Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32952 (GCVE-0-2026-32952)
Vulnerability from cvelistv5 – Published: 2026-04-24 01:46 – Updated: 2026-04-24 16:29- CWE-190 - Integer Overflow or Wraparound
| URL | Tags |
|---|---|
| https://github.com/Azure/go-ntlmssp/security/advi… | x_refsource_CONFIRM |
| https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Azure | go-ntlmssp |
Affected:
< 0.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-32952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T16:29:17.449582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T16:29:28.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "go-ntlmssp",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T01:46:31.573Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj"
},
{
"name": "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1"
}
],
"source": {
"advisory": "GHSA-pjcq-xvwq-hhpj",
"discovery": "UNKNOWN"
},
"title": "go-ntlmssp NTLM challenges can panic on malformed payloads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-32952",
"datePublished": "2026-04-24T01:46:31.573Z",
"dateReserved": "2026-03-17T00:05:53.285Z",
"dateUpdated": "2026-04-24T16:29:28.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32952",
"date": "2026-07-14",
"epss": "0.01027",
"percentile": "0.59601"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32952\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-24T03:16:07.833\",\"lastModified\":\"2026-06-17T10:36:37.590\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"Azure\",\"product\":\"go-ntlmssp\",\"versions\":[{\"version\":\"\u003c 0.1.1\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-24T16:29:17.449582Z\",\"id\":\"CVE-2026-32952\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:go-ntlmssp:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.1.1\",\"matchCriteriaId\":\"DD9C4411-621B-4714-A17D-76CF7D65BF49\"}]}]}],\"references\":[{\"url\":\"https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-02T15:23:55+00:00",
"cve": "CVE-2026-32952",
"id": "CVE-2026-32952",
"initial_release_date": "2026-04-24T01:46:31.573000+00:00",
"product_status:known_not_affected": "15",
"product_status:under_investigation": "122",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32952.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32952\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-24T16:29:17.449582Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-24T16:29:24.621Z\"}}], \"cna\": {\"title\": \"go-ntlmssp NTLM challenges can panic on malformed payloads\", \"source\": {\"advisory\": \"GHSA-pjcq-xvwq-hhpj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Azure\", \"product\": \"go-ntlmssp\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.1.1\"}]}], \"references\": [{\"url\": \"https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj\", \"name\": \"https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1\", \"name\": \"https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-24T01:46:31.573Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32952\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-24T16:29:28.264Z\", \"dateReserved\": \"2026-03-17T00:05:53.285Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-24T01:46:31.573Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-yp16651
Vulnerability from cleanstart
Multiple security vulnerabilities affect the rclone package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "rclone"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.73.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the rclone package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-YP16651",
"modified": "2026-05-12T18:03:17Z",
"published": "2026-05-18T13:23:52.532633Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YP16651.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22868"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22869"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22872"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47911"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47913"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-29181"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh2q-q3fh-2475"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mqgf-5vvp-8fh8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pjcq-xvwq-hhpj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xmrv-pmrh-hhx2"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22872"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29181"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-22868, CVE-2025-22869, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2025-68121, CVE-2026-1229, CVE-2026-29181, CVE-2026-32280, CVE-2026-32952, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475, ghsa-mqgf-5vvp-8fh8, ghsa-pjcq-xvwq-hhpj, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.69.0-r0, 1.69.0-r1, 1.69.0-r2, 1.72.1-r1, 1.73.1-r0",
"upstream": [
"CVE-2025-22868",
"CVE-2025-22869",
"CVE-2025-22872",
"CVE-2025-47911",
"CVE-2025-47913",
"CVE-2025-47914",
"CVE-2025-58181",
"CVE-2025-58190",
"CVE-2025-68121",
"CVE-2026-1229",
"CVE-2026-29181",
"CVE-2026-32280",
"CVE-2026-32952",
"CVE-2026-33186",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-39817",
"CVE-2026-39819",
"CVE-2026-39820",
"CVE-2026-39823",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39836",
"CVE-2026-42499",
"CVE-2026-42501",
"ghsa-mh2q-q3fh-2475",
"ghsa-mqgf-5vvp-8fh8",
"ghsa-pjcq-xvwq-hhpj",
"ghsa-xmrv-pmrh-hhx2"
]
}
cleanstart-2026-yq25288
Vulnerability from cleanstart
