GHSA-QQCJ-RGHW-829X Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation

Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...

EUVD-2026-11304

Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation...

Unity Linux 20.1060e / 20.1070e Security Update: haproxy (UTSA-2026-017431)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017431 advisory. An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypa...

Unity Linux 20.1060e / 20.1070e Security Update: xterm (UTSA-2026-017637)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017637 advisory. xterm before Patch 366 allows remote attackers to execute arbitrary code or cause a denial of service segmentation fault via a crafted UTF-8 combining character...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017765)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017765 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017706)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017706 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017471 advisory. The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. Tenable has extracted the preceding...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-actionpack (UTSA-2026-017586)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017586 advisory. A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted...

Unity Linux 20.1060e / 20.1070e Security Update: audiofile (UTSA-2026-017497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017497 advisory. Integer overflow in modules/MSADPCM.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017509)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017509 advisory. A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory...

Unity Linux 20.1060e / 20.1070e Security Update: jackson-databind (UTSA-2026-017619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017619 advisory. FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to...

Unity Linux 20.1070e Security Update: ImageMagick (UTSA-2026-017464)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017464 advisory. ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and...

Unity Linux 20.1070e Security Update: mysql (UTSA-2026-017439)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017439 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily exploitable...

Unity Linux 20.1060e / 20.1070e Security Update: fetchmail (UTSA-2026-017438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017438 advisory. Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. Tenable has extracted...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pygments (UTSA-2026-017493)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017493 advisory. In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponentia...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017789)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017789 advisory. HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-paramiko (UTSA-2026-017484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017484 advisory. Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attac...

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017532 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into...

Unity Linux 20.1060e / 20.1070e Security Update: binutils (UTSA-2026-017633)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017633 advisory. Load value injection in some IntelR Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a sid...