CVE-2026-44307 vulnerabilities

🗓️ 08 May 2026 07:18:20Reported by ChainguardType

cgr

cgr🔗 packages.cgr.dev👁 5 Views

CVE-2026-44307 affects the keep-fips and keep packages on Unix.

Reporter	Title	Published	Views	Family All 28
GithubExploit	dependabot-pip-mako-case-poc	20 May 202614:59	–	githubexploit
ATTACKERKB	CVE-2026-44307	12 May 202621:53	–	attackerkb
IBM Security Bulletins	Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.	27 May 202616:03	–	ibm
CNNVD	mako 路径遍历漏洞	12 May 202600:00	–	cnnvd
CVE	CVE-2026-44307	12 May 202621:53	–	cve
Cvelist	CVE-2026-44307 Mako: Path traversal via backslash URI on Windows in TemplateLookup	12 May 202621:53	–	cvelist
Debian CVE	CVE-2026-44307	12 May 202621:53	–	debiancve
Github Security Blog	Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup	6 May 202621:45	–	github
NVD	CVE-2026-44307	12 May 202622:16	–	nvd
OSV	BELL-CVE-2026-44307 CVE-2026-44307 does not affect BellSoft software	21 May 202606:10	–	osv

OS	OS Version	Architecture	Package	Package Version	Filename
wolfi	any	x86_64	airflow	3.2.1-r3	airflow-3.2.1-r3.apk
wolfi	any	aarch64	airflow	3.2.1-r3	airflow-3.2.1-r3.apk
wolfi	any	x86_64	airflow-core	3.2.1-r1	airflow-core-3.2.1-r1.apk
wolfi	any	aarch64	airflow-core	3.2.1-r1	airflow-core-3.2.1-r1.apk
wolfi	any	x86_64	keep	0.51.0-r6	keep-0.51.0-r6.apk
wolfi	any	aarch64	keep	0.51.0-r6	keep-0.51.0-r6.apk
wolfi	any	x86_64	keep-fips	0.51.0-r6	keep-fips-0.51.0-r6.apk
wolfi	any	aarch64	keep-fips	0.51.0-r6	keep-fips-0.51.0-r6.apk
wolfi	any	x86_64	mlflow-fips	3.12.0-r0	mlflow-fips-3.12.0-r0.apk
wolfi	any	aarch64	mlflow-fips	3.12.0-r0	mlflow-fips-3.12.0-r0.apk

03 Jun 2026 19:17Current

5.8Medium risk

Vulners AI Score5.8

CVSS 48.7

EPSS0.00287

SSVC

CVE-2026-44307 keep-fips keep Unix