CVE-2026-39828

CVE-2026-39828 affects the SSH handling in golang.org/x/crypto/ssh. When an SSH server authentication callback returns PartialSuccessError with non-nil Permissions, the permissions are discarded, potentially bypassing certificate restrictions (e.g., force-command) after 2FA. Returning non-nil Per...

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

GO-2026-5014 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where non-empty permissions are silently discarded when an Authentication callback returns...

PT-2026-42707

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an SSH server authentication callback returning PartialSuccessError with non-nil Permissions caused those permissions to be silently...

CVE-2026-44432

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

Security update for java-1_8_0-openj9

This update for java-180-openj9 fixes the following issues CVE-2026-1188: eclipse: ensure room for separator in omrsysinfogetprocessorfeaturestring bsc1265261. CVE-2026-22007: APIs in the specified component can lead to an unauthorized read access bsc1262490. CVE-2026-22013: unauthenticated...

PT-2026-42695

Name of the Vulnerable Software and Affected Versions Plonky3 versions prior to 0.4.3 Plonky3 versions prior to 0.5.3 Description An attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This...

PT-2026-42645

Impact - Key: challenger/src/multi field challenger.rs | MultiField32Challenger::duplexing | transcript malleability - Affected files: challenger/src/multi field challenger.rs, field/src/helpers.rs - Violated invariant: The Fiat-Shamir sponge must bind challenges to the exact sequence of observed...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: r8712: Fixed a memory leak in r8712initxmitpriv. In the aforementioned routine, memory is allocated in several places. If the first attempt succeeds but a later attempt fails, the routine will cause a memory leak. This...

Astra Linux - уязвимость в openjdk-11

A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: ImageIO. The supported versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable vulnerabili...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Serialization. The supported versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: libceph: freechooseargmap has been made resistant to partial allocations that may lead to NULL pointer dereferencing. freechooseargmap may dereference a NULL pointer if its caller fails after a partial allocation. For example, in...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed the issue where idisksize can exceed isize in partially written cases. It is possible for idisksize to exceed isize, triggering a warning. The code includes the following steps: - genericperformwrite: Copied =...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Handling of eagerly init vgic dist/redist during vgic creation If vgicallocateprivateirqslocked fails for any reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialized. Then, kvmvgicdistdestroy is...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Libraries. The supported versions affected include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily exploitable...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: For GRE packets, tunnelcsumstart is used instead of the transport header. For GRE packets with TUNNELCSUM, local checksum offloading is applied to CHECKSUMPARTIAL packets. The ipGRExmit function must validate csumstart after an...

Astra Linux - уязвимость в thrift

In Apache Thrift, all versions up to and including 0.12.0, a server or client may encounter an infinite loop when processing specific input data. Since this issue was partially addressed in version 0.11.0, it only affects certain language bindings, depending on the installed version...