OpenClaw versions 2026
Description
OpenClaw versions 2026
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
OpenClaw versions 2026
OpenClaw versions 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw before 2026
OpenClaw before 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
OpenClaw before 2026
OpenClaw before 2026
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, an...
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
manage
manage
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2
The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to, and including, 2
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag...
In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination
---METADATA---
VENDOR: Linux
PRODUCT: Kernel
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A metadata integrity issue in the Linux kernel's skbuff handling allows unprivileged users to bypass copy-on-write protections.
Executive Summary:
A critical Linux kernel flaw in frag-transfer helpers can lead to unauthorized data modification by failing to propagate shared-frag markers.
Vulnerability Details
CVE-ID: CVE-2026-43503
Affected Software: Linux Kernel
Affected Versions: See vendor advisory for affected versions
Vulnerability: Helpers __pskb_copy_fclone() and skb_shift() fail to propagate the SKBFL_SHARED_FRAG bit, leading the kernel to incorrectly treat shared pages as private.
Business Impact
This vulnerability allows an unprivileged user to potentially write into the page cache of a root-owned read-only file, posing a severe risk to system security and data integrity. The CVSS score of 8.8 underscores the gravity of this privilege-related flaw.
Remediation Plan
Immediate Action: Apply the official kernel patch that propagates the shared-frag marker and folds the frag_skb flag.
Proactive Monitoring: Monitor for unusual modifications to system files or unexpected behavior in memory management processes.
Compensating Controls: Implement strict kernel hardening and system call filtering where possible to limit the impact of potential privilege escalation attempts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 31, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The ability to bypass copy-on-write protections represents a major security risk. Organizations must prioritize applying kernel security updates to ensure the integrity of memory management and prevent unauthorized file modification.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy se...
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket
---METADATA---
VENDOR: Linux
PRODUCT: kernel
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A race condition in the Linux kernel's RDS implementation regarding zerocopy send cleanup can lead to memory corruption.
Executive Summary:
A race condition in the Linux kernel RDS subsystem could allow for memory corruption if a zerocopy send fails during message queuing.
Vulnerability Details
CVE-ID: CVE-2026-43502
Affected Software: Linux kernel
Affected Versions: See vendor advisory
Vulnerability: The vulnerability involves the handling of zerocopy cleanup when a send operation fails before the message is successfully attached to the socket, leading to potential use-after-free or double-free scenarios.
Business Impact
The CVSS score of 7.8 (High) highlights the risk to system availability and integrity. Race conditions are often difficult to debug and can lead to unpredictable kernel state, potentially resulting in system crashes or arbitrary code execution.
Remediation Plan
Immediate Action: Update the Linux kernel to the latest version to ensure the proper cleanup sequence is enforced for zerocopy operations.
Proactive Monitoring: Monitor system logs for kernel panics or memory allocation/deallocation errors.
Compensating Controls: Limit access to RDS functionality and ensure that security updates are applied to the kernel as they become available.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Race conditions in the networking stack are serious threats to system security. Organizations should prioritize updating to a patched kernel to eliminate this vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-...
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2
---METADATA---
VENDOR: Perfmatters
PRODUCT: Perfmatters
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal.
Executive Summary:
A critical path traversal vulnerability in the Perfmatters plugin could allow an attacker to delete arbitrary files on the WordPress server.
Vulnerability Details
CVE-ID: CVE-2026-4350
Affected Software: Perfmatters Perfmatters
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Perfmatters plugin for WordPress in all versions up to 2. The flaw allows an attacker to perform arbitrary file deletion via path traversal, which could lead to a complete site outage or the removal of critical configuration files.
Business Impact
The ability to delete arbitrary files on a server is a catastrophic security failure, often leading to total service disruption. With a CVSS score of 8.1, this vulnerability represents a severe risk to site availability and integrity.
Remediation Plan
Immediate Action: Update the Perfmatters plugin to the latest available version immediately.
Proactive Monitoring: Monitor server file system logs for unauthorized deletion attempts or access to unexpected file paths.
Compensating Controls: If an update is not immediately available, disable the Perfmatters plugin and review file system permissions to ensure the web server user has the least privilege necessary.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of April 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
WordPress administrators should prioritize updating the Perfmatters plugin. This vulnerability provides a direct vector for destructive actions, making rapid remediation essential to protect the integrity of the web server.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter()...
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue()
---METADATA---
VENDOR: Linux
PRODUCT: kernel
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A use-after-free vulnerability in the Linux kernel's rtmutex component during proxy-lock rollback can lead to privilege escalation.
