FlexRIC security vulnerabilities

FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. Version FlexRIC v2.0.0 contains a security vulnerability. This vulnerability arises from the fact that when the lookup function returns NULL, the assert function during debugging builds triggers a SIGABRT, or in release...

SUSE CVE-2026-46026

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...

CVE-2026-45983

A flaw was found in the Linux kernel's Network File System version 4 NFSv4 daemon nfsd. When processing NFSv4 requests, delayed responses from idmap lookups can cause requests to be dropped. This issue prevents the session slot from being properly cleared, leading to subsequent client requests...

CVE-2026-46099

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to dstcachesetip6 invoking dsthold unconditionally. On PREEMPTRT, ksoftirqd is...

CVE-2026-46026

The CVE-2026-46026 issue affects Linux kernel net: qrtr: ns, where the code previously did not bound the number of lookups a client could perform. A malicious local client could flood NEW_LOOKUP messages on the same socket despite local restrictions. The fix limits the maximum lookups to 64 globa...

CVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookups

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from issues with seg6 and rpl lwtunnels when handling NOREF dst; these vulnerabilities allow concurren...

CVE-2026-46026

net: qrtr: ns: Limit the maximum number of lookups...

PT-2026-43893

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description The net:qrtr:ns component lacks bound checking on the number of lookups a client can perform. A malicious local client could...

CVE-2026-47728 Bugsink: Project scoping missing in sourcemap and debug-file lookup

Bugsink is a self-hosted error tracking tool. Prior to 2.2.0, Bugsink resolved sourcemaps and debug files by debug ID without scoping that lookup to the project that owned the uploaded metadata. An authenticated user with access to one project could cause event processing in that project to use...

Unity Linux 20.1070e Security Update: mx4j (UTSA-2026-016744)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016744 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Unity Linux 20.1070e Security Update: jgroups (UTSA-2026-016713)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016713 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: datanucleus-rdbms (UTSA-2026-016721)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016721 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1060e / 20.1070e Security Update: avalon-logkit (UTSA-2026-016681)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016681 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1060e / 20.1070e Security Update: mybatis (UTSA-2026-016669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016669 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1060e / 20.1070e Security Update: avalon-framework (UTSA-2026-016685)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016685 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016696)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016696 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016702)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016702 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1070e Security Update: HikariCP (UTSA-2026-016726)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016726 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1060e / 20.1070e Security Update: wildfly-elytron (UTSA-2026-016677)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016677 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...