Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-40347 (GCVE-0-2026-40347)
Vulnerability from cvelistv5 – Published: 2026-04-17 23:56 – Updated: 2026-04-20 15:46
VLAI
EPSS
Title
Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data
Summary
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Kludex/python-multipart/securi… | x_refsource_CONFIRM |
| https://github.com/Kludex/python-multipart/releas… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Kludex | python-multipart |
Affected:
< 0.0.26
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T15:46:36.258461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T15:46:40.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python-multipart",
"vendor": "Kludex",
"versions": [
{
"status": "affected",
"version": "\u003c 0.0.26"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T23:56:50.777Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj"
},
{
"name": "https://github.com/Kludex/python-multipart/releases/tag/0.0.26",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Kludex/python-multipart/releases/tag/0.0.26"
}
],
"source": {
"advisory": "GHSA-mj87-hwqh-73pj",
"discovery": "UNKNOWN"
},
"title": "Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40347",
"datePublished": "2026-04-17T23:56:50.777Z",
"dateReserved": "2026-04-10T22:50:01.358Z",
"dateUpdated": "2026-04-20T15:46:40.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-40347",
"date": "2026-06-10",
"epss": "0.00022",
"percentile": "0.06285"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-40347\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-18T00:16:38.520\",\"lastModified\":\"2026-04-24T16:51:19.917\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-834\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fastapiexpert:python-multipart:*:*:*:*:*:python:*:*\",\"versionEndExcluding\":\"0.0.26\",\"matchCriteriaId\":\"74822284-E6D0-44D0-BED4-8D925B664EE0\"}]}]}],\"references\":[{\"url\":\"https://github.com/Kludex/python-multipart/releases/tag/0.0.26\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-40347\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-20T15:46:36.258461Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-20T15:46:27.078Z\"}}], \"cna\": {\"title\": \"Python-Multipart affected by Denial of Service via large multipart preamble or epilogue data\", \"source\": {\"advisory\": \"GHSA-mj87-hwqh-73pj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Kludex\", \"product\": \"python-multipart\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.0.26\"}]}], \"references\": [{\"url\": \"https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj\", \"name\": \"https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/Kludex/python-multipart/releases/tag/0.0.26\", \"name\": \"https://github.com/Kludex/python-multipart/releases/tag/0.0.26\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-834\", \"description\": \"CWE-834: Excessive Iteration\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-04-17T23:56:50.777Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-40347\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-20T15:46:40.011Z\", \"dateReserved\": \"2026-04-10T22:50:01.358Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-04-17T23:56:50.777Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-40347
Vulnerability from fkie_nvd - Published: 2026-04-18 00:16 - Updated: 2026-04-24 16:51
Severity
Summary
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fastapiexpert | python-multipart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fastapiexpert:python-multipart:*:*:*:*:*:python:*:*",
"matchCriteriaId": "74822284-E6D0-44D0-BED4-8D925B664EE0",
"versionEndExcluding": "0.0.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary."
}
],
"id": "CVE-2026-40347",
"lastModified": "2026-04-24T16:51:19.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-04-18T00:16:38.520",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/Kludex/python-multipart/releases/tag/0.0.26"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-834"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-MJ87-HWQH-73PJ
Vulnerability from github – Published: 2026-04-15 19:45 – Updated: 2026-04-24 20:51
VLAI
Summary
python-multipart affected by Denial of Service via large multipart preamble or epilogue data
Details
Summary
A denial of service vulnerability exists when parsing crafted multipart/form-data requests with large preamble or epilogue sections.
Details
Two inefficient multipart parsing paths could be abused with attacker-controlled input.
Before the first multipart boundary, the parser handled leading CR and LF bytes inefficiently while searching for the start of the first part. After the closing boundary, the parser continued processing trailing epilogue data instead of discarding it immediately. As a result, parsing time could grow with the size of crafted data placed before the first boundary or after the closing boundary.
Impact
An attacker can send oversized malformed multipart bodies that consume excessive CPU time during request parsing, reducing request-handling capacity and delaying legitimate requests. This issue degrades availability but does not typically result in a complete denial of service for the entire application.
Mitigation
Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.
