EUVD-2026-39856

In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...

CVE-2026-53321

CVE-2026-53321 : In the Linux kernel, the io_uring/napi path was missing a cap on the maximum polling time when no events are found. The issue arises from napi potentially polling for longer than reasonable times, leading to task stagnation without conditional rescheduling. A fix caps the total b...

EUVD-2026-39343

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

CVE-2026-53138

The CVE affects the Linux kernel’s drm/amd/display path. A malformed VBIOS image could cause unbounded iteration during probe due to for(;;) record-chain walks in bios_parser.c/bios_parser2.c, terminating only on a 0xFF sentinel or a zero record_size. In worst cases, this could loop hundreds of t...

CVE-2026-53075

In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...

CVE-2026-53075 ppp: require CAP_NET_ADMIN in target netns for unattached ioctls

In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...

CVE-2026-53075

The CVE-2026-53075 issue affects the Linux kernel PPP subsystem. A local unprivileged user can create a new user namespace (CLONE_NEWUSER), obtain CAP_NET_ADMIN only in that namespace, and still perform unattached PPP administrative IOCTLs (PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) against an i...

CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

CVE-2026-56280

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

CVE-2026-56221

Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can injec...

CVE-2026-56280 Cap-go - Privilege Inversion in Build Log Stream via SSE Disconnect

Cap-go before 12.128.2 contains a privilege inversion vulnerability in GET /build/logs/:jobId that allows read-only API key holders to cancel running native builds. The endpoint registers an abort listener on the SSE stream that unconditionally invokes cancelBuildOnDisconnect using the privileged...

CVE-2026-56280

Cap-go contains a privilege inversion in the /build/logs/:jobId SSE handling prior to version 12.128.2. An abort listener on the SSE stream unconditionally calls cancelBuildOnDisconnect() using the server-side BUILDER_API_KEY, bypassing the app.build_native permission check required by POST /buil...

CVE-2026-56221 Cap-go - SQL Injection in Cloudflare Analytics Engine Queries via cloudflare.ts

Cap-go before 12.128.2 contains multiple SQL injection vulnerabilities in cloudflare.ts where user-controlled values from API request bodies are interpolated directly into SQL query strings without sanitization or parameterization. Authenticated users with read-level API key permissions can injec...

CVE-2026-56316

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to...

CVE-2026-56316

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to...

CVE-2026-56316

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs by observing response discrepancies. Attackers can probe without authentication to distinguish valid job ...

CVE-2026-56316 Cap-go - Job Existence Oracle via Unauthenticated OPTIONS /build/upload/:jobId/*

Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/ endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers can probe the endpoint without authentication to...

CVE-2026-56307 Cap-go - Broken Cursor Pagination in /private/devices Endpoint

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

CVE-2026-56307

Cap-go before 12.128.12 has a broken cursor pagination vulnerability in the /private/devices endpoint of the Cloudflare/workerd path. Authenticated attackers with app.read_devices can exploit non-advancing cursor filters to trigger infinite pagination loops, causing duplicate pages and making lat...

PT-2026-51149

Name of the Vulnerable Software and Affected Versions capgo versions prior to 12.128.2 Description An authorization bypass exists in several Supabase PostgREST RPC functions: get app metrics, get global metrics, and get total metrics. These functions are granted to the anon role without enforcing...