Authentication Bypass

Traefik is vulnerable to Authentication Bypass. The vulnerability is due to improper handling in the ForwardAuth middleware when trustForwardHeader=false is configured behind a trusted upstream proxy, which allows an attacker to bypass authentication controls and gain unauthorized access...

Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

Synapse CPU starvation (Denial of Service)

Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...

GHSA-8Q93-326V-3M7G Synapse CPU starvation (Denial of Service)

Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

CVE-2026-44503

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

CVE-2026-44503 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

The RedirectHandler middleware in microsoft/kiota-java com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0 and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed; Cookie,...

CVE-2026-44503

CVE-2026-44503 affects the RedirectHandler in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0, and similar Kiota libraries). The root cause is that when following 3xx redirects to a different host or scheme, only the Authorization header is removed; Cookie, Proxy-Auth...

Fleet: IP spoofing allows bypassing API rate limiting

Summary A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet. Impact Fleet extracted client IP...

GHSA-J8H8-75H3-JG53 Fleet has a rate limiting bypass via untrusted client IP headers

Impact Fleet trusted client-supplied IP address headers when determining the source IP for incoming requests. This allowed authenticated and unauthenticated clients to spoof their apparent IP address and bypass per-IP rate limiting controls. Fleet determines a client’s public IP address using HTT...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.17.24 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6194: Backport to odf-4.17.24 ocs-operator should not use image gcr.io/kubebuilder/kube-rbac-proxy...

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.18.20 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-6235: 4.18 ROSA HCPUI blocker Broken Storage System wizard DFBUGS-6185: ocs-operator should not use image...

curl: CURLOPT_PROXY_CAINFO_BLOB silently activates native CA store on Apple builds

Hi all, CURLOPTPROXYCAINFOBLOB introduced 7.77.0 never sets proxyssl.customcablob. On USEAPPLESECTRUST / CURLCANATIVE builds this causes curl to silently fall back to the system keychain for proxy TLS verification, nullifying the caller's blob-only trust policy. --- Root cause lib/setopt.c handle...

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential...

cross-proxy Digest auth state leak

...

PT-2026-41142

Name of the Vulnerable Software and Affected Versions portainer-ce versions 2.33.0 through 2.33.7 portainer-ce-agent versions 2.33.0 through 2.33.7 Description An authorization bypass exists in the middleware layer kubeClientMiddleware within the api/http/handler/kubernetes/handler.go file. The...

Crabbox 代码注入漏洞

Crabbox is an open-source remote code execution and test environment management tool developed by OpenClaw. Versions of Crabbox prior to 0.12.0 contained a code injection vulnerability. This vulnerability stemmed from a lax list of allowed environment variables, allowing attackers who access...

PT-2026-41159

Name of the Vulnerable Software and Affected Versions Synapse versions prior to 1.152.1 Description Local authenticated users can cause the system to starve other requests of CPU resources, leading to request failures and a denial of service for other users. Homeservers that trust all their local...

www/nginx -- Remote Code Execution/DoS

nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...