GHSA-33VJ-92QQ-66HC containerd CRI checkpoint restore CDI annotation smuggling

Impact containerd's CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a checkpoint, containerd preserves CDI-related annotations from the checkpoint archive...

GHSA-RGH6-RFWX-V388 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...

GHSA-CVXM-645Q-P574 containerd: CRI checkpoint import allows local image tag poisoning

Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious...

Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind

Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Revert “f2fs: block cache/dio write during f2fsenablecheckpoint”. This revert commits 196c81fdd438f7ac429d5639090a9816abb9760a. The original patch might cause a deadlock; revert it. write remount - writebegin - lockpage --- lock ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: jbd2: Prevent softlockup in jbd2logdocheckpoint. Both jbd2logdocheckpoint and jbd2journalshrinkcheckpointlist periodically release the jlistlock after processing a batch of buffers to avoid long hold times on the jlistlock...

PT-2026-50900

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.3.2 containerd versions prior to 2.2.5 containerd versions prior to 2.1.9 containerd versions prior to 2.0.10 containerd versions prior to 1.7.33 Description The CRI checkpoint import process fails to validate...

PT-2026-51057

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description A bug in the CRI plugin allows the restoration of container.log from a checkpoint image without validating a symlinked path...

PT-2026-51058

Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description The CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image...

CVE-2026-47750

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode...

CVE-2026-47747

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode...

CVE-2026-48775

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct Python objects from JSON checkpoint payloads. Under conditions where someone could modify...

CVE-2026-47748

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing. The pickle .ckpt...

CVE-2026-47749

stable-diffusion.cpp is a pure C/C++ library for running diffusion model Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORTBINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...

CVE-2026-47750

The CVE-2026-47750 issue affects stable-diffusion.cpp in its pickle (.ckpt) parser (src/model.cpp). A heap buffer overflow occurs in the GLOBAL opcode handler due to missing validation while locating newline-delimited fields; a crafted .ckpt from an untrusted source can cause the parser to copy w...

CVE-2026-48775

LangGraph SQLite Checkpoint (JsonPlusSerializer) is vulnerable in 4.1.0 and earlier due to unsafe deserialization of JSON checkpoint payloads. If an unauthorized party can modify checkpoint bytes at rest in the backing store, the deserialization path could reconstruct objects beyond what the appl...

CVE-2026-47749

The CVE-2026-47749 entry concerns stable-diffusion.cpp, a C/C++ library for diffusion-model inference. A flaw in the pickle .ckpt parser (src/model.cpp) allows a heap buffer overflow in SHORT_BINUNICODE handling due to sign confusion on the opcode length field. A crafted untrusted .ckpt file coul...

CVE-2026-47748

CVE-2026-47748 affects stable-diffusion.cpp (C/C++ library) prior to master-584-0a7ae07. The root cause is out-of-bounds reads in the PyTorch checkpoint pickle opcode parsing in src/model.cpp, where the parser sometimes advances buffer positions without validating remaining input, allowing reads ...

Check Point Quantum Gateway - Information Disclosure

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. id: CVE-2024-24919 info: name: Check Poi...

GHSA-98XF-R82G-9MHX LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...