CLEANSTART-2026-GZ35045 Security fixes for CVE-2024-36537, CVE-2025-47910, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2026-25518, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-gx3x-vq4p-mhhv, ghsa-hr2v-4r36-88hr, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2, ghsa-pjcq-xvwq-hhpj applied in versions: 2.4.0-r1, 2.4.0-r2, 2.4.0-r3

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: rancher-machine, apisix-ingress-controller, dex, chart-testing, aws-application-networking-k8s, s5cmd, grafana-operator, gcsfuse, gitsign, http-echo, cri-tools, sftpgo-plugin-pubsub, dbmate, amass, promxy, tailscale, kyverno-notation-aws, cert-exporter, kafkaexporter...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: rancher-machine, apisix-ingress-controller, dex, chart-testing, aws-application-networking-k8s, s5cmd, grafana-operator, gcsfuse, gitsign, http-echo, cri-tools, sftpgo-plugin-pubsub, dbmate, amass, promxy, tailscale, kyverno-notation-aws, cert-exporter, kafkaexporter...

CLEANSTART-2026-OL32822 Security fixes for CVE-2024-36537, CVE-2025-47910, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2026-25518, ghsa-gx3x-vq4p-mhhv applied in versions: 2.4.0-r1, 2.4.0-r2

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-dynamodb, crossplane-provider-keycloak, crossplane-provider-azure-authorization, docker, wal-g, pulumi-language-yaml, trufflehog, crossplane-provider-aws-iam, zot, gitsign, pulumi, kubevela, atlantis, crossplane-provider-aws-rds,...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-dynamodb, crossplane-provider-keycloak, crossplane-provider-azure-authorization, docker, wal-g, pulumi-language-yaml, trufflehog, crossplane-provider-aws-iam, zot, gitsign, pulumi, kubevela, atlantis, crossplane-provider-aws-rds,...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: sops, rancher-fleet-fips, gitlab-runner, flux-fips, argocd-image-updater, helm-diff-fips, chainctl, gptscript, crossplane-provider-aws-ecr, gitlab-operator-fips, grype, flux-notification-controller, hydra, pulumi-language-dotnet, crossplane-provider-aws-sqs-fips,...

CVE-2026-25518 vulnerabilities

Vulnerabilities for packages: mariadb-operator-fips, percona-server-mongodb-operator, cert-manager-csi-driver, cert-manager-openshift-routes-fips, cert-manager-webhook-pdns, gitlab-operator-fips, percona-xtradb-cluster-operator, cert-manager-webhook-pdns-fips, cert-manager-istio-csr-fips,...

CVE-2026-25518 vulnerabilities

Vulnerabilities for packages: cert-manager-webhook-pdns, mariadb-operator, cert-manager-cmctl, percona-server-mongodb-operator, aws-privateca-issuer, cert-manager-istio-csr, cert-manager-csi-driver, opentelemetry-operator, step-issuer...

GHSA-GX3X-VQ4P-MHHV vulnerabilities

Vulnerabilities for packages: cert-manager-webhook-pdns, mariadb-operator, cert-manager-cmctl, percona-server-mongodb-operator, aws-privateca-issuer, cert-manager-istio-csr, cert-manager-csi-driver, opentelemetry-operator, step-issuer...

GHSA-G9Q4-QJX4-2V7Q vulnerabilities

Vulnerabilities for packages: terraform-provider-pagerduty, aactl, aws-flb-kinesis, helm-set-status, kubernetes-dashboard-api, argo-cd, kube-arangodb, ferretdb, prometheus, xeol, k3s, redka, redis-operator, kubernetes-dashboard, flux-notification-controller, nerdctl, terraform, timoni,...

CVE-2025-61726 vulnerabilities

Vulnerabilities for packages: rancher-machine, crossplane-provider-aws-dynamodb, kubernetes-dashboard-api, rancher-system-agent, kapp-controller, ferretdb, kuma, dex, chart-testing, s5cmd, modelmesh-runtime-adapter, crossplane-provider-aws-iam, grafana-operator, manifest-tool,...

GHSA-XVQR-69V8-F3GV vulnerabilities

Vulnerabilities for packages: rancher-machine, docker, kapp-controller, dex, chart-testing, s5cmd, crossplane-provider-aws-iam, grafana-operator, http-echo, cri-tools, sftpgo-plugin-pubsub, cluster-api-gcp-controller, dbmate, amass, spegel, octo-sts, paranoia, rancher-telemetry,...

GHSA-CM6P-QC7V-M3JW vulnerabilities

Vulnerabilities for packages: rancher-machine, docker, kapp-controller, dex, chart-testing, s5cmd, crossplane-provider-aws-iam, grafana-operator, http-echo, cri-tools, sftpgo-plugin-pubsub, cluster-api-gcp-controller, dbmate, amass, spegel, octo-sts, paranoia, rancher-telemetry,...

GHSA-GM9R-Q53W-2GH4 vulnerabilities

Vulnerabilities for packages: rancher-machine, crossplane-provider-aws-dynamodb, kubernetes-dashboard-api, rancher-system-agent, kapp-controller, ferretdb, kuma, dex, chart-testing, s5cmd, modelmesh-runtime-adapter, crossplane-provider-aws-iam, grafana-operator, manifest-tool,...

GHSA-GR56-3GP6-6GMJ vulnerabilities

Vulnerabilities for packages: rancher-machine, crossplane-provider-aws-dynamodb, nri-rabbitmq, kubernetes-dashboard-api, rancher-system-agent, kapp-controller, ferretdb, kuma, ctop, dex, chart-testing, s5cmd, modelmesh-runtime-adapter, crossplane-provider-aws-iam, grafana-operator, manifest-tool,...

CLEANSTART-2026-OH86281 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CLEANSTART-2026-LL43287 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CLEANSTART-2026-EJ58111 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

CVE-2024-12401 vulnerabilities

Vulnerabilities for packages: cert-manager-webhook-pdns, cert-manager-cmctl, aws-privateca-issuer, cert-manager-istio-csr, cert-exporter, step-issuer...