Executive Summary:
A high-severity use-after-free vulnerability in the Linux kernel's real-time mutex subsystem could allow a local attacker to gain elevated privileges.
Vulnerability Details
CVE-ID: CVE-2026-43499
Affected Software: Linux kernel
Affected Versions: See vendor advisory
Vulnerability: During a proxy-lock rollback in rt_mutex_start_proxy_lock(), the kernel incorrectly handles task pointers. This results in a use-after-free condition where a reference to a task is used after it has been improperly managed.
Business Impact
The CVSS score of 7.8 underscores the severity of this vulnerability. By exploiting this flaw, a local attacker could potentially achieve privilege escalation, compromising the entire system.
Remediation Plan
Immediate Action: Update the Linux kernel to a patched version that correctly utilizes waiter::task in remove_waiter().
Proactive Monitoring: Monitor for suspicious local processes attempting to interact with futex or real-time mutex operations.
Compensating Controls: Restrict access to local system resources and implement kernel hardening measures to mitigate potential privilege escalation attempts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the potential for privilege escalation, this patch is of high importance. Administrators must ensure that the kernel is updated to a non-vulnerable version as soon as possible.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of i...
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_handle_to_fd callback that checks if the object is imported and returns -EOPNOTSUPP if so
---METADATA---
VENDOR: Linux
PRODUCT: kernel
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A flaw in the Linux kernel's IVPU (Intel Versatile Processing Unit) accelerator driver allows for unauthorized re-exporting of imported GEM objects.
Executive Summary:
An access control vulnerability in the Linux kernel IVPU driver could allow for unauthorized memory access via GEM object re-exporting.
Vulnerability Details
CVE-ID: CVE-2026-43498
Affected Software: Linux kernel
Affected Versions: See vendor advisory
Vulnerability: The vulnerability is due to a missing restriction in the IVPU accelerator driver, which allows re-exporting of imported GEM buffers. By failing to return -EOPNOTSUPP for imported objects, the driver enables improper handle-to-fd conversions.
Business Impact
With a CVSS score of 7.8 (High), this vulnerability poses a risk to systems utilizing Intel accelerator hardware. Unauthorized access to GEM memory handles could lead to information disclosure or potential escalation of privileges by manipulating shared graphics/compute memory.
Remediation Plan
Immediate Action: Update the Linux kernel to the latest version to include the patch that disallows re-exporting of imported GEM objects.
Proactive Monitoring: Monitor system logs for driver-related errors and restrict user access to accelerator device nodes.
Compensating Controls: Apply strict permissions to device nodes associated with the IVPU driver to prevent unauthorized usage by unprivileged users.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Users of Intel-based hardware with IVPU support should prioritize this kernel update to prevent potential memory access violations.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg...
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the modem-supplied port_count field as a loop bound over port_msg->data[] without checking that the message buffer contains sufficient data
---METADATA---
VENDOR: Linux
PRODUCT: Kernel
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A slab-out-of-bounds read vulnerability exists in the Linux kernel's t7xx WWAN driver when handling modem messages.
Executive Summary:
A high-severity memory corruption flaw in the Linux kernel's t7xx driver could allow a malicious modem to trigger a system crash.
Vulnerability Details
CVE-ID: CVE-2026-43495
Affected Software: Linux Kernel
Affected Versions: See vendor advisory for affected versions
Vulnerability: The t7xx_port_enum_msg_handler function fails to validate the port_count field against the actual message length, leading to a slab-out-of-bounds read of up to 262,140 bytes.
Business Impact
The vulnerability can be exploited by a malicious modem to cause a kernel panic, resulting in a Denial of Service (DoS) for the affected system. With a CVSS score of 8.8, the stability of systems utilizing this kernel component is at significant risk.
Remediation Plan
Immediate Action: Apply the relevant kernel patches (commits 0e7c074cfcd9bd93765505f9eb8b42f03ed2a744, 2b56d7903ab804481f5233a259d5f341e9fd513c, 9855e063e063158cc5bded576382599dc3133202, dd4f4c93c1488d7100b9964f2da4c8b3c29652f1, f94450ce5053b36002995b72d1fa1db3bb08c5bf).
Proactive Monitoring: Monitor system logs for kernel oops or unexpected crash reports related to the t7xx driver.
Compensating Controls: If patching is delayed, ensure hardware security for connected modems to prevent the introduction of malicious messages.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 31, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
System administrators should update their Linux kernel to a version containing the provided fixes. Given the potential for system instability, prioritizing this update is recommended to prevent denial-of-service conditions.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2()...
