854 matches found
CVE-2026-63810
In the Linux kernel, the following vulnerability has been resolved: block: Avoid mounting the bdev pseudo-filesystem in userspace The bdev pseudo-filesystem is an internal kernel filesystem with which userspace should not interfere. Unregister it so that userspace cannot even attempt to mount it...
CVE-2026-14891 Nomad vulnerable to sandbox escape in Docker task driver
HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...
Nomad vulnerable to sandbox escape in Docker task driver
Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This...
Fedora 45 : cifs-utils (2026-90dbff48ca)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-90dbff48ca advisory. Automatic update for cifs-utils-7.6-2.fc45. Changelog Mon Jul 6 2026 Paulo Alcantara - 7.6-2 - cifs.upcall: fix regression with kerberos mounts - Resolves:...
DEBIAN-CVE-2026-58403
Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...
USN-8496-2 cifs-utils regression
USN-8496-1 fixed a vulnerability in cifs-utils. Unfortunately, the fix introduced a regression with Kerberos mounts. This update reverts the security update until a complete fix is available. We apologize for the inconvenience. Original advisory details: It was discovered that cifs-utils...
USN-8496-2: cifs-utils regression
USN-8496-1 fixed a vulnerability in cifs-utils. Unfortunately, the fix introduced a regression with Kerberos mounts. This update reverts the security update until a complete fix is available. We apologize for the inconvenience. Original advisory details: It was discovered that cifs-utils...
CVE-2026-53492 containerd CRI checkpoint restore CDI annotation smuggling
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...
CVE-2026-6556
@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths arrays of paths and regular expressions are left unprefixed inside prefixed plugin scopes, so middleware registered with those forms doe...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: erofs: fixed the UAF issue for file-backed mounts with the directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereadIter+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: erofs: Proper handling of the end of the filesystem is required for file-backed mounts. I/O requests that extend beyond the end of the filesystem should be set to zero, similar to the behavior of loopback devices. This is what we...
GHSA-C3WQ-J5VH-68RC Hugo: Symlink confinement bypass in os.ReadFile
Affected versions: v0.123.0 through v0.163.0. Earlier versions are not affected. Fixed in: v0.163.1. Severity: Medium. Requires the attacker to be able to place or convince a site author to place a symlink inside a mounted directory — for example, inside a locally-vendored theme under themes/...
PT-2026-51058
Name of the Vulnerable Software and Affected Versions containerd versions prior to 2.1.9 containerd versions prior to 2.2.5 containerd versions prior to 2.3.2 Description The CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image...
kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions
A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...
GHSA-3V8V-4WG6-R7QH TYPO3 CMS: Destructive Actions on File Mount Folders
Problem Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS,...
EUVD-2026-35392
TYPO3 CMS: Destructive Actions on File Mount Folders...
DEBIAN-CVE-2026-42306
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...
EUVD-2026-35399
TYPO3 CMS has Broken Access Control in Backend API...
CVE-2026-42306
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...
CVE-2026-47352
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...