CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...

CVE-2026-33726

CVE-2026-33726 is linked to a Cilium L7 proxy issue where Kubernetes NetworkPolicies are bypassed for same-node traffic to L7 services with a local backend when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Affected: Cilium 1.19.x (v1.19.0–v1.19.1), 1.18.x (v1.18.0–v1.18.7), a...

flannel 命令注入漏洞

Flannel is an open-source Kubernetes cluster networking solution developed by flannel-io. Versions of Flannel prior to 0.28.2 contained a command injection vulnerability. This vulnerability originated from the experimental Extension backend. Attackers could exploit this vulnerability by setting u...

Important: nodejs20

Issue Overview: A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be...

PT-2026-28604

Name of the Vulnerable Software and Affected Versions Zebra versions prior to 4.3.0 Description A flaw exists in Zebra’s transaction processing logic that allows a remote, unauthenticated attacker to cause a Zebra node to crash. This is triggered by sending a specially crafted V5 transaction that...

PT-2026-28434

Name of the Vulnerable Software and Affected Versions Flannel versions prior to 0.28.2 Description Flannel, a network fabric for containers designed for Kubernetes, contains a command injection issue in its experimental Extension backend. An attacker who can set Kubernetes Node annotations can...

Linux Distros Unpatched Vulnerability : CVE-2026-33532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior...

CVE-2026-0748

A flaw was found in the Drupal 7 Internationalization i18n module, specifically within its i18nnode submodule. A user possessing both "Translate content" and "Administer content translations" permissions can exploit this vulnerability. By utilizing the translation user interface UI and its...

CVE-2026-33713

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vulnerability in the Data Table Get node. On default SQLite DB, single statements can be manipulate...

CVE-2026-33696

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollution vulnerability in the XML and the GSuiteAdmin nodes. By supplying a crafted parameters as part...

CVE-2026-33660

n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Combine by SQL" mode to read local files on the n8n host and achieve remote code execution. The AlaSQ...

CVE-2026-0748

In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

Improper Certificate Validation

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCertificateChain function. An attacker can gain...

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1135 more potentially affected by CVE-2026-33896 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.35.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33896 Source advisory: SNYK:JS-NODEFORGE-15789771...

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33896 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33896 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789772...

Improper Certificate Validation

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCertificateChain function. An attacker can gain unauthorized certificate authority capabilities by presenting a certificate chain where ...

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1135 more potentially affected by CVE-2026-33895 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.35.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33895 Source advisory: SNYK:JS-NODEFORGE-15789767...