In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data
---METADATA---
VENDOR: Linux
PRODUCT: kernel
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A memory management flaw in the Linux kernel's RDS (Reliable Datagram Sockets) implementation can lead to inconsistent state when zerocopy page pinning fails.
Executive Summary:
A resource management error in the Linux kernel's RDS subsystem could allow for memory corruption or denial of service.
Vulnerability Details
CVE-ID: CVE-2026-43494
Affected Software: Linux kernel
Affected Versions: See vendor advisory
Vulnerability: The vulnerability exists in rds_message_zcopy_from_user(), where the op_nents variable is not correctly reset when iov_iter_get_pages2() fails. This creates an inconsistent state during cleanup.
Business Impact
The CVSS score of 7.8 (High) indicates a significant threat to system stability. Improper handling of page pinning failures during socket operations can lead to kernel memory leaks or crashes, impacting the availability of network-intensive applications.
Remediation Plan
Immediate Action: Update the Linux kernel to the latest version to ensure correct cleanup of RDS zerocopy operations.
Proactive Monitoring: Monitor system logs for kernel warnings related to socket memory or RDS-specific errors.
Compensating Controls: Limit access to RDS-based network sockets where possible and employ general kernel hardening measures.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 1, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Kernel stability is paramount for high-performance networking. Organizations using RDS should apply the latest kernel updates to remediate this memory management flaw.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent dir...
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor xattr
---METADATA---
VENDOR: Linux
PRODUCT: Kernel (ksmbd)
AFFECTED_VERSIONS: Debian bookworm (6.1.159-1, 6.1.170-3), trixie (6.12.73-1, 6.12.86-1), and forky (7.0.4-1).
---END_METADATA---
Description Summary:
A buffer access vulnerability in the Linux kernel ksmbd module allows out-of-bounds operations due to improper validation of inherited ACE SID lengths during DACL processing.
Executive Summary:
A high-severity memory safety vulnerability in the Linux kernel ksmbd module could lead to denial of service or unauthorized information disclosure.
Vulnerability Details
CVE-ID: CVE-2026-43490
Affected Software: Linux Kernel (ksmbd)
Affected Versions: Debian bookworm (6.1.159-1, 6.1.170-3), trixie (6.12.73-1, 6.12.86-1), and forky (7.0.4-1). Fixed in Debian sid 7.0.7-1.
Vulnerability: This is a buffer access vulnerability (CWE-805) within the smb_inherit_dacl() function, where a malformed inheritable ACE can trigger out-of-bounds read or write operations. The vulnerability is triggered during the processing of directory DACLs and does not explicitly require user authentication to the kernel, though it is typically reachable via network-based SMB interaction.
Business Impact
With a CVSS score of 8.8, this vulnerability presents a significant risk of system instability or memory corruption. Successful exploitation could allow an attacker to crash the system (Denial of Service) or potentially leak sensitive kernel memory, compromising the confidentiality and integrity of the host server.
Remediation Plan
Immediate Action: Update the Linux kernel to the patched version (7.1-rc3 or the respective distribution-specific fix such as Debian sid 7.0.7-1) as soon as possible.
Proactive Monitoring: Monitor system logs for kernel-related crashes or unexpected memory access errors that may indicate exploitation attempts.
Compensating Controls: Restrict access to SMB services to trusted network segments to reduce the attack surface until patches are applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 25, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the potential for kernel-level memory corruption, immediate patching is critical for all systems running the ksmbd kernel module. Organizations should prioritize applying vendor-supplied kernel updates to prevent potential service disruption and information leakage.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' f...
The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services shou...
In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other
---METADATA---
VENDOR: Linux
PRODUCT: Kernel
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A permission check vulnerability in the Linux kernel's nsfs allows privileged services to potentially access or leak information from other namespaces.
Executive Summary:
A critical permission check flaw in the Linux kernel's namespace subsystem may allow unauthorized information disclosure between privileged services.
Vulnerability Details
CVE-ID: CVE-2026-43391
Affected Software: Linux Kernel
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists in the namespace filesystem (nsfs) where permission checks for handle opening were insufficient. This allows privileged processes to access or view namespaces belonging to other privileged services, violating the intended isolation boundary.
Business Impact
This flaw carries a CVSS score of 8.8, reflecting its potential to bypass critical security isolation. In containerized environments or multi-tenant systems, this could lead to cross-container information leakage, potentially exposing sensitive credentials or proprietary data between isolated services.
