EUVD-2026-36255

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7461-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7461-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

EUVD-2026-36113

Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate's VCSRESTRICTPRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

FreeBSD-SA-26:29.ip6_multicast

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:29.ip6multicast Security Advisory The FreeBSD Project Topic: Use-after-free bug in the IPV6MSFILTER socket option handler Category: core Module: ip6multicast...

CVE-2026-49494

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value taken from the IPv6 fixed header's payload length field by the size of each IPv6 extension header without validating it, so...

CVE-2026-49494 Comodo Internet Security Inspect.sys IPv6 Integer Underflow Remote Denial of Service

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value taken from the IPv6 fixed header's payload length field by the size of each IPv6 extension header without validating it, so...

CVE-2026-8369

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options...

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

CVE-2026-47674

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

CVE-2026-47674

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware hono/ip-restriction compares incoming IP addresses against configured deny and allow rules using string equality after partial normalization. Non-canonical IPv6...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

CVE-2026-46172

In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6rcvencap xfrm6rcvencap performs an IPv6 route lookup when the skb does not already have a dst attached. ip6routeinputlookup returns a referenced dst entry even when the lookup resolves to...

CVE-2026-45850

A flaw was found in the Linux kernel's IP Virtual Server IPVS component. A remote attacker could send specially crafted IPv6 packets with extension headers, causing the system to fail protocol checksum validation. This could lead to incorrect packet processing or a denial of service DoS, impactin...

Better Auth 安全漏洞

Better Auth is an open-source TypeScript framework for authentication. Versions of Better Auth prior to 1.4.17 and 1.5.0-beta.9 contained security vulnerabilities. These vulnerabilities stemmed from the HTTP rate limiter, which keyed each request based on the exact text IP address in the...

CVE-2026-45850 ipvs: skip ipv6 extension headers for csum checks

In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers before the protocol header. iph-len already contains its offset, so use it to fix the problem...

PT-2026-43967

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Linux kernel network subsystem. The functions seg6 input core and rpl input call ip6 route input, which assigns a NOREF destination dst to the socket...

RLSA-2026:13671 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score,...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

The IPv6 implementation in the Linux kernel before version 6.3 has a maxsize threshold in the net/ipv6/route.c file that can be easily exceeded. This can lead to a denial of service condition, where the network becomes unreachable, resulting in errors when IPv6 packets are sent through a raw sock...