GO-2026-5450 KubeVirt's authorization mechanism improperly truncates subresource names in kubevirt.io/kubevirt

KubeVirt's authorization mechanism improperly truncates subresource names in kubevirt.io/kubevirt...

Astra Linux – Vulnerability in Firefox

When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...

CVE-2026-11038

An insufficient validation of untrusted input flaw was found in the Subresource Integrity component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498080391...

SUSE CVE-2026-11038

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

Chromium: CVE-2026-11038 Insufficient validation of untrusted input in Subresource Integrity

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-34487

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

Linux Distros Unpatched Vulnerability : CVE-2026-11038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via...

CVE-2026-11038

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

DEBIAN-CVE-2026-11038

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

CVE-2026-11038

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

CVE-2026-11038

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

CVE-2026-11038

CVE-2026-11038 affects Google Chrome’s Subresource Integrity policy enforcement. The vulnerability allows a remote attacker to bypass content security policy via malicious network traffic in Chrome versions prior to 149.0.7827.53. Affected component is Subresource Integrity enforcement within Chr...

CVE-2026-11038

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

PT-2026-46567

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Subresource Integrity a security feature that ensures resources fetched from third-party servers are not manipulated allows a remote attacker to bypas...

CVE-2026-30963

Capsule (a Kubernetes multi-tenancy framework) relied on a webhook to validate namespace updates, but prior to v0.13.0 it did not intercept namespace/status or namespace/finalize subresource changes. This omission enables a tenant with permission to modify those subresources to hijack other names...

Capsule 输入验证错误漏洞

Capsule is an open-source Kubernetes framework developed by Project Capsule. Versions of Capsule prior to 0.13.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from rules for intercepting sub-resources named namespace/finalize and namespace/status that we...

Capsule Namespace Hijacking via subresource

Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper truncation of subresource names in the authorization process. An attacker can gain unauthorized access to subresources or perform unauthorized actions by exploiting incorrect permission evaluation...

EUVD-2026-23009

A flaw was found in KubeVirt's Role-Based Access Control RBAC evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources,...

GHSA-J6CV-3W8P-VRG8 KubeVirt's authorization mechanism improperly truncates subresource names

A flaw was found in KubeVirt's Role-Based Access Control RBAC evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources,...