Moderate: Red Hat Security Advisory: oci-seccomp-bpf-hook security update

An update for oci-seccomp-bpf-hook is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013710 advisory. In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copyseccomp to no failure path. Our syzbot instance reported memory leaks in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010782 advisory. In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copyseccomp to no failure path. Our syzbot instance reported memory leaks in...

CVE-2026-32128

FastGPT’s Python Sandbox (fastgpt-sandbox) in versions 4.14.7 and earlier contains guardrails intended to block file writes (static detection + seccomp). The vulnerability arises because stdout (fd 1) can be remapped to an arbitrary writable file descriptor via fcntl. After remapping, writes thro...

NewStart CGSL MAIN 6.06 (SP) : docker-ce Multiple Vulnerabilities (NS-SA-2026-0011)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has docker-ce packages installed that are affected by multiple vulnerabilities: - runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host...

CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...

CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...

OpenClaw: Docker container escape via unvalidated bind mount config injection

Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. Affected Packages / Versions - Package: openclaw npm - Affected versions: =...

GHSA-W235-X559-36MG OpenClaw: Docker container escape via unvalidated bind mount config injection

Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. Affected Packages / Versions - Package: openclaw npm - Affected versions: =...

PT-2026-20964

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...

Azure Linux 3.0 Security Update: kernel (CVE-2025-37948)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37948 advisory. - In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the...

MiracleLinux 9 : oci-seccomp-bpf-hook-1.2.10-2.el9 (AXSA:2024-9099:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9099:02 advisory. golang: net: malformed DNS message can cause infinite loop CVE-2024-24788 Tenable has extracted the preceding description block directly from the MiracleLinu...

container-tools:rhel8 security update

aardvark-dns 2:1.10.1-2 - build off the RHEL maintenance branch - Resolves: RHEL-59129 buildah 2:1.33.14-1 - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 https://github.com/containers/buildah/commit/a7f8179 - fixes 'CVE-2025-47913...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001665 advisory. In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead t...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004429)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004429 advisory. In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001016)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001016 advisory. arch/mips/include/asm/threadinfo.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure TIFSECCOMP checks on the fast system-call path, which...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003892)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003892 advisory. In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002010)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002010 advisory. arch/mips/include/asm/threadinfo.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure TIFSECCOMP checks on the fast system-call path, which...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001883)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001883 advisory. arch/mips/include/asm/threadinfo.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure TIFSECCOMP checks on the fast system-call path, which...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001711)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001711 advisory. The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACESEIZE code path allows attackers to bypass intended restrictions on setting the...