🚨 CVE-2026-45257
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data.
An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system.
🎖@cveNotify
The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data.
An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system.
🎖@cveNotify
🚨 CVE-2026-4339
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
🎖@cveNotify
Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635
🎖@cveNotify
Mattermost.com
Security Updates
Find information about Mattermost security updates, sign up for our Security Bulletin, read our Responsible Disclosure Policy, and more.
🚨 CVE-2026-52701
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress User Registration Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54824
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Ads by WPQuads Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54826
Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.
🎖@cveNotify
Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.
🎖@cveNotify
Patchstack
Insecure Direct Object References (IDOR) in WordPress SupportCandy Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54832
Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Gutenverse Companion Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54834
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Object Cache 4 everyone Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54835
Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Five Star Restaurant Menu Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54837
Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Intranet & Private Site – All-In-One Intranet <= 1.8.1 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Intranet & Private Site – All-In-One Intranet Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54839
Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions.
🎖@cveNotify
Unauthenticated Sensitive Data Exposure in Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups <= 2.0.9 versions.
🎖@cveNotify
Patchstack
Sensitive Data Exposure in WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54846
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Syncee Premium Dropshipping & Wholesale <= 1.0.27 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Syncee Premium Dropshipping & Wholesale Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-54847
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Stylish Cost Calculator Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56010
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
🎖@cveNotify
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
🎖@cveNotify
Patchstack
Privilege Escalation in WordPress Abandoned Cart Pro for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56011
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
🎖@cveNotify
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress MapPress Maps for WordPress Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2026-56025
Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.
🎖@cveNotify
Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.
🎖@cveNotify
Patchstack
Broken Access Control in WordPress Paymob for WooCommerce Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.