EUVD-2026-39788

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

CVE-2026-12411 Broken Access Control in Canonical LXD DevLXD API

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled...

CVE-2026-12411

CVE-2026-12411 : Affects Canonical LXD (devLXDInstancePatchHandler). A crafted device PATCH to /dev/lxd, when security.devlxd.management.volumes is enabled, can allow a local untrusted guest to mount, read, and overwrite another guest’s custom storage volume. CVSSv3.1 base score 8.4 (HIGH); confi...

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

EUVD-2026-39552

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

CVE-2026-10512

The CVE-2026-10512 issue affects the X25519 x86_64 assembly implementation, where the final modular reduction fails to clear the most significant bit, leaving the 255-bit field element non-canonical. Consequently, the computed result from scalar multiplication may be incorrect, potentially yieldi...

CVE-2026-10512 X25519 x86_64 assembly final reduction leaves non-canonical field element

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

CVE-2026-53184

In the Linux kernel, the following vulnerability has been resolved: udp: clear skb-dev before running a sockmap verdict On the UDP receive path skb-dev is repurposed as devscratch the truesize/state cache set by udpsetdevscratch, through the union struct netdevice dev; unsigned long devscratch; i...

CVE-2026-53184

The CVE-2026-53184 issue affects the Linux kernel UDP sockmap path. On UDP receive, skb->dev is repurposed as dev_scratch; when a SK_SKB verdict program uses BPF socket-lookup helpers (bpf_sk_lookup_tcp/udp, bpf_skc_lookup_tcp), skb->dev may still hold the dev_scratch value, and dev_net(skb...

PT-2026-52561

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The X25519 x86 64 assembly implementation fails to clear the most significant bit during the final modular reduction. This occurs because the final...

JLSEC-2026-617 Open redirect in the HTTP.jl static file server canonical redirects

Description The static file server's canonical 301 redirects index-file strip, directory trailing-slash add, and file trailing-slash strip built the Location header verbatim from the un-normalized request target. Request-target validation only requires a leading /, has no CTL bytes, and the...

CVE-2026-12249

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

CVE-2026-12249

Canonical ADSys upstream versions up to v0.16.2 expose a flaw in AD CS auto-enrollment where the vendored Samba client uses plaintext HTTP (GETCACert) to fetch the CA certificate, enabling a network attacker in a MITM position to supply an attacker-controlled Root CA. This leads to automatic enro...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Added missing error handling inside the getcanonicaldevpath function. Inside the getcanonicaldevpath function, we call dpath to obtain the final device path. However, dpath may return an error. In such cases, the next call...

Astra Linux – Vulnerability in glibc

Before version 2.32, the GNU C Library also known as glibc or libc6 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contained a non-canonical bit pattern. This issue was observed when passing a value of 0x5d414141414141410000 to the sinl...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: VMCI: Check context-notifypage after calling getuserpagesfast to avoid GPF. The call to getuserpagesfast in vmcihostunlockedioctl may return NULL for context-notifypage, causing a GPF. To avoid this, check that context-notifypage...

PT-2026-50824

Name of the Vulnerable Software and Affected Versions Daytona versions prior to 0.186 Description A sandbox volume reference volumeId which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A reference containing...

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...