Multiple security vulnerabilities affect the kyverno package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kyverno"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.2-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kyverno package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-YQ25288",
"modified": "2026-05-04T13:59:13Z",
"published": "2026-05-18T13:45:44.160031Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YQ25288.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39984"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39984"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-32952, CVE-2026-39984 applied in versions: 1.15.2-r0, 1.16.0-r0, 1.17.2-r0",
"upstream": [
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"CVE-2025-61729",
"CVE-2026-32952",
"CVE-2026-39984"
]
}
cleanstart-2026-yz90223
Vulnerability from cleanstart
Multiple security vulnerabilities affect the gitlab-runner package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "gitlab-runner"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.11.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the gitlab-runner package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-YZ90223",
"modified": "2026-05-02T08:19:23Z",
"published": "2026-05-18T13:53:28.134186Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YZ90223.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27141"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34040"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34165"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34986"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35469"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39883"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3xc5-wrhm-f963"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6g7g-w4f8-9c9x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-78h2-9frx-2jm8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gm2x-2g9h-ccm8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jhf3-xxhw-2wpp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pc3f-x583-g7j2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pjcq-xvwq-hhpj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xmrv-pmrh-hhx2"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34165"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35469"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-27141, CVE-2026-32285, CVE-2026-32952, CVE-2026-33186, CVE-2026-33762, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-35469, CVE-2026-39883, ghsa-3xc5-wrhm-f963, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-jhf3-xxhw-2wpp, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2, ghsa-pjcq-xvwq-hhpj, ghsa-xmrv-pmrh-hhx2 applied in versions: 18.11.1-r0",
"upstream": [
"CVE-2026-27141",
"CVE-2026-32285",
"CVE-2026-32952",
"CVE-2026-33186",
"CVE-2026-33762",
"CVE-2026-34040",
"CVE-2026-34165",
"CVE-2026-34986",
"CVE-2026-35469",
"CVE-2026-39883",
"ghsa-3xc5-wrhm-f963",
"ghsa-6g7g-w4f8-9c9x",
"ghsa-78h2-9frx-2jm8",
"ghsa-gm2x-2g9h-ccm8",
"ghsa-hfvc-g4fc-pqhx",
"ghsa-jhf3-xxhw-2wpp",
"ghsa-p77j-4mvh-x3m3",
"ghsa-pc3f-x583-g7j2",
"ghsa-pjcq-xvwq-hhpj",
"ghsa-xmrv-pmrh-hhx2"
]
}
cleanstart-2026-zf00349
Vulnerability from cleanstart
Multiple security vulnerabilities affect the vault package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "vault"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.21.4-r5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the vault package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ZF00349",
"modified": "2026-06-02T09:26:52Z",
"published": "2026-07-13T08:01:51.413180Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ZF00349.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25680"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25681"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27136"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32288"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33816"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34040"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34986"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39821"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39827"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39828"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39829"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39830"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39831"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39832"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39833"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39835"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39883"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41889"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42502"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42506"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42508"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-44503"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-46595"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-46597"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-46598"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7j59-v9qr-6fq9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j88v-2chj-qfwx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pjcq-xvwq-hhpj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wf45-q9ch-q8gh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xmrv-pmrh-hhx2"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25680"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