Remediation Plan
Immediate Action: Apply the latest kernel security patches released by the Linux distribution vendor to enforce stricter namespace isolation.
Proactive Monitoring: Audit container and process isolation logs for unauthorized attempts to access namespace handles.
Compensating Controls: Use strict SELinux or AppArmor profiles to limit the capabilities of privileged processes, even those that might be subject to namespace-based isolation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Ensuring robust namespace isolation is essential for modern server and cloud infrastructure security. Administrators should update kernel versions immediately to restore mandatory access controls and prevent potential cross-service data leakage.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attac...
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb
---METADATA---
VENDOR: Linux
PRODUCT: Kernel
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A memory handling flaw in the Linux kernel's xfrm/esp implementation allows for insecure in-place decryption, potentially leading to data corruption or information disclosure.
Executive Summary:
A critical memory management vulnerability in the Linux kernel's xfrm/esp subsystem could lead to system instability or security bypasses.
Vulnerability Details
CVE-ID: CVE-2026-43284
Affected Software: Linux Kernel
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The issue involves incorrect handling of shared skb fragments during decryption in the xfrm/esp subsystem. Because MSG_SPLICE_PAGES can attach pipe pages directly to an skb, performing in-place decryption on shared memory is unsafe and can be exploited.
Business Impact
With a CVSS score of 8.8, this kernel vulnerability is highly critical. It could allow for the exposure of encrypted network traffic or result in kernel panics, causing significant service disruptions for systems utilizing IPsec tunnels or similar network encryption protocols.
Remediation Plan
Immediate Action: Update the Linux kernel to the latest patched version provided by your distribution vendor.
Proactive Monitoring: Review system logs for kernel panics or anomalies in network decryption performance.
Compensating Controls: Where possible, isolate highly sensitive network traffic to hardware-accelerated encryption modules that are not subject to this specific kernel path.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 27, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Kernel vulnerabilities require immediate attention due to their potential for full system compromise. Administrators must prioritize applying kernel security updates across all affected server and workstation environments as soon as they become available.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1
The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
A critical SQL injection vulnerability in the Raera Destekz application allows unauthenticated attackers to execute arbitrary SQL commands.
A critical SQL injection vulnerability in the Raera Destekz application allows unauthenticated attackers to execute arbitrary SQL commands.
---METADATA---
VENDOR: Raera
PRODUCT: Destekz
AFFECTED_VERSIONS: Through 02062026
---END_METADATA---
Description Summary:
A critical SQL injection vulnerability in the Raera Destekz application allows unauthenticated attackers to execute arbitrary SQL commands.
Executive Summary:
The Raera Destekz application contains a critical SQL injection vulnerability that enables unauthenticated attackers to compromise the underlying database.
Vulnerability Details
CVE-ID: CVE-2026-4321
Affected Software: Raera Destekz
Affected Versions: Through 02062026
Vulnerability: This is an SQL injection vulnerability resulting from improper neutralization of special elements in database queries. An unauthenticated attacker can exploit this flaw to manipulate database contents or exfiltrate sensitive data.
Business Impact
The exploitation of this vulnerability poses a severe threat to data confidentiality, integrity, and availability. With a CVSS score of 9.8, this flaw could lead to complete database compromise, potentially resulting in unauthorized access to sensitive user information and total system takeover.
Remediation Plan
Immediate Action: As the vendor has declared this product end-of-life and unsupported, the primary remediation is to decommission the application immediately. If migration is not possible, isolate the host system from all networks.
Proactive Monitoring: Review database query logs for anomalous syntax, specifically looking for common SQL injection patterns such as UNION SELECT or tautology-based queries.
Compensating Controls: Deploy a Web Application Firewall (WAF) with strict SQL injection rulesets to filter malicious traffic, though this should be considered a temporary measure given the lack of official patches.
Exploitation Status
Public Exploit Available: N/A
Analyst Notes: As of Jul 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, because the software is no longer supported by the vendor, the risk of unpatched exploitation remains extremely high.
Analyst Recommendation
Given that Destekz is no longer supported, the risk profile for this vulnerability is effectively permanent. Organizations still utilizing this software must prioritize the migration to a secure, supported alternative to mitigate the risk of a catastrophic data breach.
Update Raera - Ankara Web Design and Digital Advertising Agency Destekz to the latest version. Monitor for exploitation attempts and review access logs.
