RockyLinux 10 : skopeo (RLSA-2026:19031)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19031 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

CC-Tweaked has an SSRF Protection Bypass with NAT64

Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...

golang security update

An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

RLSA-2026:19135 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to...

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

RockyLinux 10 : buildah (RLSA-2026:19032)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19032 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

CVE-2026-45364

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

CVE-2026-45364 Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

EUVD-2026-33073

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it received in x-forwarded-for or the configured IP-bearing header. IPv6 clients controlling a typical /6...

CVE-2026-47336

Ubuntu Linux 6.8 is affected by a SAUCE patch issue in AppArmor AF_INET/AF_INET6 socket mediation code due to an uninitialized variable, exploitable by an unprivileged local user and potentially causing incorrect fine-grained mediation of network sockets. The CVE description and related documents...

CVE-2026-47336 Use of uninitialized value in Ubuntu Linux AppArmor IPv4/IPv6 socket mediation rules

Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AFINET/AFINET6 socket mediation code. The bug can be triggered by an unprivileged local user and could result in incorrect fine-grained mediation of network sockets...

CVE-2026-45373 CodeWhale: SSRF‌ IPV6 bypass

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in‌‌ URL‌ as http://::1, the SSRF defenses do not work. This vulnerability is fixed in 0.8.26...

CVE-2026-45373

CodeWhale: SSRF bypass in DeepSeek-TUI (CodeWhale via DeepSeek + MiMo) allows http://[::1] to bypass hostname validation prior to 0.8.26. The vulnerability stems from SSRF defenses not handling IPv6 literals correctly, enabling access to internal resources. Affected version is before 0.8.26; reme...

CVE-2026-48688

A flaw was found in FastNetMon Community Edition. Multiple out-of-bounds read vulnerabilities exist within the BGP MPREACHNLRI IPv6 attribute decoder. A remote attacker could exploit these flaws by sending specially crafted BGP messages, which could lead to information disclosure or a denial of...

EUVD-2026-32799

In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6rcvencap xfrm6rcvencap performs an IPv6 route lookup when the skb does not already have a dst attached. ip6routeinputlookup returns a referenced dst entry even when the lookup resolves to...

CVE-2026-46099

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to dstcachesetip6 invoking dsthold unconditionally. On PREEMPTRT, ksoftirqd is...

RockyLinux 10 : image-builder (RLSA-2026:13642)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:13642 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 Tenable has extracted the preceding description block directly from the RockyLinux...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: fib6rules: avoided possible NULL dereferencing in fib6ruleaction syzbot is capable of triggering a crash 1, caused by the unsafe use of ip6dstidev. Indeed, ip6dstidev can return NULL, and it must always be checked.1 Oops...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Use the appropriate destructor for IPv6. Previously, only the destructor from the TCP request sock in IPv4 was called, even if the subflow was IPv6. It is important to use the correct destructor to avoid memory leaks with...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket The Dst objects are leaked in ip6negativeadvice, when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that...