Linux Distros Unpatched Vulnerability : CVE-2026-27148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat Enterprise Linux - storybook: Storybook: Remote Code Execution via WebSocket Hijacking CVE-2026-27148 Note that Nessus relies on the presence of the...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @cedarjs/cli-storybook-vite (>=1.0.0-canary.12742 <=1.0.0-canary.12784) +14 more potentially affected by CVE-2026-27148 via storybook (>=8.7.0-alpha.0 <=9.1.18)

storybook NPM version =8.7.0-alpha.0, =0.0.1, =1.0.0-canary.12742, =2.0.0-beta.3, =0.0.2-alpha.0, =1.0.0, =0.1.80, =9.0.0-alpha.0, =8.7.0-alpha.0, =9.0.0, =9.0.0-alpha.0, =1.2.1, =0.0.75-beta.11, =0.2.7, =0.2.8 and more Source cves: CVE-2026-27148 Source advisory: OSV:GHSA-MJF5-7G4M-GX5W...

@boxcustodia/library (>=1.5.1-canary.0 <=1.5.1-canary.2), @buttery/cli (>=0.4.2 <=0.4.11) +27 more potentially affected by CVE-2026-27148 via storybook (>=8.1.1 <=8.6.16)

storybook NPM version =8.1.1, =1.5.1-canary.0, =0.4.2, =0.1.3, =1.0.0-canary.12734, =0.11.4, =0.12.4, =0.0.1-3d99df6-20260330104634, =3.52.0, =9.0.0-next.51, =7.33.6-qa-airteam-7.35.1.0, =0.0.3, =2.0.0-beta.1, =0.2.36, =0.1.51, =0.1.3, =0.1.8 and more Source cves: CVE-2026-27148 Source advisory:...

CVE-2026-27148

creationtimestamp| type| source ---|---|--- 2026-02-26 01:19:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfpzoxhw5t2e 2026-02-26 19:10:19+00:00| seen| https://gist.github.com/alon710/09463d4ff783b0368066b3726e657169...

@asherng/storybook (>=0.0.18 <=0.1.14), @bluefin-exchange/starship-v2 (>=1.1.1 <=1.1.16) +32 more potentially affected by CVE-2026-27148 via storybook (>=7.0.12 <=7.6.20)

storybook NPM version =7.0.12, =0.0.18, =1.1.1, =0.0.1, =0.0.4, =1.2.108, =3.50.0-next.2, =9.0.0-next.4, =1.0.967, =0.0.1, =1.0.0, =1.2.2, =0.0.1, =0.0.1, =7.6.4-next.32, =6.0.0-canary.234, =6.0.0-canary.318 and more Source cves: CVE-2026-27148 Source advisory: SNYK:JS-STORYBOOK-15353401...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @cedarjs/cli-storybook-vite (>=1.0.0-canary.12742 <=1.0.0-canary.12784) +14 more potentially affected by CVE-2026-27148 via storybook (>=9.0.0-alpha.0 <=9.1.18)

storybook NPM version =9.0.0-alpha.0, =0.0.1, =1.0.0-canary.12742, =2.0.0-beta.3, =0.0.2-alpha.0, =1.0.0, =0.1.80, =9.0.0-alpha.0, =9.0.0, =9.0.0, =9.0.0-alpha.0, =1.2.1, =0.0.75-beta.11, =0.2.7, =0.2.8 and more Source cves: CVE-2026-27148 Source advisory: SNYK:JS-STORYBOOK-15353401...

@asherng/storybook (>=1.0.6 <=1.0.15), @asng/storybook (>=0.0.0-AddSnapshotPipeline-20240326102812 <=0.0.10) +30 more potentially affected by CVE-2026-27148 via storybook (>=8.0.10 <=8.6.16)

storybook NPM version =8.0.10, =1.0.6, =0.0.0-AddSnapshotPipeline-20240326102812, =1.5.1-canary.0, =0.4.2, =0.1.3, =1.0.0-canary.12734, =0.11.4, =0.12.4, =0.0.1-3d99df6-20260330104634, =1.0.12, =3.32.0-rc.2, =9.0.0-next.47, =7.33.6-qa-airteam-7.35.1.0, =0.0.3, =1.1.1, =2.0.0-beta.2 and more Sourc...

CVE-2026-27148

A flaw was found in Storybook's development server. This vulnerability allows a remote attacker to achieve Remote Code Execution or persistent Cross-Site Scripting by exploiting WebSocket hijacking. The attack can occur if a developer visits a malicious website while their local Storybook...

CVE-2026-27148

Storybook is a frontend workshop for building user interface components and pages in isolation. Prior to versions 7.6.23, 8.6.17, 9.1.19, and 10.2.10, the WebSocket functionality in Storybook's dev server, used to create and update stories, is vulnerable to WebSocket hijacking. This vulnerability...

CVE-2022-27148

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow...

EUVD-2022-27148

Malicious code in bioql PyPI...

SUSE CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148

CVE-2025-27148 affects Gradle’s native-platform library used by Gradle builds. Vulnerability arises when Native.get(Class) is called without prior Native.init(File) and a non-null working path is supplied, causing initialization to occur in the system temporary directory on Unix-like systems. Ver...

CVE-2025-27148 Gradle vulnerable to local privilege escalation through system temporary directory

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2025-27148

Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be...

CVE-2024-27148 Local Privilege Escalation and Remote Code Execution using insecure PATH

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL...

CVE-2024-27148 Local Privilege Escalation and Remote Code Execution using insecure PATH

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL...