5 matches found
CVE-2026-48529
GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...
CVE-2026-48529 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion
GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: apko, envoy-ratelimit, temporal, local-path-provisioner, smarter-device-manager, mariadb-operator, volume-modifier-for-k8s, goreleaser, rabbitmq-messaging-topology-operator, flux-operator, nova, secrets-store-csi-driver-provider-aws, external-secrets-operator, hubble...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, fluxcd-kustomize-mutating-webhook-fips, dkron, victoriametrics-cluster, oras, temporal, kube-logging-logging-operator, oras-fips, flux-source-controller, local-path-provisioner-fips, osv-scanner, flux-image-automation-controller-fips,...
CVE-2026-33810 vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, fluxcd-kustomize-mutating-webhook-fips, dkron, victoriametrics-cluster, oras, temporal, kube-logging-logging-operator, oras-fips, flux-source-controller, local-path-provisioner-fips, osv-scanner, flux-image-automation-controller-fips,...