EUVD-2026-37766

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass...

GHSA-PR7R-676H-XCF6 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

CVE-2026-9678

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

CVE-2026-9678

Undici (node) vulnerability CVE-2026-9678: in shared-cache mode, the cache interceptor may misclassify responses as cacheable when Cache-Control uses whitespace-padded private/no-cache directives (e.g., private=" authorization" or no-cache="\tauthorization"). The whitespace is preserved by the pa...

CVE-2026-9678 undici vulnerable to cross-user information disclosure via shared cache whitespace bypass

Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified private or no-cache field names such as private=" authorization" or no-cache="\tauthorization". The parser preserves the surrounding...

PT-2026-50515

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The cache interceptor incorrectly classifies certain responses as cacheable when the upstream Cache-Control header contains whitespace-padded qualified private or...

CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, the /nuxtisland/ endpoint accepts attacker-controlled props query/body...

CVE-2026-6550

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

NPM: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning

NPM: Nuxt: nuxtisland endpoint does not bind responses to request props, enabling shared-cache poisoning vulnerability discovered by ? in WordPress Npm nuxt versions = 3.1.0, = 3.21.5...

HTTP Request Smuggling

Overview @nuxt/nitro-server is a Nitro server integration for Nuxt Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the nuxtisland endpoint when responses are not properly bound to request props, allowing shared-cache poisoning. An attacker can cause users to receive attacker-controlled HTML by priming a shared cache with...

Interpretation Conflict

Overview next is a react framework. Affected versions of this package are vulnerable to Interpretation Conflict via improper handling of shared cache entries for React Server Component responses. An attacker can cause unintended component payloads to be served to other users by manipulating share...

Next.js vulnerable to cache poisoning in React Server Component responses

Impact Applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under affected conditions, an attacker can cause an RSC response to be served from the original URL and poison shared cache entries so later...

CVE-2026-41362 OpenClaw 2026.2.19 through 2026.3.30 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication

OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress...

GHSA-V638-38FC-RHFV AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache

Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...

AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache

Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...

OESA-2026-1306 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Fix sharedcpumap to handle shared caches at different levels The cacheinfo sets up the sharedcpumap by checking whether the caches with the same index...

CLSA-2026-1767864313 kernel: Fix of 46 CVEs

mm: hugetlb: fix UAF in hugetlbhandleuserfault CVE-2022-50630 - drm/amdkfd: fix potential kgdmem UAFs CVE-2023-53816 - net/mlx5e: Fix deadlock in tc route query code CVE-2023-53591 - PCI: Fix pcideviceispresent for VFs by checking PF CVE-2022-50636 - wifi: ath11k: fix monitor mode bringup crash...