CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

RedhatCVE•added 2026/04/30 8:48 p.m.•2 views

CVE-2026-40557

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...

4.8CVSS5.2AI score0.0013EPSS

Exploits0References1

OSV•added 2026/04/27 3:30 p.m.•1 views

GHSA-82FM-WPC2-5PMP Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade

4.8CVSS5.8AI score0.0013EPSS

Exploits0References4

Github Security Blog•added 2026/04/27 3:30 p.m.•3 views

Apache Storm Prometheus Reporter vulnerable to Improper Certificate Validation via Global SSL Context Downgrade

4.8CVSS5.8AI score0.0013EPSS

Exploits0References4Affected Software1

NVD•added 2026/04/27 2:16 p.m.•0 views

CVE-2026-40557

4.8CVSS0.0013EPSS

Exploits0References2

Vulnrichment•added 2026/04/27 1:12 p.m.•0 views

CVE-2026-40557 Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections

5.1AI score0.0013EPSS

Exploits0References1

EUVD•added 2026/04/27 1:12 p.m.•0 views

EUVD-2026-25846

5.1AI score0.0013EPSS

Exploits0References1

CVE•added 2026/04/27 1:12 p.m.•12 views

CVE-2026-40557

Summary: CVE-2026-40557 affects Apache Storm Prometheus Reporter (versions 2.6.3–2.8.6). The issue stems from PrometheusPreparableReporter implementing an INSECURE_TRUST_MANAGER and, when storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validation is enabled, triggering SSLContext.setDefa...

4.8CVSS5.2AI score0.0013EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/27 1:12 p.m.•26 views

CVE-2026-40557 Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections

0.0013EPSS

Exploits0References1

Positive Technologies•added 2026/04/27 12:0 a.m.•2 views

PT-2026-35413

5.1AI score0.0013EPSS

Exploits0References5

CNNVD•added 2026/04/27 12:0 a.m.•4 views

Apache Storm Prometheus Reporter 信任管理问题漏洞

Apache Storm Prometheus Reporter is a monitoring component developed by the Apache Foundation that converts metrics from distributed stream processing systems into Prometheus format. Versions 2.6.3 to 2.8.6 of Apache Storm Prometheus Reporter contain vulnerabilities related to trust management...

4.8CVSS5.8AI score0.0013EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by