Lucene search
+L

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/16 1:57 a.m.17 views

CVE-2026-44592

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.31 views

CVE-2026-44592

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:39 p.m.58 views

CVE-2026-44592 Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 6:39 p.m.29 views

EUVD-2026-30365

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:39 p.m.3 views

CVE-2026-44592 Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS6.1AI score0.00157EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 6:39 p.m.29 views

CVE-2026-44592

Gradient is a nix-based CI system. In version 1.1.0, when GRADIENT_DISCOVERABLE=true (default), an unauthenticated actor that can reach /proto can register as a worker using a fresh UUID. The resulting session is PeerAuth::Open, allowing access to jobs from any organization, and can immediately N...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41018

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT DISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...

9.4CVSS5.9AI score0.00157EPSS
Exploits0References2
Rows per page
Query Builder