π¨ CVE-2026-46588
Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.
Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.
π@cveNotify
Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.
Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.
π@cveNotify
Apache Camel
Apache Camel Security Advisory - CVE-2026-46588
The camel-couchdb component reads several Exchange headers to control its behaviour - CouchDbDatabase (the database name), CouchDbSeq (the changeset sequence number), CouchDbId (the document id), CouchDbRev (the document revision) and CouchDbMethod (the operationβ¦
π¨ CVE-2026-49042
Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0.
Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue.
π@cveNotify
Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0.
Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue.
π@cveNotify
Apache Camel
Apache Camel Security Advisory - CVE-2026-49042
Improper Input Validation vulnerability in Apache Camel. The camel-langchain4j-tools, camel-langchain4j-agent and camel-spring-ai-tools producers set all JSON field names returned by the LLM in a tool-call response as Exchange message headers without filteringβ¦
π¨ CVE-2026-49297
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author β partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.
π@cveNotify
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author β partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.
π@cveNotify
GitHub
Validate destination paths derived from GCS object names by potiuk Β· Pull Request #67667 Β· apache/airflow
Two operators in the Google provider compute filesystem destination paths from GCS object names returned by list*() / list_by_timespan(), without normalizing the join result. Because GCS object nam...
π¨ CVE-2026-4249
The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition.
Successful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations.
π@cveNotify
The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service condition.
Successful exploitation of this vulnerability can disrupt the API Gateway, preventing legitimate API traffic from being processed and impacting complete service availability. The denial of service is persistent, requiring manual intervention to restore normal operations.
π@cveNotify
Wso2
Security Advisory WSO2-2026-5236/CVE-2026-4249
Documentation for WSO2 Security and Compliance
π¨ CVE-2026-56810
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response.
This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP1':decode_body/5, 'Elixir.Mint.HTTP1':add_body_to_buffer/2.
When Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection's data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client's memory arbitrarily high and trigger an out-of-memory condition.
This issue affects mint: from 0.5.0 before 1.9.1.
π@cveNotify
Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint mint (Mint.HTTP1 module) allows a denial of service via an oversized chunked transfer-encoded response.
This vulnerability is associated with program files lib/mint/http1.ex and program routines 'Elixir.Mint.HTTP1':decode_body/5, 'Elixir.Mint.HTTP1':add_body_to_buffer/2.
When Mint decodes a chunked HTTP response body, it accumulates each partial fragment of the current chunk in the connection's data_buffer (an unbounded iolist) via add_body_to_buffer/2 and does not emit the data to the caller until the full declared chunk length has been received. The chunk size is taken directly from the server and parsed with no upper bound, so a malicious or compromised server can announce one enormous chunk (for example a size line of 7FFFFFFF, about 2 GiB) and then send the body bytes slowly without ever completing the chunk. The client buffers every received byte while it waits for a completion that never arrives, and because no data responses are produced until the chunk finishes, a caller that otherwise streams large content-length bodies safely gains no protection. An unauthenticated remote server (reachable whenever a client follows redirects, fetches user-supplied URLs, or processes webhooks) can drive the client's memory arbitrarily high and trigger an out-of-memory condition.
This issue affects mint: from 0.5.0 before 1.9.1.
π@cveNotify
Erlang Ecosystem Foundation CNA
mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
This project handles the CVE Numbering Authority (CNA) for the Erlang Ecosystem Foundation (EEF).
π¨ CVE-2026-58226
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding.
hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets. 'Elixir.HPAX.Types':decode_remaining_integer/3 accumulates the integer as int + (value <<< m), shifting by 7 more bits for each continuation octet and stopping only on a terminating octet or truncated input, never because the integer grew too large. Because BEAM integers are arbitrary precision, a run of N continuation octets builds an O(N)-bit bignum and re-adds into an ever-larger bignum on each step, so the total decoding cost is superlinear (about O(N^2)). An unauthenticated attacker who can send an HTTP/2 header block to a server using this decoder (reached through the 'Elixir.HPAX':decode/2 entry point) can supply a small header block that forces a large, attacker-controlled amount of CPU (and transient memory), a denial-of-service amplification.
This issue affects hpax from 0.1.1 before 1.0.4.
π@cveNotify
Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding.
hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets. 'Elixir.HPAX.Types':decode_remaining_integer/3 accumulates the integer as int + (value <<< m), shifting by 7 more bits for each continuation octet and stopping only on a terminating octet or truncated input, never because the integer grew too large. Because BEAM integers are arbitrary precision, a run of N continuation octets builds an O(N)-bit bignum and re-adds into an ever-larger bignum on each step, so the total decoding cost is superlinear (about O(N^2)). An unauthenticated attacker who can send an HTTP/2 header block to a server using this decoder (reached through the 'Elixir.HPAX':decode/2 entry point) can supply a small header block that forces a large, attacker-controlled amount of CPU (and transient memory), a denial-of-service amplification.
This issue affects hpax from 0.1.1 before 1.0.4.
π@cveNotify
Erlang Ecosystem Foundation CNA
Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax
This project handles the CVE Numbering Authority (CNA) for the Erlang Ecosystem Foundation (EEF).
π¨ CVE-2026-6901
Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL.
This issue affects APROL: before R 4.4-01P5.
π@cveNotify
Untrusted Search Path vulnerability in B&R Industrial Automation GmbH APROL.
This issue affects APROL: before R 4.4-01P5.
π@cveNotify
π¨ CVE-2026-57974
Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-57975
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-57981
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-57983
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
π@cveNotify
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
π@cveNotify
π¨ CVE-2026-57984
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-57985
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-57986
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-57988
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-57991
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
π@cveNotify
Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
π@cveNotify
π¨ CVE-2026-57992
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-58276
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-58284
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-58285
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-58288
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
π@cveNotify