25681"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27136"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33816"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39827"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39831"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39832"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39833"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41889"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42502"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42506"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44503"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46595"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46597"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46598"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34040, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-41602, CVE-2026-41889, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-44503, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-7j59-v9qr-6fq9, ghsa-j88v-2chj-qfwx, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-wf45-q9ch-q8gh, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.21.4-r0, 1.21.4-r1, 1.21.4-r2, 1.21.4-r3, 1.21.4-r4, 1.21.4-r5",
"upstream": [
"CVE-2026-25680",
"CVE-2026-25681",
"CVE-2026-27136",
"CVE-2026-32280",
"CVE-2026-32281",
"CVE-2026-32282",
"CVE-2026-32283",
"CVE-2026-32288",
"CVE-2026-32289",
"CVE-2026-32952",
"CVE-2026-33186",
"CVE-2026-33810",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-33816",
"CVE-2026-34040",
"CVE-2026-34986",
"CVE-2026-39817",
"CVE-2026-39819",
"CVE-2026-39820",
"CVE-2026-39821",
"CVE-2026-39823",
"CVE-2026-39824",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39827",
"CVE-2026-39828",
"CVE-2026-39829",
"CVE-2026-39830",
"CVE-2026-39831",
"CVE-2026-39832",
"CVE-2026-39833",
"CVE-2026-39834",
"CVE-2026-39835",
"CVE-2026-39836",
"CVE-2026-39883",
"CVE-2026-41602",
"CVE-2026-41889",
"CVE-2026-42499",
"CVE-2026-42501",
"CVE-2026-42502",
"CVE-2026-42506",
"CVE-2026-42508",
"CVE-2026-44503",
"CVE-2026-46595",
"CVE-2026-46597",
"CVE-2026-46598",
"ghsa-7j59-v9qr-6fq9",
"ghsa-j88v-2chj-qfwx",
"ghsa-p77j-4mvh-x3m3",
"ghsa-pjcq-xvwq-hhpj",
"ghsa-wf45-q9ch-q8gh",
"ghsa-xmrv-pmrh-hhx2"
]
}
cleanstart-2026-zu61086
Vulnerability from cleanstart
Multiple security vulnerabilities affect the external-secrets-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "external-secrets-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the external-secrets-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ZU61086",
"modified": "2026-05-06T14:35:30Z",
"published": "2026-05-18T13:37:09.923477Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ZU61086.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32952"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh2q-q3fh-2475"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pjcq-xvwq-hhpj"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32952"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-32952, ghsa-mh2q-q3fh-2475, ghsa-pjcq-xvwq-hhpj applied in versions: 2.4.1-r0",
"upstream": [
"CVE-2026-32952",
"ghsa-mh2q-q3fh-2475",
"ghsa-pjcq-xvwq-hhpj"
]
}
FKIE_CVE-2026-32952
Vulnerability from fkie_nvd - Published: 2026-04-24 03:16 - Updated: 2026-06-17 10:367.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | go-ntlmssp | * |
{
"affected": [
{
"affectedData": [
{
"product": "go-ntlmssp",
"vendor": "Azure",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.1"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:go-ntlmssp:*:*:*:*:*:go:*:*",
"matchCriteriaId": "DD9C4411-621B-4714-A17D-76CF7D65BF49",
"versionEndExcluding": "0.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue."
}
],
"id": "CVE-2026-32952",
"lastModified": "2026-06-17T10:36:37.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-32952",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T16:29:17.449582Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-04-24T03:16:07.833",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-PJCQ-XVWQ-HHPJ
Vulnerability from github – Published: 2026-04-23 21:21 – Updated: 2026-04-27 16:35go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/Azure/go-ntlmssp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32952"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-23T21:21:58Z",
"nvd_published_at": "2026-04-24T03:16:07Z",
"severity": "MODERATE"
},
"details": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.",
"id": "GHSA-pjcq-xvwq-hhpj",
"modified": "2026-04-27T16:35:38Z",
"published": "2026-04-23T21:21:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32952"
},
{
"type": "PACKAGE",
"url": "https://github.com/Azure/go-ntlmssp"
},
{
"type": "WEB",
"url": "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "go-ntlmssp NTLM challenges can panic on malformed payloads"
}
OPENSUSE-SU-2026:10672-1
Vulnerability from csaf_opensuse - Published: 2026-05-04 00:00 - Updated: 2026-05-04 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cmctl-2.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-2.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-2.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-2.5.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cmctl-2.5.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cmctl-2.5.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10672",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10672-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-32952 page",
"url": "https://www.suse.com/security/cve/CVE-2026-32952/"
}
],
