CVE-2026-43391 nsfs: tighten permission checks for handle opening

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

CVE-2026-43391

In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use mayseeallnamespaces helper...

CVE-2026-43390

The CVE-2026-43390 issue affects the Linux kernel nstree component, where listing permissions were tightened so that even privileged services may not be allowed to view other privileged namespaces. The root cause is insufficient information isolation between namespaces; the kernel now uses may_se...

i18next-http-middleware 路径遍历漏洞

i18next-http-middleware is an open-source HTTP internationalization middleware for Node.js and Deno by i18next. Versions of i18next-http-middleware prior to version 3.9.3 contained a path traversal vulnerability. This vulnerability stemmed from the lack of cleaning user-controlled lng and ns...

PT-2026-39052

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nsfs component where permission checks for handle opening are insufficiently restrictive. This allows privileged services to potentially see namespaces of other...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from lax permission checks for the nstree function. This vulnerability could allow privileged services...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of the unsharefs function in the unshare component when combined with CLONENEWN...

PT-2026-39064

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Insufficient permission checks in the nsfs namespace filesystem for namespace iteration ioctls allow privileged services to potentially see namespaces of other privileged services, which...

i18next-locize-backend 路径遍历漏洞

i18next-locize-backend is an open-source plugin for internationalization resource loading and key storage by locize. Versions of i18next-locize-backend prior to 9.0.2 had a path traversal vulnerability. This vulnerability arises from directly inserting lng, ns, projectId, and version into the URL...

Linux Distros Unpatched Vulnerability : CVE-2026-43403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so...

Linux Distros Unpatched Vulnerability : CVE-2026-43472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unshare: fix unsharefs handling There's an unpleasant corner case in unshare2, when we have a CLONENEWNS in flags and current-fs hadn't been shared at all; in...

PT-2026-39051

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nstree component where permission checks for listing are insufficient. This allows privileged services to potentially see namespaces of other privileged services,...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from lax permission checks for the nsfs mechanism. This vulnerability could allow privileged services ...

PT-2026-39231

Name of the Vulnerable Software and Affected Versions External Secrets Operator versions prior to 2.4.1 Description A user with permissions to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes automatically populates with a long-lived token for a specified...

i18next-fs-backend 路径遍历漏洞

i18next-fs-backend is an open-source backend layer developed by i18next for Node.js and Deno environments. It is used to load translation resources from the file system. Versions of i18next-fs-backend prior to 2.6.4 contained a path traversal vulnerability. This vulnerability arises from directly...

EUVD-2026-28438

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

CVE-2026-41691 i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

CVE-2026-41691 i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

Copilot said: i18nextify is a JavaScript library that adds i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL templat...

CVE-2026-41691

CVE-2026-41691 affects the i18next-http-backend package. Prior to version 3.0.5, the code interpolated the languages (lng) and namespaces (ns) into loadPath/addPath URL templates without proper encoding or sanitisation, allowing an attacker-controlled language input to alter URL structure and per...

ShellHub has cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership check

Summary GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own tenant scope. The handler conditionally skips the...