A vulnerability was identified in code-projects Simple Food Order System 1
A vulnerability was identified in code-projects Simple Food Order System 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A vulnerability was determined in UTT HiPER 810G up to 1
A vulnerability was determined in UTT HiPER 810G up to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3
The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3
---METADATA---
VENDOR: WP Extended
PRODUCT: The Ultimate WordPress Toolkit – WP Extended
AFFECTED_VERSIONS: Up to and including 3.x
---END_METADATA---
Description Summary:
The WP Extended plugin for WordPress is vulnerable to privilege escalation, allowing low-privileged users to gain administrative access.
Executive Summary:
A high-severity privilege escalation vulnerability in the WP Extended plugin allows attackers to gain unauthorized administrative control over WordPress sites.
Vulnerability Details
CVE-ID: CVE-2026-4314
Affected Software: WP Extended The Ultimate WordPress Toolkit – WP Extended
Affected Versions: All versions up to, and including, 3.x
Vulnerability: This vulnerability allows an authenticated attacker with low-level permissions to escalate their privileges to those of an administrator. This is typically caused by a lack of proper capability checks in the plugin's functional code.
Business Impact
Successful exploitation results in a complete site takeover. An attacker with administrative privileges can delete content, steal user data, install malicious scripts, and potentially use the site to distribute malware. The CVSS score of 8.8 reflects the high impact on site integrity and confidentiality.
Remediation Plan
Immediate Action: Update the WP Extended plugin to the latest version immediately. If the plugin is not essential, consider deactivating and removing it.
Proactive Monitoring: Review the list of administrative users for any unauthorized accounts and audit recent changes to site settings or plugin configurations.
Compensating Controls: Implement the principle of least privilege by limiting the number of users with any level of dashboard access and using a security plugin to monitor for privilege escalation attempts.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of March 23, 2026, there is no public information indicating active exploitation. Privilege escalation flaws in popular toolkits are high-value targets for attackers seeking persistent access to WordPress environments.
Analyst Recommendation
Immediate remediation is required. Privilege escalation bypasses the fundamental security model of WordPress, making the application of the vendor's patch a critical priority for site administrators.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
A missing authentication vulnerability in DrangSoft GCB/FCB Audit Software allows unauthenticated remote attackers to create unauthorized administrati...
A missing authentication vulnerability in DrangSoft GCB/FCB Audit Software allows unauthenticated remote attackers to create unauthorized administrative accounts via exposed APIs.
---METADATA---
VENDOR: DrangSoft
PRODUCT: GCB/FCB Audit Software
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
A missing authentication vulnerability in DrangSoft GCB/FCB Audit Software allows unauthenticated remote attackers to create unauthorized administrative accounts via exposed APIs.
Executive Summary:
DrangSoft GCB/FCB Audit Software is susceptible to a critical authentication bypass that allows unauthenticated attackers to grant themselves full administrative access.
Vulnerability Details
CVE-ID: CVE-2026-4312
Affected Software: DrangSoft GCB/FCB Audit Software
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The software fails to enforce authentication on specific API endpoints used for account management. This allows an unauthenticated remote attacker to directly call these APIs and create a new account with administrative privileges.
Business Impact
The impact of this vulnerability is Critical (CVSS 9.8). An attacker with administrative access can modify audit records, delete sensitive data, and manipulate financial or compliance reports. This completely undermines the integrity of the audit software and could lead to severe legal and regulatory consequences.
Remediation Plan
Immediate Action: Update the DrangSoft GCB/FCB Audit Software to the latest version to enforce proper authentication checks on all API endpoints.
Proactive Monitoring: Review the administrative user list for any unrecognized accounts and audit the system logs for API calls originating from unexpected IP addresses.
Compensating Controls: Place the audit software behind a VPN or a Zero Trust Network Access (ZTNA) solution to restrict API access to authorized personnel only.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of March 17, 2026, there is no public information indicating active exploitation. However, the simplicity of exploiting missing authentication makes this a high-risk target.
Analyst Recommendation
Apply the vendor's patch immediately. Administrative account creation is the "keys to the kingdom," and leaving this vulnerability unpatched is an unacceptable risk to organizational data integrity and compliance posture.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb(...
In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array
---METADATA---
VENDOR: Linux
PRODUCT: Kernel (wl1251 driver)
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A buffer overflow vulnerability in the Linux kernel's wl1251 Wi-Fi driver exists due to missing bounds validation on firmware-supplied packet IDs.
Executive Summary:
A critical buffer overflow in the Linux kernel wl1251 Wi-Fi driver could allow attackers to trigger memory corruption via malicious firmware communication.
