[R2] Tenable Identity Exposure Version 3.93.5 Fixes Multiple Vulnerabilities Aaron Roy
Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (.NET Windows Server Hosting, NodeJS, Erlang OTP, SQL Server, OpenSSL, Curl) were found to contain vulnerabilities, and updated versions have been made available by the providers.
Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Tenable Identity Exposure version 3.93.5 updates .NET Windows Server Hosting to version 8.0.28.26269, NodeJS to version 20.20.2.0, Erlang OTP to version 26.2.5.21, SQL Server to version 15.0.4470.1, OpenSSL to version 4.0.1, and Curl to version 8.19.0 to address the identified vulnerabilities.
Tenable Identity Exposure version v3.93.5 also resolves a vulnerability related to API endpoints returning information to unauthenticated GET requests (CVE-2026-13007).
| CVE ID | Base Score | Temporal Score | CVSSv3 Vector | CVSSv4 Base Score | CVSSv4 Vector | CWE |
|---|---|---|---|---|---|---|
| MEDIUMCVE-2025-11187 | 6.1 | 5.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C | — | — | CWE-121: Stack-based Buffer Overflow |
| MEDIUMCVE-2025-13034 | 5.9 | 5.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-345: Insufficient Verification of Data Authenticity |
| MEDIUMCVE-2025-14017 | 6.3 | 5.5 | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-416: Use After Free |
| MEDIUMCVE-2025-14524 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2025-14819 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2025-15079 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| LOWCVE-2025-15224 | 3.1 | 2.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| HIGHCVE-2025-15467 | 8.8 | 7.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-416: Use After Free |
| MEDIUMCVE-2025-15468 | 5.9 | 5.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2025-15469 | 5.5 | 4.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| CRITICALCVE-2025-55130 | 9.1 | 7.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-287: Improper Authentication |
| HIGHCVE-2025-55131 | 7.1 | 6.2 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C | — | — | CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’) |
| MEDIUMCVE-2025-55132 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C | 4.8 | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| HIGHCVE-2025-55247 | 7.3 | 6.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-269: Improper Privilege Management |
| MEDIUMCVE-2025-55248 | 5.7 | 5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CRITICALCVE-2025-55315 | 9.9 | 8.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C | — | — | CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’) |
| HIGHCVE-2025-59465 | 7.5 | 6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2025-59466 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2025-66199 | 5.9 | 5.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2025-68160 | 4.7 | 4.1 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2025-69418 | 4 | 3.5 | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| HIGHCVE-2025-69419 | 7.4 | 6.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-295: Improper Certificate Validation |
| HIGHCVE-2025-69420 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2025-69421 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-1965 | 6.5 | 5.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| MEDIUMCVE-2026-2673 | 6.5 | 5.7 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| MEDIUMCVE-2026-3783 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-3784 | 6.5 | 5.7 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| HIGHCVE-2026-3805 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-4873 | 5.9 | 5.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-5545 | 6.5 | 5.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| HIGHCVE-2026-5773 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-6253 | 5.9 | 5.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-6276 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-6429 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-7009 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-7168 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| HIGHCVE-2026-7383 | 8.1 | 7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-295: Improper Certificate Validation |
| HIGHCVE-2026-9076 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-13007 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | 8.7 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-306: Missing Authentication for Critical Function; CWE-524: Use of Cache Containing Sensitive Information |
| HIGHCVE-2026-21218 | 7.5 | 6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | 8.7 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N | CWE-284: Improper Access Control |
| HIGHCVE-2026-21262 | 8.8 | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| HIGHCVE-2026-21637 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-21710 | 7.5 | 6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-21713 | 5.9 | 5.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-21714 | 5.3 | 4.6 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| LOWCVE-2026-21715 | 3.3 | 2.9 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| LOWCVE-2026-21716 | 3.3 | 2.9 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| MEDIUMCVE-2026-21717 | 5.9 | 5.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-22795 | 5.5 | 4.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-22796 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-26130 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-26171 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-28386 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-125: Out-of-bounds Read |
| HIGHCVE-2026-28387 | 8.1 | 7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-295: Improper Certificate Validation |
| HIGHCVE-2026-28388 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-28389 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-28390 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| CRITICALCVE-2026-31789 | 9.8 | 8.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
| HIGHCVE-2026-31790 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| HIGHCVE-2026-32167 | 7.8 | 6.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| MEDIUMCVE-2026-32175 | 4.3 | 3.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| HIGHCVE-2026-32176 | 7.8 | 6.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
| HIGHCVE-2026-32177 | 7.3 | 6.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C | — | — | CWE-269: Improper Privilege Management |
| HIGHCVE-2026-32178 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| HIGHCVE-2026-32203 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-33116 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-33120 | 8.8 | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-822: Untrusted Pointer Dereference |
| HIGHCVE-2026-34180 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-34181 | 7.4 | 6.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-295: Improper Certificate Validation |
| CRITICALCVE-2026-34182 | 9.1 | 7.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-287: Improper Authentication |
| HIGHCVE-2026-34183 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-35188 | 5 | 4.4 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| HIGHCVE-2026-35433 | 7.3 | 6.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C | — | — | CWE-269: Improper Privilege Management |
| HIGHCVE-2026-40370 | 8.8 | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-73: External Control of File Name or Path |
| HIGHCVE-2026-42764 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-42765 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-42766 | 5.9 | 5.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-42767 | 5.9 | 5.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| LOWCVE-2026-42768 | 3.7 | 3.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-42769 | 5.3 | 4.6 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| LOWCVE-2026-42770 | 3.7 | 3.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-42771 | 6.2 | 5.4 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| MEDIUMCVE-2026-42789 | 4.8 | 4.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C | 7 | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N | CWE-295: Improper Certificate Validation |
| HIGHCVE-2026-42790 | 8.1 | 7 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C | 7.6 | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N | CWE-295: Improper Certificate Validation |
| HIGHCVE-2026-42899 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
| HIGHCVE-2026-45445 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C | — | — | CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| MEDIUMCVE-2026-45446 | 4.8 | 4.2 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C | — | — | CWE-295: Improper Certificate Validation |
| HIGHCVE-2026-45447 | 8.8 | 7.6 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-287: Improper Authentication |
| HIGHCVE-2026-45490 | 7.8 | 6.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C | — | — | CWE-269: Improper Privilege Management |
| MEDIUMCVE-2026-45491 | 5.5 | 4.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C | — | — | CWE-284: Improper Access Control |
| HIGHCVE-2026-45591 | 7.5 | 6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C | — | — | CWE-400: Uncontrolled Resource Consumption |