"title": "cmctl-2.5.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-04T00:00:00Z",
"generator": {
"date": "2026-05-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10672-1",
"initial_release_date": "2026-05-04T00:00:00Z",
"revision_history": [
{
"date": "2026-05-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cmctl-2.5.0-1.1.aarch64",
"product": {
"name": "cmctl-2.5.0-1.1.aarch64",
"product_id": "cmctl-2.5.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cmctl-bash-completion-2.5.0-1.1.aarch64",
"product": {
"name": "cmctl-bash-completion-2.5.0-1.1.aarch64",
"product_id": "cmctl-bash-completion-2.5.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cmctl-fish-completion-2.5.0-1.1.aarch64",
"product": {
"name": "cmctl-fish-completion-2.5.0-1.1.aarch64",
"product_id": "cmctl-fish-completion-2.5.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cmctl-zsh-completion-2.5.0-1.1.aarch64",
"product": {
"name": "cmctl-zsh-completion-2.5.0-1.1.aarch64",
"product_id": "cmctl-zsh-completion-2.5.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cmctl-2.5.0-1.1.ppc64le",
"product": {
"name": "cmctl-2.5.0-1.1.ppc64le",
"product_id": "cmctl-2.5.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cmctl-bash-completion-2.5.0-1.1.ppc64le",
"product": {
"name": "cmctl-bash-completion-2.5.0-1.1.ppc64le",
"product_id": "cmctl-bash-completion-2.5.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cmctl-fish-completion-2.5.0-1.1.ppc64le",
"product": {
"name": "cmctl-fish-completion-2.5.0-1.1.ppc64le",
"product_id": "cmctl-fish-completion-2.5.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cmctl-zsh-completion-2.5.0-1.1.ppc64le",
"product": {
"name": "cmctl-zsh-completion-2.5.0-1.1.ppc64le",
"product_id": "cmctl-zsh-completion-2.5.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cmctl-2.5.0-1.1.s390x",
"product": {
"name": "cmctl-2.5.0-1.1.s390x",
"product_id": "cmctl-2.5.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cmctl-bash-completion-2.5.0-1.1.s390x",
"product": {
"name": "cmctl-bash-completion-2.5.0-1.1.s390x",
"product_id": "cmctl-bash-completion-2.5.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cmctl-fish-completion-2.5.0-1.1.s390x",
"product": {
"name": "cmctl-fish-completion-2.5.0-1.1.s390x",
"product_id": "cmctl-fish-completion-2.5.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cmctl-zsh-completion-2.5.0-1.1.s390x",
"product": {
"name": "cmctl-zsh-completion-2.5.0-1.1.s390x",
"product_id": "cmctl-zsh-completion-2.5.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cmctl-2.5.0-1.1.x86_64",
"product": {
"name": "cmctl-2.5.0-1.1.x86_64",
"product_id": "cmctl-2.5.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cmctl-bash-completion-2.5.0-1.1.x86_64",
"product": {
"name": "cmctl-bash-completion-2.5.0-1.1.x86_64",
"product_id": "cmctl-bash-completion-2.5.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cmctl-fish-completion-2.5.0-1.1.x86_64",
"product": {
"name": "cmctl-fish-completion-2.5.0-1.1.x86_64",
"product_id": "cmctl-fish-completion-2.5.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cmctl-zsh-completion-2.5.0-1.1.x86_64",
"product": {
"name": "cmctl-zsh-completion-2.5.0-1.1.x86_64",
"product_id": "cmctl-zsh-completion-2.5.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-2.5.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-2.5.0-1.1.aarch64"
},
"product_reference": "cmctl-2.5.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-2.5.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-2.5.0-1.1.ppc64le"
},
"product_reference": "cmctl-2.5.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-2.5.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-2.5.0-1.1.s390x"
},
"product_reference": "cmctl-2.5.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-2.5.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-2.5.0-1.1.x86_64"
},
"product_reference": "cmctl-2.5.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-bash-completion-2.5.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.aarch64"
},
"product_reference": "cmctl-bash-completion-2.5.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-bash-completion-2.5.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.ppc64le"
},
"product_reference": "cmctl-bash-completion-2.5.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-bash-completion-2.5.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.s390x"
},
"product_reference": "cmctl-bash-completion-2.5.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-bash-completion-2.5.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.x86_64"
},
"product_reference": "cmctl-bash-completion-2.5.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-fish-completion-2.5.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.aarch64"
},
"product_reference": "cmctl-fish-completion-2.5.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-fish-completion-2.5.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.ppc64le"
},
"product_reference": "cmctl-fish-completion-2.5.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-fish-completion-2.5.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.s390x"
},
"product_reference": "cmctl-fish-completion-2.5.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-fish-completion-2.5.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.x86_64"
},
"product_reference": "cmctl-fish-completion-2.5.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-zsh-completion-2.5.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.aarch64"
},