Vulnerability Details
CVE-ID: CVE-2026-43113
Affected Software: Linux Kernel
Affected Versions: See vendor advisory for affected versions
Vulnerability: This is a buffer overflow vulnerability in the wl1251_tx_packet_cb() function. The driver uses a completion ID provided by the firmware as an index for the wl->tx_frames[] array without verifying if the ID exceeds the array's bounds.
Business Impact
An attacker capable of influencing the firmware or intercepting the firmware-host communication could trigger this memory corruption, leading to system crashes or arbitrary code execution. Given the CVSS score of 8.8, this represents a significant threat to systems using the affected hardware, particularly in embedded or IoT environments.
Remediation Plan
Immediate Action: Apply vendor security updates as they become available. If no patch is currently available for your specific distribution, consider disabling the wl1251 driver if not strictly required.
Proactive Monitoring: Monitor system logs for driver-level errors or unexpected crashes related to Wi-Fi transmission completions.
Compensating Controls: Implement network-level security to prevent untrusted devices from interacting with the host's wireless firmware management interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability highlights the risk of trusting firmware-supplied indices in kernel drivers. Organizations should prioritize updating kernel packages and, where possible, restrict wireless device access to mitigate the risk of malicious firmware-based exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitiz...
In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e
---METADATA---
VENDOR: Linux
PRODUCT: Kernel (CIFS client)
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
An out-of-bounds read vulnerability in the Linux kernel's CIFS client allows a system crash when processing empty or malformed path strings.
Executive Summary:
A vulnerability in the Linux kernel CIFS client can be triggered by specifically crafted file paths, leading to a denial-of-service condition.
Vulnerability Details
CVE-ID: CVE-2026-43112
Affected Software: Linux Kernel
Affected Versions: See vendor advisory for affected versions
Vulnerability: This is an out-of-bounds read vulnerability occurring within the cifs_sanitize_prepath function. It is triggered when the function receives an empty string or a string containing only delimiters, which can cause the kernel to access memory outside of the intended buffer.
Business Impact
The primary impact of this vulnerability is a denial-of-service, as the out-of-bounds read will likely result in a kernel panic and subsequent system crash. With a CVSS score of 8.8, this poses a substantial risk to file server stability and availability for any system utilizing the CIFS/SMB client.
Remediation Plan
Immediate Action: Apply available kernel updates provided by your distribution. Note that for some distributions, a vendor-supplied patch may not yet be available; monitor vendor security trackers closely.
Proactive Monitoring: Monitor kernel logs for recurring crashes associated with CIFS mount operations or unusual file system activity.
Compensating Controls: If patching is delayed, restrict the use of untrusted or externally sourced SMB shares that may provide malicious path strings to the client.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Administrators should audit their infrastructure for systems utilizing CIFS mounts. While this is primarily a denial-of-service vulnerability, the risk to system availability is high, and patching should be performed as soon as a stable update is released by the distribution vendor.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event(...
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before it touches drvr->iflist[], but it still uses the raw bsscfgidx field as an array index without a matching range check
---METADATA---
VENDOR: Linux
PRODUCT: Kernel (brcmfmac driver)
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
A buffer overflow vulnerability in the Linux kernel's brcmfmac Wi-Fi driver allows out-of-bounds memory access via malformed IF events from the firmware.
Executive Summary:
A critical out-of-bounds memory access vulnerability in the Linux kernel's brcmfmac driver could lead to system instability or arbitrary code execution.
Vulnerability Details
CVE-ID: CVE-2026-43110
Affected Software: Linux Kernel
Affected Versions: See vendor advisory for affected versions
Vulnerability: This is an improper input validation vulnerability where the brcmf_fweh_handle_if_event() function fails to perform range checks on the bsscfgidx field before using it as an array index. The vulnerability is triggered when the host processes a crafted IF event from the Wi-Fi firmware, placing the attack surface at the firmware-host boundary.
Business Impact
Successful exploitation of this vulnerability could lead to a denial-of-service (system crash) or potentially allow a local attacker to escalate privileges by manipulating kernel memory. With a CVSS score of 8.8, this flaw represents a significant risk to the integrity and availability of Linux-based systems relying on Broadcom Wi-Fi hardware.
Remediation Plan
Immediate Action: Apply the latest kernel security updates provided by your distribution (e.g., SUSE or Red Hat). Fixed versions include kernel-source >= 6.4.0-150700.53.55.1 for supported SUSE distributions.
Proactive Monitoring: Monitor system logs for kernel panics or unexpected Wi-Fi driver resets that may indicate attempts to trigger an out-of-bounds access.
