Open Source Security mailing list

CVE-2026-33412: Vim: Command injection via newline in glob() affects Vim < 9.2.0202 openwall.com/lists/oss-secu… poses a significant risk if a Vimscript plugin passes untrusted user input into the glob() function

CVE-2026-4342: Kubernetes: ingress-nginx comment-based nginx configuration injection openwall.com/lists/oss-secu… can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller

libuv: Off-by-one heap buffer overflow openwall.com/lists/oss-secu… When a user types or pastes CJK characters into a Windows console application backed by libuv, a 1-byte out-of-bounds NUL write occurs if the read buffer size is divisible by 3

OSSA-2026-004: OpenStack Glance: Server-Side Request Forgery (SSRF) in image import functionality openwall.com/lists/oss-secu…

Perl CPAN XML::Parser through 2.47 CVE-2006-10002: Could overflow the pre-allocated buffer, cause heap corruption and crashes openwall.com/lists/oss-secu… CVE-2006-10003: Off-by-one heap buffer overflow in st_serial_stack openwall.com/lists/oss-secu…

CVE-2026-31972: samtools <= 1.21 Use-after-free in mpileup leading to an invalid read openwall.com/lists/oss-secu… CVE-2026-31973: samtools <= 1.23 NULL pointer dereference in cram-size openwall.com/lists/oss-secu… SAMtools is a program for manipulating bioinformatics file formats

CVE-2026-31970: HTSlib <= 1.23 heap buffer overflow in the BGZF index file reader openwall.com/lists/oss-secu… 9 CVEs in HTSlib <= 1.23 in the CRAM file reader openwall.com/lists/oss-secu… HTSlib is a library for reading and writing bioinformatics file formats. See also next tweet.

WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001 openwall.com/lists/oss-secu… 17 CVEs addressed, impact varies: memory corruption, information disclosure, unexpected process crash

Multiple vulnerabilities in Jenkins and Jenkins plugins openwall.com/lists/oss-secu… Fixes in: * Jenkins 2.555 * Jenkins LTS 2.541.3 * LoadNinja Plugin 2.2

SBA-ADV-20251205-01: LibreChat 0.8.1-rc2 RAG API Authentication Bypass openwall.com/lists/oss-secu… uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API

libexpat 2.7.5 fixes 3 CVEs (2x null deref, 1x infinite loop) openwall.com/lists/oss-secu… There are also 3 known unfixed security issues remaining in libexpat, and there is a GitHub issue listing them for anyone interested. openwall.com/lists/oss-secu…

CVE-2026-3888: snap-confine + systemd-tmpfiles = root openwall.com/lists/oss-secu… as discovered by @Qualys Case study: Ubuntu Desktop 24.04 - Analysis - Exploitation Case study: Ubuntu Desktop 25.10 - Overview - Exploitation A quick note on the uutils coreutils (the rust-coreutils)

Xen Security Advisory 480 v3 (CVE-2026-23554) - Use after free of paging structures in EPT openwall.com/lists/oss-secu… Xen Security Advisory 481 v2 (CVE-2026-23555) - Xenstored DoS by unprivileged domain openwall.com/lists/oss-secu…

Apache Airflow CVE-2026-26929: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata openwall.com/lists/oss-secu… CVE-2026-28563: DAG authorization bypass openwall.com/lists/oss-secu…

4 CVEs in Apache Airflow CVE-2026-30911: Execution API HITL Endpoints Missing Per-Task Authorization openwall.com/lists/oss-secu… CVE-2026-28779: Path of session token in cookie does not consider base_url - session hijacking openwall.com/lists/oss-secu… + next tweet

CVE-2026-3864: Kubernetes: CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server openwall.com/lists/oss-secu…

Perl CPAN CVE-2026-4177: YAML::Syck versions through 1.36 has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter openwall.com/lists/oss-secu…

CVE-2026-4224: CPython: Stack overflow parsing XML with deeply nested DTD content models openwall.com/lists/oss-secu… CVE-2026-3644: CPython: Incomplete control character validation in http.cookies openwall.com/lists/oss-secu…

10+ CVEs in GStreamer openwall.com/lists/oss-secu… a dependency of the tracker-extract package, which GNOME uses to automatically parse metadata in new files. Among other things, this service indexes all files in the user's home directory without any user interaction.

CVE-2026-2861: Foswi­ki: Information disclosure vulnerability in viewfile, oops, preview and changes endpoints openwall.com/lists/oss-secu… Several endpoints did not check view access rights. Fixed in 2.1.11.