GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

Why Encrypted File Sharing Is Essential for Modern Businesses

Consider the history of any recent corporate scandal, and it is quite possible to guess what the story…...

CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

8.19.16, 9.3.5 Security Update (ESA-2026-33)

Operation on a Resource after Expiration or Termination in Kibana Leading to Unauthorized File Access Operation on a Resource after Expiration or Termination CWE-672 in Kibana can lead to unauthorized information disclosure. A logic error in how expiration timestamps were validated allowed a...

Gladinet Triofox 安全漏洞

Gladinet Triofox is an enterprise file sharing and remote access platform developed by the American company Gladinet. There is a security vulnerability in Gladinet Triofox, which stems from the WOSSysInfoGetDeviceInterface function returning a null pointer without proper checking. This could lead...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: cifs: fixed the session state check when reconnecting to avoid a use-after-free issue. Do not collect the exiting session in smb2reconnectserver; this session will be released soon. Note that the exiting session will remain in...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow issue while processing the closetimeo mount option. The user-provided closetimeo mount parameter, of type u32, is intended to have an upper limit. However, before this limit is validated, the value...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow issue while processing the acregmax mount option. The user-provided mount parameter acregmax, of type u32, is intended to have an upper limit. However, before this value is validated, it is convert...

Authorization bypass in approval feature allows unauthorized file sharing with approvers

None...

PT-2026-40332

Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and password to skip the second-factor authentication TOTP requirement entirely. Although, an attacker...

CVE-2026-43215

The CVE-2026-43215 issue affects the Linux kernel CIFS implementation: the code used cifs_tcp_ses_lock to guard tcon fields, but this lock protected more than intended. The patch introduces more granular locking (tc_lock) within tcon-related structures (in addition to srv_lock and ses_lock) to re...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed UAF in smb2reconnectserver The UAF bug occurs because smb2reconnectserver accesses a session that is already being torn down by another thread that is executing cifsputsmbses. This can happen when a the clie...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to cifssfumakenode without checks, which passes it unchecked to cifsstrnduptoutf16, which in turn passes ...

Astra Linux - уязвимость в linux-5.15, linux-6.1

A flaw was discovered in the handling of SMB2 read requests within the kernel’s ksmbd module. The issue arises due to the lack of proper validation of user-provided data, which can lead to reading data beyond the end of an allocated buffer. An attacker can exploit this vulnerability to disclose...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. Reproducer: mount.cifs -o ...,seal,esize=1 //srv/share /mnt dd if=/mnt/largefile...

CVE-2026-31710

CVE-2026-31710 — Linux kernel CIFS SMB1 UNIX mounts: A fix addresses incorrect dir separators caused by not updating @cifs_sb->mnt_cifs_flags after reset_cifs_unix_caps() when mounting SMB1 UNIX shares. The root cause is that the POSIX ACLs/paths flags (CIFS_MOUNT_POSIXACL, CIFS_MOUNT_POSIX_PA...

CVE-2026-31693

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

EUVD-2026-26367

In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify the start of the code where a request can be replayed if necessary. However, some of these places were missing the necessary...

Linux Distros Unpatched Vulnerability : CVE-2026-31476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: do not expire session on binding failure When a multichannel session binding request fails e.g. wrong password, the error path unconditionally sets...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011392)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011392 advisory. A use-after-free flaw was found in smb2isstatusiotimeout in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local...