CVE-2026-45281

A flaw was found in Nextcloud Server. An authenticated user, with knowledge of another user's principal URL, could exploit improper authorization controls to gain full access to that user's calendar. This allows the attacker to view and modify the victim's calendar, leading to unauthorized...

CVE-2026-45281 Nextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, with the knowledge of other users’ principal URL an attacker could possibly send a request to gain full access to their calendar. Therefore, the...

GHSA-HPV4-5H6F-WQR3 russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

Security Bulletin: Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries

Summary Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault...

CLSA-2026-1778881463 ipa: Fix of 3 CVEs

CVE-2023-5455: fix CSRF vulnerability by adding Referer header check to all session endpoints - CVE-2024-1481: validate Kerberos principal name before kinit and pass it with -- separator to prevent option injection - CVE-2024-11029: scrub administrative passwords from process command line and...

Exchange Backup Jobs Run Longer Than Expected or Fail with: Contract schema check for the Exchange Online REST API failed

Challenge Exchange backup jobs in Veeam Backup for Microsoft 365 or Veeam Data Cloud for Microsoft 365 run far longer than expected or fail to complete. The job log contains the following warnings and errors: Warning: Failed to retrieve Exchange Online REST API cmdlet information Warning: HTTP...

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017353)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017353 advisory. The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of...

Astra Linux - уязвимость в firefox

The documents incorrectly assumed a certain order of principal objects when determining whether we were loading an appropriately privileged principal. In certain circumstances, it might have been possible for a document to be loaded with a more privileged principal than intended. This vulnerabili...

Astra Linux - уязвимость в firefox, thunderbird

If a Blob URL is loaded through some unusual user interaction, it may have been loaded by the system principal, granting additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Astra Linux - уязвимость в freeipa

A vulnerability was discovered in FreeIPA when a Kerberos TGS-REQ is encrypted using the client’s session key. This key varies for each new session, which helps protect it from brute-force attacks. However, the ticket contained within the encrypted message is encrypted using the target principal...

Astra Linux - уязвимость в samba

Samba AD DC includes checks when adding service principal names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks can be bypassed if an account modification re-adds an SPN that was previously present on that account, such as an SPN added...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSH vulnerabilities (USN-8222-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8222-1 advisory. Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol -O option. Thi...

Certificate Impersonation

spring-security-web is vulnerable to certificate impersonation. The vulnerability is due to improper parsing of malformed X.509 certificate CN values in SubjectX500PrincipalExtractor, which can result in extracting an incorrect username and allow attackers to impersonate another user...

USN-8222-1: OpenSSH vulnerabilities

Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol -O option. This could result in certain files being installed setuid or setgid, contrary to expectations. CVE-2026-35385 Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell...

USN-8222-1 openssh vulnerabilities

Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol -O option. This could result in certain files being installed setuid or setgid, contrary to expectations. CVE-2026-35385 Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell...

CLSA-2026-1777393442 openssh: Fix of CVE-2026-35414

CVE-2026-35414: fix incorrect matching of principals in the authorizedkeys principals="..." option when a certificate principal contains a comma character...

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

An administrative role meant for artificial intelligence AI agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agen...

Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...