Compensating Controls: Ensure that systems are running with kernel hardening features enabled, such as Address Space Layout Randomization (ASLR) and stack canaries, to mitigate potential exploitation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 2, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high CVSS score and the critical nature of the kernel-level impact, administrators should prioritize patching their Linux kernels. Organizations relying on Broadcom Wi-Fi chipsets must verify their kernel version against the provided security updates to ensure the bsscfgidx range check is properly implemented.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback NETIF_F_IPV6_CS...
In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback NETIF_F_IPV6_CSUM only advertises support for checksum offload of packets without IPv6 extension headers
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in add_adev() error path If auxiliary_device_add()...
In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in add_adev() error path If auxiliary_device_add() fails, add_adev() jumps to add_fail and calls auxiliary_device_uninit(adev)
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzalloc_flex for aio_cmd The target_core_file doesn't in...
In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzalloc_flex for aio_cmd The target_core_file doesn't initialize the aio_cmd->iocb for the ki_write_stream
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_ir...
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq The wacom_intuos_bt_irq() function processes Bluetooth HID reports without sufficient bounds checking
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid...
In the Linux kernel, the following vulnerability has been resolved: HID: core: Mitigate potential OOB by removing bogus memset() The memset() in hid_report_raw_event() has the good intention of clearing out bogus data by zeroing the area from the end of the incoming data string to the assumed end of the buffer
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possib...
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious (or clumsy) device to respond to a specific report's feature request using a completely different report ID
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block...
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3
The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3
---METADATA---
VENDOR: WeePie
PRODUCT: Cookie Allow
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL injection via the 'consent' parameter, posing a risk to database security.
Executive Summary:
The WeePie Cookie Allow plugin contains a high-severity SQL injection vulnerability that could allow unauthorized database access and data manipulation.
Vulnerability Details
CVE-ID: CVE-2026-4304
Affected Software: WeePie Cookie Allow
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability is an SQL injection flaw triggered via the 'consent' parameter. By supplying crafted input, an attacker can execute arbitrary SQL commands against the WordPress database.
Business Impact
A CVSS score of 7.5 highlights the potential for significant impact, including the compromise of sensitive user consent data and broader database exposure. This poses a compliance risk and a direct threat to the security posture of the affected WordPress site.
Remediation Plan
Immediate Action: Update the WeePie Cookie Allow plugin to the latest version as soon as the vendor releases a patch.
Proactive Monitoring: Regularly review application and database error logs for signs of injection attempts or unusual query execution patterns.
Compensating Controls: Implement WAF rules specifically configured to sanitize or block input to the 'consent' parameter to mitigate the risk until a patch is applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 6, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Immediate remediation is essential to prevent unauthorized access to the database. Given the nature of the vulnerability, prompt updates are the most effective way to eliminate this security risk.
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption...
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could simply be re-copied from the source
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packe...
In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets When a TX packet spans multiple buffer descriptors (scatter-gather), axienet_free_tx_chain sums the per-BD actual length from descriptor status into a caller-provided accumulator
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe() for pointers to packet In case rold->reg->range == BEYOND_PKT...
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe() for pointers to packet In case rold->reg->range == BEYOND_PKT_END && rcur->reg->range == N regsafe() may return true which may lead to current state with valid packet range not being explored
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcp_recvmsg() syzbot reported a soft lockup in mptcp...
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcp_recvmsg() syzbot reported a soft lockup in mptcp_recvmsg() [0]
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existin...
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ignore explicit helper on new expectations Use the existing master conntrack helper, anything else is not really supported and it just makes validation more complicated, so just ignore what helper userspace suggests for this expectation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in sco_sock_connect() sco_sock_connect() che...
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: fix race conditions in sco_sock_connect() sco_sock_connect() checks sk_state and sk_type without holding the socket lock
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1
The WowOptin: Next-Gen Popup Maker plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1
Update WordPress plugin/theme to the latest version. Review WordPress security settings and remove if no longer needed.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync hci_conn lookup an...
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync hci_conn lookup and field access must be covered by hdev lock in set_cig_params_sync, otherwise it's possible it is freed concurrently
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt hci_...
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt hci_conn lookup and field access must be covered by hdev lock in hci_le_remote_conn_param_req_evt, otherwise it's possible it is freed concurrently
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready(...
In the Linux kernel, the following vulnerability has been resolved: bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready()
---METADATA---
VENDOR: Google
PRODUCT: Google Compute (Linux Kernel)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A use-after-free vulnerability exists in the Linux kernel's BPF sockmap implementation, specifically within the sk_psock_verdict_data_ready function.
