π¨ CVE-2026-43500
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE
handler in rxrpc_verify_response() copy the skb to a linear one before
calling into the security ops only when skb_cloned() is true. An skb
that is not cloned but still carries externally-owned paged fragments
(e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via
__ip_append_data, or a chained skb_has_frag_list()) falls through to
the in-place decryption path, which binds the frag pages directly into
the AEAD/skcipher SGL via skb_to_sgvec().
Extend the gate to also unshare when skb_has_frag_list() or
skb_has_shared_frag() is true. This catches the splice-loopback vector
and other externally-shared frag sources while preserving the
zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC
page_pool RX, GRO). The OOM/trace handling already in place is reused.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE
handler in rxrpc_verify_response() copy the skb to a linear one before
calling into the security ops only when skb_cloned() is true. An skb
that is not cloned but still carries externally-owned paged fragments
(e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via
__ip_append_data, or a chained skb_has_frag_list()) falls through to
the in-place decryption path, which binds the frag pages directly into
the AEAD/skcipher SGL via skb_to_sgvec().
Extend the gate to also unshare when skb_has_frag_list() or
skb_has_shared_frag() is true. This catches the splice-loopback vector
and other externally-shared frag sources while preserving the
zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC
page_pool RX, GRO). The OOM/trace handling already in place is reused.
π@cveNotify
π¨ CVE-2026-4802
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.
π@cveNotify
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.
π@cveNotify
π¨ CVE-2026-4890
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
π@cveNotify
A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
π@cveNotify
GitHub
dnsmasq: 2.92 -> 2.92rel2 by LeSuisse Β· Pull Request #519082 Β· NixOS/nixpkgs
Fixes CVE-2026-2291
Fixes CVE-2026-4890
Fixes CVE-2026-4891
Fixes CVE-2026-4892
Fixes CVE-2026-4893
Fixes CVE-2026-5172
https://kb.cert.org/vuls/id/471747
Changelog:
version 2.92rel2
2.92 p...
Fixes CVE-2026-4890
Fixes CVE-2026-4891
Fixes CVE-2026-4892
Fixes CVE-2026-4893
Fixes CVE-2026-5172
https://kb.cert.org/vuls/id/471747
Changelog:
version 2.92rel2
2.92 p...
π¨ CVE-2026-4891
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
π@cveNotify
A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.
π@cveNotify
GitHub
dnsmasq: 2.92 -> 2.92rel2 by LeSuisse Β· Pull Request #519082 Β· NixOS/nixpkgs
Fixes CVE-2026-2291
Fixes CVE-2026-4890
Fixes CVE-2026-4891
Fixes CVE-2026-4892
Fixes CVE-2026-4893
Fixes CVE-2026-5172
https://kb.cert.org/vuls/id/471747
Changelog:
version 2.92rel2
2.92 p...
Fixes CVE-2026-4890
Fixes CVE-2026-4891
Fixes CVE-2026-4892
Fixes CVE-2026-4893
Fixes CVE-2026-5172
https://kb.cert.org/vuls/id/471747
Changelog:
version 2.92rel2
2.92 p...
π¨ CVE-2026-4892
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
π@cveNotify
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
π@cveNotify
GitHub
dnsmasq: 2.92 -> 2.92rel2 by LeSuisse Β· Pull Request #519082 Β· NixOS/nixpkgs
Fixes CVE-2026-2291
Fixes CVE-2026-4890
Fixes CVE-2026-4891
Fixes CVE-2026-4892
Fixes CVE-2026-4893
Fixes CVE-2026-5172
https://kb.cert.org/vuls/id/471747
Changelog:
version 2.92rel2
2.92 p...
Fixes CVE-2026-4890
Fixes CVE-2026-4891
Fixes CVE-2026-4892
Fixes CVE-2026-4893
Fixes CVE-2026-5172
https://kb.cert.org/vuls/id/471747
Changelog:
version 2.92rel2
2.92 p...
π¨ CVE-2026-5172
A buffer overflow in dnsmasqβs extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the recordβs end.
π@cveNotify
A buffer overflow in dnsmasqβs extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the recordβs end.
π@cveNotify
GitHub
dnsmasq: 2.92 -> 2.92rel2 by LeSuisse Β· Pull Request #519082 Β· NixOS/nixpkgs
Fixes CVE-2026-2291
Fixes CVE-2026-4890
Fixes CVE-2026-4891
Fixes CVE-2026-4892
Fixes CVE-2026-4893
Fixes CVE-2026-5172
https://kb.cert.org/vuls/id/471747
Changelog:
version 2.92rel2
2.92 p...
Fixes CVE-2026-4890
Fixes CVE-2026-4891
Fixes CVE-2026-4892
Fixes CVE-2026-4893
Fixes CVE-2026-5172
https://kb.cert.org/vuls/id/471747
Changelog:
version 2.92rel2
2.92 p...
π¨ CVE-2026-28847
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28883
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28901
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28902
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28903
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28904
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28905
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28942
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28946
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
Apple Support
About the security content of macOS Tahoe 26.5 - Apple Support
This document describes the security content of macOS Tahoe 26.5.
π¨ CVE-2026-28947
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28953
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-28955
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-43658
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
Apple Support
About the security content of iOS 26.5 and iPadOS 26.5 - Apple Support
This document describes the security content of iOS 26.5 and iPadOS 26.5.
π¨ CVE-2026-27851
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known.
π@cveNotify
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known.
π@cveNotify
π¨ CVE-2026-42006
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass the limit. Using excessive bracing, attacker can cause memory usage up to configured memory limit. Install fixed version, or configure vsz_limit for imap process to low value. No publicly available exploits are known.
π@cveNotify
An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass the limit. Using excessive bracing, attacker can cause memory usage up to configured memory limit. Install fixed version, or configure vsz_limit for imap process to low value. No publicly available exploits are known.
π@cveNotify