CVE-2026-42856 Network-AI: Missing authentication on MCP HTTP endpoint allows unauthenticated privileged tool calls

Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and dispatches them directly to the orchestrator's tool registry. The default bind address is 0.0.0.0. ...

RHSA-2026:15890 Red Hat Security Advisory: bind security update

Bulletin has no description...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

Unity Linux 20.1060e / 20.1070e Security Update: bind (UTSA-2026-017654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017654 advisory. In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release...

RHEL 8 : bind (RHSA-2026:16060)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16060 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

Unity Linux 20.1060e / 20.1070e Security Update: bind (UTSA-2026-017660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017660 advisory. In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND 9 Supported Preview Edition, as...

Unity Linux 20.1060e / 20.1070e Security Update: bind (UTSA-2026-017490)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017490 advisory. In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versio...

RHEL 8 : bind (RHSA-2026:16064)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:16064 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

RHEL 8 : bind (RHSA-2026:15890)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:15890 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named %NASLMINLEVEL...

Unity Linux 20.1060e / 20.1070e Security Update: bind (UTSA-2026-017624)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017624 advisory. BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default setting...

SUSE CVE-2026-43138

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppre...

CVE-2026-43422

A flaw was found in the Linux kernel's USB legacy NCM Network Control Model driver. This vulnerability occurs due to a NULL pointer dereference in the gncmbind function, where the driver attempts to access a network device netdevice before it has been fully initialized. An attacker could...

CVE-2026-42302

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...

GHSA-2R4P-JPMG-48F4 Open WebUI has an LDAP Empty Password Authentication Bypass

LDAP Empty Password Authentication Bypass Affected Component LDAP authentication endpoint: - backend/openwebui/routers/auths.py lines 468-477, user bind with empty password - backend/openwebui/models/auths.py lines 58-60, LdapForm model Affected Versions Current main branch commit 6fdd19bf1 and...

EUVD-2026-28728

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

UBUNTU-CVE-2026-43422

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

UBUNTU-CVE-2026-43421

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

CVE-2026-43422 usb: legacy: ncm: Fix NPE in gncm_bind

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncmbind Commit 56a512a9b410 "usb: gadget: fncm: align netdevice lifecycle with bind/unbind" deferred the allocation of the netdevice. This change leads to a NULL pointer dereference in the legacy NCM...

CVE-2026-43422

In CVE-2026-43422, the Linux kernel USB legacy NCM driver had a NULL pointer dereference in gncm_bind caused by deferring net_device allocation. The fix defers allocation until later in the binding process and stores qmult, host_addr, and dev_addr into ncm_opts->net_opts during gncm_bind so th...