NVIDIA KAI Scheduler 安全漏洞

NVIDIA KAI Scheduler is an AI-based computing task scheduling system developed by NVIDIA Corporation. There is a security vulnerability in NVIDIA KAI Scheduler, which stems from cross-namespace Pod references leading to improper authorization, potentially resulting in data tampering...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

PT-2026-33998

NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011151)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011151 advisory. In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pidnrns taskpidnrns ns = taskactivepidnscurrent %NASLMINLEVEL...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012986)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012986 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010880)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010880 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smcinit In smcinit,...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013275 advisory. net/netfilter/nfconntrackstandalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011032)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011032 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in allocns After changes in commit a1bd627b46d1 apparmor: share profile nam...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013085)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013085 advisory. In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pidnrns taskpidnrns ns = taskactivepidnscurrent %NASLMINLEVEL...

CVE-2026-3605

A flaw was found in Vault. An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write. This vulnerability can lead to a denial-of-service by allowing the deletion of critical data. It does not permit ...

CVE-2026-21726

A flaw was found in Loki. A remote attacker can exploit a path traversal vulnerability by using double encoding on the namespace parameter after a single URL decode. This allows the attacker to read arbitrary files at the Ruler API endpoint, leading to information disclosure...

SUSE CVE-2026-21726

The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/namespace Thanks to Prasanth Sundararajan for reporting this vulnerability...

CVE-2026-3605

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007411 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007512)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007512 advisory. In the Linux kernel, the following vulnerability has been resolved: ppp: associate skb with a device at tx Syzkaller triggered flow dissector warning with the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007381)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007381 advisory. In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pidnrns taskpidnrns ns = taskactivepidnscurrent %NASLMINLEVEL...

Linux Distros Unpatched Vulnerability : CVE-2026-21726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files ...

GHSA-CVQ5-HHX3-F99P Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Summary CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the configMap.namespace field accepts any namespace with zero validation, allowing a namespace...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the ConfigMap context loader due to missing validation of the namespace value. An attacker can access sensitive data from ConfigMaps in unauthorized namespaces by creating a policy that references another...

Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix)

Summary CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the configMap.namespace field accepts any namespace with zero validation, allowing a namespace...