"product_reference": "cmctl-zsh-completion-2.5.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-zsh-completion-2.5.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.ppc64le"
},
"product_reference": "cmctl-zsh-completion-2.5.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-zsh-completion-2.5.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.s390x"
},
"product_reference": "cmctl-zsh-completion-2.5.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cmctl-zsh-completion-2.5.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.x86_64"
},
"product_reference": "cmctl-zsh-completion-2.5.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-32952"
}
],
"notes": [
{
"category": "general",
"text": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cmctl-2.5.0-1.1.aarch64",
"openSUSE Tumbleweed:cmctl-2.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:cmctl-2.5.0-1.1.s390x",
"openSUSE Tumbleweed:cmctl-2.5.0-1.1.x86_64",
"openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.aarch64",
"openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.s390x",
"openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.x86_64",
"openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.aarch64",
"openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.s390x",
"openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.x86_64",
"openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.aarch64",
"openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.s390x",
"openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-32952",
"url": "https://www.suse.com/security/cve/CVE-2026-32952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cmctl-2.5.0-1.1.aarch64",
"openSUSE Tumbleweed:cmctl-2.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:cmctl-2.5.0-1.1.s390x",
"openSUSE Tumbleweed:cmctl-2.5.0-1.1.x86_64",
"openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.aarch64",
"openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.s390x",
"openSUSE Tumbleweed:cmctl-bash-completion-2.5.0-1.1.x86_64",
"openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.aarch64",
"openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.s390x",
"openSUSE Tumbleweed:cmctl-fish-completion-2.5.0-1.1.x86_64",
"openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.aarch64",
"openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.s390x",
"openSUSE Tumbleweed:cmctl-zsh-completion-2.5.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-32952"
}
]
}
OPENSUSE-SU-2026:10682-1
Vulnerability from csaf_opensuse - Published: 2026-05-04 00:00 - Updated: 2026-05-04 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-1.74.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.x86_64 | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2026-32952/ | self |
| https://www.suse.com/security/cve/CVE-2026-33813/ | self |
| https://www.suse.com/security/cve/CVE-2026-32952 | external |
| https://www.suse.com/security/cve/CVE-2026-33813 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rclone-1.74.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rclone-1.74.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10682",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10682-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-32952 page",
"url": "https://www.suse.com/security/cve/CVE-2026-32952/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33813 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33813/"
}
],
"title": "rclone-1.74.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-04T00:00:00Z",
"generator": {
"date": "2026-05-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10682-1",
"initial_release_date": "2026-05-04T00:00:00Z",
"revision_history": [
{
"date": "2026-05-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.0-1.1.aarch64",
"product": {
"name": "rclone-1.74.0-1.1.aarch64",
"product_id": "rclone-1.74.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.0-1.1.aarch64",
"product": {
"name": "rclone-bash-completion-1.74.0-1.1.aarch64",
"product_id": "rclone-bash-completion-1.74.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.0-1.1.aarch64",
"product": {
"name": "rclone-zsh-completion-1.74.0-1.1.aarch64",
"product_id": "rclone-zsh-completion-1.74.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.0-1.1.ppc64le",
"product": {
"name": "rclone-1.74.0-1.1.ppc64le",
"product_id": "rclone-1.74.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.0-1.1.ppc64le",
"product": {
"name": "rclone-bash-completion-1.74.0-1.1.ppc64le",
"product_id": "rclone-bash-completion-1.74.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.0-1.1.ppc64le",
"product": {
"name": "rclone-zsh-completion-1.74.0-1.1.ppc64le",
"product_id": "rclone-zsh-completion-1.74.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.0-1.1.s390x",
"product": {
"name": "rclone-1.74.0-1.1.s390x",
"product_id": "rclone-1.74.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.0-1.1.s390x",
"product": {
"name": "rclone-bash-completion-1.74.0-1.1.s390x",
"product_id": "rclone-bash-completion-1.74.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.0-1.1.s390x",
"product": {
"name": "rclone-zsh-completion-1.74.0-1.1.s390x",
"product_id": "rclone-zsh-completion-1.74.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rclone-1.74.0-1.1.x86_64",
"product": {
"name": "rclone-1.74.0-1.1.x86_64",
"product_id": "rclone-1.74.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-bash-completion-1.74.0-1.1.x86_64",
"product": {
"name": "rclone-bash-completion-1.74.0-1.1.x86_64",
"product_id": "rclone-bash-completion-1.74.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rclone-zsh-completion-1.74.0-1.1.x86_64",
