CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

CVE-2026-53033

CVE-2026-53033 affects the Linux kernel’s BPF sockmap path, causing a race in unix_stream_bpf_update_proto() that can yield a Use-After-Free when a BPF iterator updates a sockmap during a TCP state transition. The issue is resolved by taking the state lock for AF_UNIX iterations to keep the unix ...

CVE-2026-53033 bpf, sockmap: Take state lock for af_unix iter

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...

CVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.

In the Linux kernel, the following vulnerability has been resolved: afunix: Drop all SCM attributes for SOCKMAP. SOCKMAP can hide inflight fd from AFUNIX GC. When a socket in SOCKMAP receives skb with inflight fd, skpsockverdictdataready looks up the mapped socket and enqueue skb to its...

EUVD-2026-38436

Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server nuxt dev on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restrictions, allowing local users to enumerate and connect. Unprivileged co-resident users can exploit t...

UBUNTU-CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions via the module and resolve request types in the internal IPC server. An attacker can access sensitive files and secrets by connecting to the world-accessible abstract-namespace Unix socket and issuing craft...

CVE-2026-45536

CVE-2026-45536 affects Netty, specifically Unix-domain socket fd reception in netty_unix_socket_recvFd. Prior to versions 4.1.135.Final and 4.2.15.Final, a peer-sent SCM_RIGHTS message containing two fds can cause both descriptors to leak due to a mismatch between cmsg_len checks and the actual f...

CVE-2026-45536 Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

CVE-2026-45536 Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has...

Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has cmsglen = CMSGLEN8 = 24, which fits exactly with no MSGCTRUNC, so the kernel installs both fds in the receiving process. The subsequent che...

GHSA-W573-9FFJ-6FF9 Netty: Unix-socket fd receive leaks descriptors when peer sends two at once

nettyunixsocketrecvFd sets msgcontrol to char controlCMSGSPACEsizeofint line 940 — 24 bytes on 64-bit Linux. A peer-sent SCMRIGHTS cmsg carrying two ints has cmsglen = CMSGLEN8 = 24, which fits exactly with no MSGCTRUNC, so the kernel installs both fds in the receiving process. The subsequent che...

JLSEC-2026-606

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-44477

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

CVE-2026-44477 CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

CloudNativePG 代码问题漏洞

CloudNativePG is an open-source platform developed by CloudNativePG for managing the entire lifecycle of PostgreSQL databases on Kubernetes. Versions of CloudNativePG prior to 1.29.1 and 1.28.3 contained code vulnerabilities. These vulnerabilities stemmed from the metric exporter using the pod’s...

CVE-2026-41054

A flaw was found in haveged. The sockethandler function, responsible for handling connections to the abstract UNIX socket, incorrectly proceeds with execution even after detecting that a connecting user is not root. This oversight allows a local unprivileged user to bypass security checks and...