CLEANSTART-2026-AH59738 Security fixes for CVE-2026-35469, ghsa-hr2v-4r36-88hr, ghsa-pc3f-x583-g7j2 applied in versions: 26.4.2

Multiple security vulnerabilities affect the linkerd2 package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-HI64288 Security fixes for CVE-2026-35469, ghsa-hr2v-4r36-88hr, ghsa-pc3f-x583-g7j2 applied in versions: 26.4.2

Multiple security vulnerabilities affect the linkerd2 package. These issues are resolved in later releases. See references for individual vulnerability details...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization n the ServerSecurityUser.getDatabaseUser and ArcadeDBServer.createDatabase processes. An attacker can gain unauthorized access to read, write, and modify schema and data across databases by exploiting improper...

ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases

Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an uninitialized fileAccessMap, which...

GHSA-FXC7-FM93-6Q77 ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases

Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: 1 ServerSecurityUser.getDatabaseUser returned a DB user with an uninitialized fileAccessMap, which...