CLSA-2026-1767867153 kernel: Fix of 16 CVEs

crypto: lzo - Fix compression buffer overrun CVE-2025-38068 - wifi: brcmfmac: fix use-after-free when rescheduling brcmfbtcoexinfo work CVE-2025-39863 - NFSD: Protect against send buffer overflow in NFSv2 READ CVE-2022-43945 - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. CVE-2025-40186 - can:...

CVE-2025-67364

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

GHSA-J893-M93W-JWJW fast-filesystem-mcp has a Path Traversal vulnerability

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

fast-filesystem-mcp has a Path Traversal vulnerability

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

CVE-2025-67364

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

CVE-2025-67364

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

CVE-2019-16176

A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem...

CVE-2025-1127

The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem...

PT-2026-1880

Name of the Vulnerable Software and Affected Versions fast-filesystem-mcp version 3.4.0 Description The software contains a path traversal issue in its file operation tools, including the fast read file function. This is due to insufficient path validation that does not resolve symbolic links to...

Filesystem MCP 安全漏洞

Filesystem MCP is a Sylphx open source MCP file system server. A security vulnerability exists in Filesystem MCP version 0.5.8, which stems from improper handling of symbolic links in the path validation mechanism, and could lead to bypassing directory restrictions and accessing unauthorized file...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000272)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000272 advisory. An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect isizewrite properly, which causes an isizeread infinite loop and denial o...

CVE-2025-67366

The CVE concerns @sylphxltd/filesystem-mcp v0.5.8, an MCP server, with a path traversal flaw in the read_content tool stemming from improper symlink handling. According to the description, resolvePath validates paths before resolving symlinks, while fs.readFile resolves symlinks during access, al...

CVE-2025-67364

fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fastreadfile. This vulnerability arises from improper path validation that fails to resolve symbolic links to their actual physical paths. The safePath and isPathAllowed...

CVE-2025-67366

@sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "readcontent" tool. This vulnerability arises from improper symlink handling in the path validation mechanism...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000452)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000452 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfsqueuework in...

Alibaba Cloud Linux 3 : 0003: container-tools:an8 (ALINUX3-SA-2026:0003)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0003 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-52881: runc is a CLI tool for spawning and...

PT-2026-1881

Name of the Vulnerable Software and Affected Versions @sylphxltd/filesystem-mcp version 0.5.8 Description @sylphxltd/filesystem-mcp version 0.5.8 contains a path traversal issue in the “read content” tool. The issue is due to improper symlink handling in the path validation mechanism. The...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000421)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000421 advisory. A flaw was found in the Linux kernels futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a...