CVE-2026-56695 OpenHarness - Cross-Session Disclosure via /resume and /summary Commands

OpenHarness ohmo gateway /resume and /summary slash commands default remoteinvocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and...

Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind

Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix for suspend/resume behavior. Disabling the cache in commit 2ff4ba9e3702 “clk: rs9: Fix for I2C accessors” without removing cache synchronization in the resume path results in a kernel panic, as map-cacheops is unset...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: m68k: Fixed the spinlock race in kernel thread creation. Context switching ensures that the correct lock owner is retained during the switch from the “prev” task to the “next” task. This relies on interrupts remaining disabled...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fixed a UAF in runtimersoftirq When dmresume and dmdestroy are executed concurrently, it will lead to a UAF, as follows: Bug: KASAN: Use-after-free in runtimers+0x173/0x710 A 8-byte value is written to the address...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fixed memory corruption caused by an incorrect array size. The functions th1520mboxsuspendnoirq and th1520mboxresumenoirq are intended to save and restore the interrupt mask registers in the MBOX ICU0. However, t...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: Ethernet: cpsw – Fixed a panic that occurs when the coalece interrupt is set using ethtool. The cpswethtoolbegin function directly returns the result of pmruntimegetsync when it is successful. pmruntimegetsync returns...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a system hang that occurred during resume with a Thunderbolt monitor. Why This issue arises when using a Thunderbolt monitor and performing suspend operations; the system may hang during resume. During the...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron The pmruntimegetsync function will increment the PM usage counter even if it fails. Forgetting to replace this function with the newer pmruntimeresumeandget function...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: stmmac: Clearing the variable when destroying the workqueue Currently, when suspending the driver and stopping the workqueue, it is checked whether workqueue is not NULL. If it is NULL, the workqueue is destroyed. The function...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - dm clone: Fixed a UAF Use-after-Free in clonedtr. - Dmclone also has the same UAF issue when dmresume and dmdestroy are executed concurrently. Therefore, the timer is canceled again in clonedtr...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a potential memory leak in DMUB hwinit Why When resuming, we perform DMUB hwinit, which allocates memory using dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc. This can lead to a memory leak in suspend/resume...

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

CVE-2026-56131

CVE-2026-56131 affects libexpat prior to 2.8.2, where handler call depth tracking is missing for XML_ResumeParser calls made from within handlers during a policy violation. This leads to a use-after-free condition as described (similar to CVE-2026-50219). The Connected documents identify the affe...

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

EUVD-2026-37976

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

EUVD-2026-35862

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

UBUNTU-CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...