CVE-2026-35030

LiteLLM (proxy for LLM APIs) contains an authentication bypass flaw when JWT/OIDC authentication is enabled. The OIDC userinfo cache key is derived from the first 20 characters of the token, allowing an unauthenticated attacker to craft a token whose prefix matches a legitimate user’s cached toke...

CVE-2026-35030 LiteLLM has an authentication bypass via OIDC userinfo cache key collision

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, when JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20...

CVE-2026-35030 LiteLLM has an authentication bypass via OIDC userinfo cache key collision

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, when JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20...

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

DEBIAN-CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

UBUNTU-CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

CVE-2026-33540

CVE-2026-33540 affects the Distribution toolkit. In prior releases (before 3.1.0) and in pull-through cache mode, it parses WWW-Authenticate challenges to discover token auth endpoints, taking the realm URL from a bearer challenge without validating it against the upstream host. An attacker-contr...

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

CLEANSTART-2026-MU54962 Security fixes for ghsa-527x-5wrf-22m2, ghsa-g754-hx8w-x2g6, ghsa-jgfp-53c3-624w, ghsa-px8v-pp82-rcvr, ghsa-vv39-3w5q-974q applied in versions: 1.25.0-r0, 1.26.7-r0

Multiple security vulnerabilities affect the kubernetes-dns-node-cache package. These issues are resolved in later releases. See references for individual vulnerability details...

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt prior to 6.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the incorrect creation of unique keys using the custom cacheKeyBuilder method, which could lead to cache conflicts and...

LiteLLM 授权问题漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Prior to version 1.83.0, LiteLLM had an authorization vulnerability. This vulnerability stemmed from the use of token:20 as a cache key when JWT authentication was...

PT-2026-30710

Name of the Vulnerable Software and Affected Versions distribution versions 3.0.x and earlier, versions 2.8.x and earlier when redis blob descriptor cache and delete are both enabled Description distribution, a toolkit for managing container content, is susceptible to a confidentiality issue. Whe...

Distribution 安全漏洞

Distribution is an open-source toolset developed by Distribution, used for packaging, transporting, storing, and delivering content. Versions of Distribution prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated domain URLs under the pull cache mode,...

OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

...

Linux Distros Unpatched Vulnerability : CVE-2026-31402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer rpibufNFSD4REPLAYISIZE to store encoded...

Linux Distros Unpatched Vulnerability : CVE-2026-34978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. pa...

Fedora 42 : bind9-next (2026-bcc66a29da)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bcc66a29da advisory. Update to 9.21.20 rhbz2440560 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 - Fi...