GHSA-QQCJ-RGHW-829X Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

EUVD-2026-11304

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017726 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

Unity Linux 20.1060e / 20.1070e Security Update: xterm (UTSA-2026-017637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017637 advisory. xterm before Patch 366 allows remote attackers to execute arbitrary code or cause a denial of service segmentation fault via a crafted UTF-8 combining character...

Unity Linux 20.1070e Security Update: jetty (UTSA-2026-017674)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017674 advisory. In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017439 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

Unity Linux 20.1060e / 20.1070e Security Update: fetchmail (UTSA-2026-017438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017438 advisory. Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. Tenable has extracted...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pygments (UTSA-2026-017493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017493 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponentia...

Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017430)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017430 advisory. The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The obje...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017789)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017789 advisory. HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

Unity Linux 20.1060e / 20.1070e Security Update: aspell (UTSA-2026-017553)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017553 advisory. libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. Tenable has...

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017532 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into...

Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017619 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017598 advisory. There are 4 places in HistogramCompare in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values...

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017509)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017509 advisory. A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017471 advisory. The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. Tenable has extracted the preceding...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-actionpack (UTSA-2026-017586)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017586 advisory. A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted...

Unity Linux 20.1070e Security Update: ImageMagick (UTSA-2026-017464)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017464 advisory. ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and...

Unity Linux 20.1060e / 20.1070e Security Update: libsndfile (UTSA-2026-017615)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017615 advisory. A heap buffer overflow vulnerability in msadpcmdecodeblock of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. Tenable has...