54 matches found
undici: Undici: Information disclosure due to improper cache-control header parsing
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...
PT-2026-54774
Name of the Vulnerable Software and Affected Versions Centrifugo affected versions not specified Description Centrifugo contains a cross-tenant JWT authentication bypass when using dynamic JWKS JSON Web Key Set endpoints. The issue occurs because the JWKS cache and singleflight lookup are keyed...
PYSEC-2026-390 LiteLLM: Authentication bypass via OIDC userinfo cache key collision
Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...
CVE-2026-9678
A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...
Linux Distros Unpatched Vulnerability : CVE-2026-48096
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can...
EUVD-2026-36061
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning...
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning
Description In OpenFGA, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. Preconditions This applies if the following preconditions are present: - FGA runs with...
CVE-2026-48096
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...
PT-2026-48462
Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.16.0 Description When iterator caching is enabled, specifically with SharedIteratorCache and ListObjectsIteratorCache, two distinct check requests can produce the same cache key. This causes the system to reuse a...
CVE-2026-39972
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...
CVE-2026-44552
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...
CVE-2026-44552
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the toolservers and terminalservers keys in utils/tools.py do use a prefix. When two or more Open WebUI instances share a Redis database a supported and documented deployment pattern...
CVE-2026-30246
Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...
CVE-2026-41131
A flaw was found in OpenFGA, an authorization and permission engine. When certain authorization models use conditions with caching enabled, the system can incorrectly generate the same cache key for different requests. This error causes OpenFGA to reuse an outdated authorization decision,...
CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation
HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...
CVE-2026-6729
CVE-2026-6729 concerns HKUDS OpenHarness before PR #159, where a session key derivation flaw allows authenticated participants in shared chats/threads to hijack other users’ sessions by exploiting a shared ohmo session key without sender identity verification. This enables reuse of another user’s...
CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation
HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...
CVE-2026-39972
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...
EUVD-2026-20967
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...
CVE-2026-39972
Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...