Severity
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "python-multipart"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.26"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40347"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-834"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-15T19:45:44Z",
"nvd_published_at": "2026-04-18T00:16:38Z",
"severity": "MODERATE"
},
"details": "### Summary\n\nA denial of service vulnerability exists when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections.\n\n### Details\n\nTwo inefficient multipart parsing paths could be abused with attacker-controlled input.\n\nBefore the first multipart boundary, the parser handled leading CR and LF bytes inefficiently while searching for the start of the first part. After the closing boundary, the parser continued processing trailing epilogue data instead of discarding it immediately. As a result, parsing time could grow with the size of crafted data placed before the first boundary or after the closing boundary.\n\n### Impact\n\nAn attacker can send oversized malformed multipart bodies that consume excessive CPU time during request parsing, reducing request-handling capacity and delaying legitimate requests. This issue degrades availability but does not typically result in a complete denial of service for the entire application.\n\n### Mitigation\n\nUpgrade to version `0.0.26` or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.",
"id": "GHSA-mj87-hwqh-73pj",
"modified": "2026-04-24T20:51:11Z",
"published": "2026-04-15T19:45:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-mj87-hwqh-73pj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40347"
},
{
"type": "PACKAGE",
"url": "https://github.com/Kludex/python-multipart"
},
{
"type": "WEB",
"url": "https://github.com/Kludex/python-multipart/releases/tag/0.0.26"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "python-multipart affected by Denial of Service via large multipart preamble or epilogue data"
}
SUSE-SU-2026:21999-1
Vulnerability from csaf_suse - Published: 2026-05-29 14:26 - Updated: 2026-05-29 14:26Summary
Security update for python-python-multipart
Severity
Important
Notes
Title of the patch: Security update for python-python-multipart
Description of the patch: This update for python-python-multipart fixes the following issues
- CVE-2026-40347: crafted `multipart/form-data` can cause a denial of service (bsc#1262403).
- CVE-2026-42561: denial of service vulnerability in multipart part header parsing (bsc#1265250).
Patchnames: SUSE-SLES-16.0-827
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-python-multipart",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-python-multipart fixes the following issues\n\n- CVE-2026-40347: crafted `multipart/form-data` can cause a denial of service (bsc#1262403).\n- CVE-2026-42561: denial of service vulnerability in multipart part header parsing (bsc#1265250).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-827",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21999-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21999-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621999-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21999-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047177.html"
},
{
"category": "self",
"summary": "SUSE Bug 1262403",
"url": "https://bugzilla.suse.com/1262403"
},
{
"category": "self",
"summary": "SUSE Bug 1265250",
"url": "https://bugzilla.suse.com/1265250"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-40347 page",
"url": "https://www.suse.com/security/cve/CVE-2026-40347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42561 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42561/"
}
],
"title": "Security update for python-python-multipart",
"tracking": {
"current_release_date": "2026-05-29T14:26:56Z",
"generator": {
"date": "2026-05-29T14:26:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21999-1",
"initial_release_date": "2026-05-29T14:26:56Z",
"revision_history": [
{
"date": "2026-05-29T14:26:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-python-multipart-0.0.20-160000.4.1.noarch",
"product": {
"name": "python313-python-multipart-0.0.20-160000.4.1.noarch",
"product_id": "python313-python-multipart-0.0.20-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-python-multipart-0.0.20-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch"
},
"product_reference": "python313-python-multipart-0.0.20-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-python-multipart-0.0.20-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch"
},
"product_reference": "python313-python-multipart-0.0.20-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-40347"
}
],
"notes": [
{
"category": "general",
"text": "Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the next boundary candidate when processing leading CR/LF data and immediately discards epilogue data after the closing boundary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-40347",
"url": "https://www.suse.com/security/cve/CVE-2026-40347"
},
{
"category": "external",
"summary": "SUSE Bug 1262403 for CVE-2026-40347",
"url": "https://bugzilla.suse.com/1262403"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T14:26:56Z",
"details": "moderate"
}
],
"title": "CVE-2026-40347"
},
{
"cve": "CVE-2026-42561",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42561"
}
],
"notes": [
{
"category": "general",
"text": "Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the size of an individual part header. An attacker could send a request with either many repeated headers without terminating the header block or a single very large header value, causing excessive CPU work before request rejection or completion. This vulnerability is fixed in 0.0.27.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42561",
"url": "https://www.suse.com/security/cve/CVE-2026-42561"
},
{
"category": "external",
"summary": "SUSE Bug 1265250 for CVE-2026-42561",
"url": "https://bugzilla.suse.com/1265250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-python-multipart-0.0.20-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-29T14:26:56Z",
"details": "important"
}
],
"title": "CVE-2026-42561"
}
]
}
WID-SEC-W-2026-1407
Vulnerability from csaf_certbund - Published: 2026-05-06 22:00 - Updated: 2026-06-02 22:00Summary
IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise Certified Container ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise 12.0.1.0-12.0.12.25
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25
|
12.0.1.0-12.0.12.25 | |
|
IBM App Connect Enterprise 13.0.1.0-13.0.7.1
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1
|
13.0.1.0-13.0.7.1 | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM Sterling Connect:Direct Web Services
IBM / Sterling Connect:Direct
|
cpe:/a:ibm:sterling_connect%3adirect:web_services
|
Web Services | |
|
IBM App Connect Enterprise Certified Container Operator <12.0.23
IBM / App Connect Enterprise
|
Certified Container Operator <12.0.23 | ||
|
IBM Maximo Asset Management
IBM
|
cpe:/a:ibm:maximo_asset_management:-
|
— | |
|
IBM App Connect Enterprise Certified Container Operator <13.1.0
