "CWE-684 Incorrect Provision of Specified Functionality",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-28T06:52:41.226Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/misp/misp/commit/6867f0d3157a1959154bdad9ddac009dec6a19f5"
        },
        {
          "url": "https://github.com/MISP/MISP/compare/v2.5.23...v2.5.24"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-66384",
    "datePublished": "2025-11-28T00:00:00.000Z",
    "dateReserved": "2025-11-28T00:00:00.000Z",
    "dateUpdated": "2025-11-28T15:23:46.656Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation

Ensure that your code strictly conforms to specifications.

No CAPEC attack patterns related to this CWE.