CLEANSTART-2026-RQ86436 Security fixes for CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-32280, CVE-2026-32281, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-f6x5-jh6r-wrfv, ghsa-hfvc-g4fc-pqhx, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 8.4.0-r0, 8.5.0-r0, 8.5.0-r1, 8.5.0-r2, 8.5.0-r3

Multiple security vulnerabilities affect the kubernetes-csi-external-snapshotter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-123 (ALASDOCKER-2026-123)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-123 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-118 (ALASDOCKER-2026-118)

The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-118 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: trivy, dagger, datadog-agent, kaniko, kots, chartmuseum, kubevela, tigera-operator, trivy-operator, wolfictl, tw, osv-scanner, neuvector-scanner, containerd, ctop, opa, teleport, docker, manifest-tool, zot, helm-operator, helm-set-status, xeol, rancher-helm,...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: tigera-operator-fips, kubescape-server-fips, trivy-operator, chartmuseum-fips, docker-cli-buildx-fips, gatekeeper, gitlab-rails-ce, chainctl, spegel-fips, opa-envoy, opa-fips-envoy, chaos-mesh-fips, scorecard, kube-mgmt, chaos-mesh, tigera-operator, docker-compose,...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-107 (ALASDOCKER-2026-107)

"The version of soci-snapshotter installed on the remote host is prior to 0.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-107 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs...

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2026-1573)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1573 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir o...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: telegraf, apisix-ingress-controller, kine, atlantis, kots, dgraph, crossplane-provider-sql, kaf, wal-g, kube-state-metrics, promxy, cluster-autoscaler, kafka-proxy, k8sgpt-operator, memcached-exporter, migrate, cosign, fscrypt, terraform-docs, smarter-device-manager,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: azure-container-networking, trivy-operator, chartmuseum-fips, crossplane-provider-aws-ecr, flux-source-controller, kubernetes-secret-generator, crossplane-provider-aws-sqs-fips, golangci-lint, crossplane-provider-aws-backup, grpc-health-probe-fips, metrics-agent-fips...

CLEANSTART-2026-LC01167 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 8.4.0-r0, 8.4.0-r1, 8.4.0-r2

Multiple security vulnerabilities affect the kubernetes-csi-external-snapshotter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-WM95952 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 8.4.0-r0, 8.5.0-r0, 8.5.0-r1

Multiple security vulnerabilities affect the kubernetes-csi-external-snapshotter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

OESA-2026-1599 kata-containers-go security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a contain...

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: kubecolor, supercronic, kaniko, kaf, wal-g, prometheus-alertmanager, memcached-exporter, ctop, speedtest-go, fscrypt, cluster-api, s5cmd, crossplane-provider-aws-memorydb, kubernetes-replicator, azure-workload-identity-webhook, crossplane-provider-aws-cloudfront, ste...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: telegraf, apisix-ingress-controller, cloudflared, atlantis, azurefile-csi, kots, kaf, wal-g, kube-state-metrics, prometheus-alertmanager, promxy, cluster-autoscaler, kafka-proxy, memcached-exporter, migrate, terraform-provider-grafana, azuredisk-csi, fscrypt,...

CVE-2026-27139 vulnerabilities

Vulnerabilities for packages: supercronic, kaniko, kaf, wal-g, prometheus-alertmanager, memcached-exporter, ctop, speedtest-go, fscrypt, cluster-api, s5cmd, crossplane-provider-aws-memorydb, kubernetes-replicator, azure-workload-identity-webhook, crossplane-provider-aws-cloudfront, step, trillian...

CVE-2026-27142 vulnerabilities

Vulnerabilities for packages: telegraf, apisix-ingress-controller, cloudflared, atlantis, azurefile-csi, kots, kaf, wal-g, kube-state-metrics, prometheus-alertmanager, promxy, cluster-autoscaler, kafka-proxy, memcached-exporter, migrate, terraform-provider-grafana, azuredisk-csi, fscrypt,...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: kubecolor, supercronic, kaniko, kaf, wal-g, prometheus-alertmanager, memcached-exporter, ctop, speedtest-go, fscrypt, cluster-api, s5cmd, crossplane-provider-aws-memorydb, kubernetes-replicator, azure-workload-identity-webhook, crossplane-provider-aws-cloudfront, ste...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: azure-container-networking, chartmuseum-fips, crossplane-provider-aws-ecr, flux-source-controller, skopeo, crossplane-provider-aws-sqs-fips, grpc-health-probe-fips, ceph-csi-operator-fips, crossplane-provider-gcp, knative-operator-fips, seaweedfs-operator-fips,...

Amazon Linux 2 : soci-snapshotter, --advisory ALAS2DOCKER-2026-100 (ALASDOCKER-2026-100)

The version of soci-snapshotter installed on the remote host is prior to 0.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-100 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...

OESA-2026-1436 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a contain...