IBM / App Connect Enterprise
|
Certified Container Operator <13.1.0 | ||
|
Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6
|
9 Multicluster Engine for Kubernetes 2.8.6 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
12 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise Certified Container ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1407 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1407.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1407 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1407"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271907 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271907"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271908 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271908"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271910 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271910"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-85B819B928 vom 2026-05-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-85b819b928"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17123 vom 2026-05-13",
"url": "https://access.redhat.com/errata/RHSA-2026:17123"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:17449 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:17449"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273772 vom 2026-05-22",
"url": "https://www.ibm.com/support/pages/node/7273772"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274001 vom 2026-05-25",
"url": "https://www.ibm.com/support/pages/node/7274001"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274746 vom 2026-06-01",
"url": "https://www.ibm.com/support/pages/node/7274746"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274847 vom 2026-06-02",
"url": "https://www.ibm.com/support/pages/node/7274847"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise Certified Container: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-02T22:00:00.000+00:00",
"generator": {
"date": "2026-06-03T06:13:14.088+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1407",
"initial_release_date": "2026-05-06T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-21T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c13.1.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c13.1.0",
"product_id": "T053656"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 13.1.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 13.1.0",
"product_id": "T053656-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__13.1.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container Operator \u003c12.0.23",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator \u003c12.0.23",
"product_id": "T053657"
}
},
{
"category": "product_version",
"name": "Certified Container Operator 12.0.23",
"product": {
"name": "IBM App Connect Enterprise Certified Container Operator 12.0.23",
"product_id": "T053657-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container_operator__12.0.23"
}
}
},
{
"category": "product_version",
"name": "13.0.1.0-13.0.7.1",
"product": {
"name": "IBM App Connect Enterprise 13.0.1.0-13.0.7.1",
"product_id": "T054485",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.1.0_-_13.0.7.1"
}
}
},
{
"category": "product_version",
"name": "12.0.1.0-12.0.12.25",
"product": {
"name": "IBM App Connect Enterprise 12.0.1.0-12.0.12.25",
"product_id": "T054486",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.1.0_-_12.0.12.25"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM Maximo Asset Management",
"product": {
"name": "IBM Maximo Asset Management",
"product_id": "T054635",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:-"
}
}
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Web Services",
"product": {
"name": "IBM Sterling Connect:Direct Web Services",
"product_id": "T054967",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:sterling_connect%3adirect:web_services"
}
}
}
],
"category": "product_name",
"name": "Sterling Connect:Direct"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9 Multicluster Engine for Kubernetes 2.8.6",
"product": {
"name": "Red Hat Enterprise Linux 9 Multicluster Engine for Kubernetes 2.8.6",
"product_id": "T054027",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9_multicluster_engine_for_kubernetes_2.8.6"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26013",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-26013"
},
{
"cve": "CVE-2026-27142",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-27142"
},
{
"cve": "CVE-2026-28277",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-28277"
},
{
"cve": "CVE-2026-28684",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-28684"
},
{
"cve": "CVE-2026-32288",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-32288"
},
{
"cve": "CVE-2026-33151",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33151"
},
{
"cve": "CVE-2026-33349",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33349"
},
{
"cve": "CVE-2026-33532",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33532"
},
{
"cve": "CVE-2026-33891",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33891"
},
{
"cve": "CVE-2026-33894",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33894"
},
{
"cve": "CVE-2026-33895",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33895"
},
{
"cve": "CVE-2026-33896",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33896"
},
{
"cve": "CVE-2026-33916",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-33916"
},
{
"cve": "CVE-2026-34601",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-34601"
},
{
"cve": "CVE-2026-35469",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-35469"
},
{
"cve": "CVE-2026-39406",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39406"
},
{
"cve": "CVE-2026-39407",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39407"
},
{
"cve": "CVE-2026-39408",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39408"
},
{
"cve": "CVE-2026-39409",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39409"
},
{
"cve": "CVE-2026-39410",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39410"
},
{
"cve": "CVE-2026-39983",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-39983"
},
{
"cve": "CVE-2026-40175",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-40175"
},
{
"cve": "CVE-2026-40347",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-40347"
},
{
"cve": "CVE-2026-40895",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-40895"
},
{
"cve": "CVE-2026-41238",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-41238"
},
{
"cve": "CVE-2026-41239",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-41239"
},
{
"cve": "CVE-2026-41240",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-41240"
},
{
"cve": "CVE-2026-4923",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-4923"
},
{
"cve": "CVE-2026-4926",
"product_status": {
"known_affected": [
"T054486",
"T054485",
"67646",
"T021415",
"T054967",
"T053657",
"T054635",
"T053656",
"T054027",
"74185"
]
},
"release_date": "2026-05-06T22:00:00.000+00:00",
"title": "CVE-2026-4926"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…