CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

SUSE CVE•added 2026/01/14 12:24 a.m.•1 views

SUSE CVE-2026-22772

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

5.8CVSS7.2AI score0.00014EPSS

Exploits1References6

RedhatCVE•added 2026/01/13 10:52 p.m.•1 views

CVE-2026-22772

A flaw was found in Fulcio, a certificate authority for issuing code signing certificates. A remote attacker could exploit this by bypassing MetaIssuer URL validation due to unanchored regular expressions regex in the metaRegex function. This vulnerability could lead to Server-Side Request Forger...

5.8CVSS5.3AI score0.00014EPSS

Exploits1References5

OSV•added 2026/01/13 6:47 p.m.•1 views

GHSA-59JP-PJ84-45MR Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

Security Disclosure: SSRF via MetaIssuer Regex Bypass Summary Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. T...

5.8CVSS7AI score0.00014EPSS

Exploits1References4

Github Security Blog•added 2026/01/13 6:47 p.m.•8 views

Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

5.8CVSS7.1AI score0.00014EPSS

Exploits1References4Affected Software1

Tenable Nessus•added 2026/01/13 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses...

5.8CVSS7AI score0.00014EPSS

Exploits1References4

NVD•added 2026/01/12 9:15 p.m.•3 views

CVE-2026-22772

5.8CVSS0.00014EPSS

Exploits1References2

OSV•added 2026/01/12 9:15 p.m.•1 views

UBUNTU-CVE-2026-22772

5.8CVSS6.9AI score0.00014EPSS

Exploits1References4

UbuntuCve•added 2026/01/12 9:15 p.m.•2 views

CVE-2026-22772

5.8CVSS6.9AI score0.00014EPSS

Exploits1References3

CVE•added 2026/01/12 8:58 p.m.•16 views

CVE-2026-22772

Fulcio (OIDC code-signing CA) prior to 1.8.5 uses an unanchored regex in metaRegex(), allowing an attacker to bypass MetaIssuer URL validation and trigger Server-Side Request Forgery (SSRF) to internal services. The vulnerability can enable blind SSRF probes to internal networks or services reach...

5.8CVSS6.8AI score0.00014EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/01/12 8:58 p.m.•17 views

CVE-2026-22772 Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

5.8CVSS0.00014EPSS

Exploits1References2

Vulnrichment•added 2026/01/12 8:58 p.m.•4 views

CVE-2026-22772 Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

5.8CVSS6.8AI score0.00014EPSS

Exploits1References2

CNNVD•added 2026/01/12 12:0 a.m.•0 views

Fulcio 代码问题漏洞

Fulcio is a certificate authority open-sourced by sigstore. A code issue vulnerability exists in Fulcio versions prior to 1.8.5 that stems from the use of unanchored regular expressions for MetaIssuer URL validation, which could lead to bypassing validation and triggering a blind SSRF attack...

5.8CVSS6.7AI score0.00014EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by