"product": {
"name": "rclone-zsh-completion-1.74.0-1.1.x86_64",
"product_id": "rclone-zsh-completion-1.74.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.0-1.1.aarch64"
},
"product_reference": "rclone-1.74.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.0-1.1.ppc64le"
},
"product_reference": "rclone-1.74.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.0-1.1.s390x"
},
"product_reference": "rclone-1.74.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-1.74.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-1.74.0-1.1.x86_64"
},
"product_reference": "rclone-1.74.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.aarch64"
},
"product_reference": "rclone-bash-completion-1.74.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.ppc64le"
},
"product_reference": "rclone-bash-completion-1.74.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.s390x"
},
"product_reference": "rclone-bash-completion-1.74.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-bash-completion-1.74.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.x86_64"
},
"product_reference": "rclone-bash-completion-1.74.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.aarch64"
},
"product_reference": "rclone-zsh-completion-1.74.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.ppc64le"
},
"product_reference": "rclone-zsh-completion-1.74.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.s390x"
},
"product_reference": "rclone-zsh-completion-1.74.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rclone-zsh-completion-1.74.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.x86_64"
},
"product_reference": "rclone-zsh-completion-1.74.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32952",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-32952"
}
],
"notes": [
{
"category": "general",
"text": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-32952",
"url": "https://www.suse.com/security/cve/CVE-2026-32952"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-32952"
},
{
"cve": "CVE-2026-33813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33813"
}
],
"notes": [
{
"category": "general",
"text": "Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rclone-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33813",
"url": "https://www.suse.com/security/cve/CVE-2026-33813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rclone-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-1.74.0-1.1.x86_64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-bash-completion-1.74.0-1.1.x86_64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.aarch64",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.ppc64le",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.s390x",
"openSUSE Tumbleweed:rclone-zsh-completion-1.74.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33813"
}
]
}
ubuntu-cve-2026-32952
Vulnerability from osv_ubuntu
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue.
| URL | Type | |
|---|---|---|
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-azure-go-ntlmssp-dev",
"binary_version": "0.0~git20170206.0.29affce-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "golang-github-azure-go-ntlmssp",
"purl": "pkg:deb/ubuntu/golang-github-azure-go-ntlmssp@0.0~git20170206.0.29affce-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0~git20170206.0.29affce-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-azure-go-ntlmssp-dev",
"binary_version": "0.0~git20170206.0.29affce-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "golang-github-azure-go-ntlmssp",
"purl": "pkg:deb/ubuntu/golang-github-azure-go-ntlmssp@0.0~git20170206.0.29affce-1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0~git20170206.0.29affce-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-azure-go-ntlmssp-dev",
"binary_version": "0.0~git20200615.6637195-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "golang-github-azure-go-ntlmssp",
"purl": "pkg:deb/ubuntu/golang-github-azure-go-ntlmssp@0.0~git20200615.6637195-1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0~git20200615.6637195-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-azure-go-ntlmssp-dev",
"binary_version": "0.0~git20220621.cb9428e-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "golang-github-azure-go-ntlmssp",
"purl": "pkg:deb/ubuntu/golang-github-azure-go-ntlmssp@0.0~git20220621.cb9428e-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0~git20220621.cb9428e-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-azure-go-ntlmssp-dev",
"binary_version": "0.0~git20220621.cb9428e-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "golang-github-azure-go-ntlmssp",
"purl": "pkg:deb/ubuntu/golang-github-azure-go-ntlmssp@0.0~git20220621.cb9428e-1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0~git20220621.cb9428e-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "golang-github-azure-go-ntlmssp-dev",
"binary_version": "0.0~git20220621.cb9428e-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "golang-github-azure-go-ntlmssp",
"purl": "pkg:deb/ubuntu/golang-github-azure-go-ntlmssp@0.0~git20220621.cb9428e-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0~git20220621.cb9428e-1"
]
}
],
"aliases": [],
"details": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.",
"id": "UBUNTU-CVE-2026-32952",
"modified": "2026-05-25T09:18:21Z",
"published": "2026-04-24T03:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-32952"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32952"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-32952"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.