CVE-2026-52926

A flaw was found in the Linux kernel's batman-adv module, which is responsible for managing mesh networks. When a mesh network is being shut down, the system fails to properly clear the active gateway information. This leaves outdated network configuration data, which can prevent the mesh network...

EUVD-2026-38797

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESHBEDLEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single...

CVE-2026-56111

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESHBEDLEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single...

CVE-2026-56111 Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESHBEDLEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single...

CVE-2026-56111

Marlin Firmware 2.1.2.7 with MESH_BED_LEVELING enabled is affected. The vulnerability is an out-of-bounds write in the M421 G-code handler that allows an attacker-controlled 32-bit float value to be written past the z_values array bounds by providing crafted X/Y grid indices. This can corrupt adj...

UBUNTU-CVE-2026-52926

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadvgwnodefree removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup...

UBUNTU-CVE-2026-52913

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

EUVD-2026-38729

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadvgwnodefree removes the gateway list entries during mesh teardown, but it does not clear the currently selected gateway. This leaves stale gateway state behind across cleanup...

CVE-2026-52926

The CVE concerns batman-adv in the Linux kernel. During mesh teardown, batadv_gw_node_free() removes gateway list entries but fails to clear the currently selected gateway, leaving stale gateway state that can break a later mesh recreation. The remediation is to clear bat_priv->gw.curr_gw befo...

EUVD-2026-38716

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

CVE-2026-52913

The CVE-2026-52913 issue affects the Linux kernel batman-adv subsystem where, after a batadv_hard_iface is disabled and its mesh_iface becomes NULL, batadv_v_ogm_send_meshif() can still queue OGMs via batadv_v_ogm_queue_on_if() for interfaces that lost their mesh_iface. This leads to a NULL point...

EUVD-2026-38453

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authentication bypass vulnerability that allows unauthenticated attackers to gain administrative access by exploiting a hardcoded AES-256 key used to encrypt session cookies for the web management interface. Attackers can for...

CVE-2026-53488 vulnerabilities

Vulnerabilities for packages: chainctl-fips, envoy-gateway-fips, kube-arangodb-fips, tigera-operator, chainctl, grype, kube-mgmt, kargo, helm-operator, kube-arangodb, headlamp, skaffold-fips, kubescape-server-fips, docker-cli-buildx-fips, steampipe, chaos-mesh-fips, trivy-operator, helmfile,...

GHSA-JPCC-P29G-P8MQ vulnerabilities

Vulnerabilities for packages: chainctl-fips, envoy-gateway-fips, kube-arangodb-fips, tigera-operator, chainctl, grype, kube-mgmt, kargo, helm-operator, kube-arangodb, headlamp, skaffold-fips, kubescape-server-fips, docker-cli-buildx-fips, steampipe, chaos-mesh-fips, trivy-operator, helmfile,...

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: chainctl-fips, envoy-gateway-fips, kube-arangodb-fips, tigera-operator, chainctl, grype, kube-mgmt, kargo, helm-operator, kube-arangodb, headlamp, skaffold-fips, kubescape-server-fips, docker-cli-buildx-fips, steampipe, chaos-mesh-fips, trivy-operator, helmfile,...

CVE-2026-47262 vulnerabilities

Vulnerabilities for packages: chainctl-fips, envoy-gateway-fips, kube-arangodb-fips, tigera-operator, chainctl, grype, kube-mgmt, kargo, helm-operator, kube-arangodb, headlamp, skaffold-fips, kubescape-server-fips, docker-cli-buildx-fips, steampipe, chaos-mesh-fips, trivy-operator, helmfile,...

SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2450-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2450-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263:...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: mesh: Fixed a leak of meshpreqqueue objects The hwmp code uses objects of type meshpreqqueue, which are added to a list in ieee80211ifmesh to track mpath. We need to fix this issue. If the mpath is deleted, the ex...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: fixed a crash in setmeshsync and setmeshcomplete. There is a bug: KASAN: a stack-out-of-bounds issue in setmeshsync, caused by memcpy from a poorly declared on-stack flexible array. Another crash occurs in...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Cancel the mesh send timer when the hdev is removed The meshsenddone timer is not canceled when the hdev is removed, which can cause a crash if the timer triggers after the hdev is gone. Cancel the timer when...