CVE-2026-46303

A flaw was found in the Linux kernel's isofs filesystem. This vulnerability allows a local attacker, by mounting a specially crafted ISO image, to read data beyond the boundaries of the intended ISO 9660 volume. This out-of-bounds read could lead to information disclosure, potentially exposing...

EUVD-2026-38564

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: cifs: A connection leak occurs when the tlink setup fails. If the tlink setup fails and connections are lost, then the refcnt leak occurs due to the cifsd kthread not exiting. Additionally, fscache information is also leaked...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: The issue in parseapplysbmountoptions where string copying was corrected. strncpypad cannot be used to copy a non-NUL-terminated string into a NUL-terminated string of possibly larger size. Commit 0efc5990bca5 "string.h:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid journaling SB updates in case the journal destroys itself. Currently, we always encounter a BUGON issue when attempting to start a transaction on a journal marked with JBD2UNMOUNT, since this should never happen...

Astra Linux – Vulnerability in cifs-utils

It was discovered that cifs-utils’ mount.cifs function invoked a shell when requesting the Samba password, which could be exploited to inject arbitrary commands. An attacker who had special permissions, such as those through sudo rules, could use this vulnerability to escalate their privileges...

Astra Linux – Vulnerability in docker.io-app

BuildKit is a toolkit for converting source code into build artifacts in an efficient, expressive, and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could exploit a feature that removes empty files created for the mountpoints, causing the file to be removed from...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validates dbl2nbperpage during mounting In jfsdmap.c, on line 381, BLKTODMAP is used to obtain a logical block number within dbFree. dbl2nbperpage, which is the log2 of the number of blocks per page, is passed as an...

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app that used persistent directories could access and write files outside of its usual access rights, which constituted an attack on integrity and...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Fuse: Abort on fatal signal during sync init When sync init is used and the server exits for some reason e.g., error, crash, the filesystem creation will hang during the processing of FUSEINIT. The reason for this issue is that...

CVE-2026-47833

setupBpmLogs follows symlink for bpm.log open and chown — container-to-host privilege escalation via /etc/shadow. A compromised process inside a bpm container can cause root to chown an arbitrary host file to vcap and append bpm JSON log lines to it. The chown alone lets the attacker take ownersh...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

SUSE CVE-2026-41568

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...

PT-2026-50158

Name of the Vulnerable Software and Affected Versions Hugo versions 0.123.0 through 0.161.1 Description A regression in the virtual filesystem allows a symlink confinement bypass. The RootMappingFs.statRoot function calls Stat, which follows symlinks, instead of Lstat. This allows a direct lookup...

Linux Distros Unpatched Vulnerability : CVE-2026-41568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version...

Linux Distros Unpatched Vulnerability : CVE-2026-42306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version...

TYPO3 CMS: Destructive Actions on File Mount Folders

Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...

EUVD-2026-35392

TYPO3 CMS: Destructive Actions on File Mount Folders...