Executive Summary:
A use-after-free vulnerability in the Linux kernel could allow a local attacker to cause system instability or gain elevated privileges.
Vulnerability Details
CVE-ID: CVE-2026-43016
Affected Software: Google Compute (Linux Kernel)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The flaw arises from improper handling of sk->sk_socket within the BPF sockmap code, leading to a use-after-free condition. This is a memory management issue that can be triggered by an attacker with sufficient local access.
Business Impact
With a CVSS score of 7.8, this vulnerability represents a significant risk to cloud instances using affected Linux kernels. Successful exploitation could lead to arbitrary code execution, potentially allowing an attacker to escape container boundaries or gain root access, threatening the confidentiality and integrity of the entire compute instance.
Remediation Plan
Immediate Action: Update the kernel on all Google Compute instances to the latest version provided by your distribution vendor that includes the fix for this BPF vulnerability.
Proactive Monitoring: Implement kernel-level monitoring and log analysis to detect unusual system behavior or crashes that may coincide with exploit attempts.
Compensating Controls: Use container security tools to limit the BPF capabilities of non-privileged users, thereby reducing the attack surface for this vulnerability.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The urgency of this update is high, particularly for multi-tenant or containerized environments. Administrators should test and deploy the kernel patches as part of their next maintenance window to prevent potential privilege escalation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrack...
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrack_insn encounters a BPF_STX instruction with BPF_ATOMIC and BPF_FETCH, the src register (or r0 for BPF_CMPXCHG) also acts as a destination, thus receiving the old value from the memory location
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in OpenStack ironic-python-agent 1
An issue was discovered in OpenStack ironic-python-agent 1
---METADATA---
VENDOR: OpenStack
PRODUCT: Ironic-python-agent
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security issue has been identified in OpenStack ironic-python-agent, potentially impacting the security posture of hardware management services.
Executive Summary:
A high-severity vulnerability in OpenStack ironic-python-agent requires immediate attention to prevent potential unauthorized access to hardware management interfaces.
Vulnerability Details
CVE-ID: CVE-2026-43003
Affected Software: OpenStack Ironic-python-agent
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: While specific technical details are limited, the vulnerability affects the ironic-python-agent, which is responsible for managing bare-metal hardware. The nature of the flaw suggests potential for unauthorized control or data access.
Business Impact
A CVSS score of 8.0 indicates a high risk to infrastructure availability and control. Unauthorized access to the ironic-python-agent could allow an attacker to disrupt bare-metal provisioning, compromise hardware control, or gain unauthorized access to the underlying management network.
Remediation Plan
Immediate Action: Upgrade to the latest version of ironic-python-agent as specified in the OpenStack security advisory.
Proactive Monitoring: Monitor management network traffic for unusual API requests or unauthorized attempts to interact with the ironic-python-agent service.
Compensating Controls: Isolate the management network used by OpenStack Ironic from general-purpose networks to restrict access to the service.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Infrastructure teams should prioritize the remediation of this vulnerability, as it directly impacts the management plane of the cloud environment. Ensure that all affected nodes are patched and verified for compliance with security best practices.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
An issue was discovered in OpenStack Keystone 13 through 29
An issue was discovered in OpenStack Keystone 13 through 29
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: OpenClaw
PRODUCT: OpenClaw
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
OpenClaw is affected by a security vulnerability requiring immediate attention to prevent potential exploitation of the software environment.
Executive Summary:
A high-severity security vulnerability has been identified in OpenClaw, necessitating immediate review and remediation to ensure system integrity.
Vulnerability Details
CVE-ID: CVE-2026-43530
Affected Software: OpenClaw
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The specific nature of the vulnerability remains under investigation by the vendor. It is identified as a high-severity flaw that may allow for unauthorized system interaction.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a significant risk to organizational assets. Failure to address this flaw could lead to unauthorized access or degradation of service, potentially impacting the confidentiality and integrity of data processed by the application.
Remediation Plan
Immediate Action: Apply all security patches and updates provided by the vendor immediately upon release.
Proactive Monitoring: Monitor system logs for unusual authentication patterns or erratic process behavior that may indicate exploitation attempts.
Compensating Controls: Utilize endpoint detection and response (EDR) tools to isolate the affected software and restrict its network access until the official patch is applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 6, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the high CVSS score, the potential for exploitation is significant.
Analyst Recommendation
Security teams should monitor the vendor’s security bulletin closely for the release of a patch. Once available, the update should be deployed to all affected instances as a matter of high priority to mitigate potential exposure.