Logo
Retour à la veille

CVE-2026-53303

Publié : 26 juin 2026
Modifié : 26 juin 2026
Lien officiel NVD

Description détaillée

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show() In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation.

Références et Patchs

https://git.kernel.org/stable/c/4b3a1bf4c2ffd4c9595d900ead78c9035894a025https://git.kernel.org/stable/c/5909bedbed38c558bee7cb6758ceedf9bc3a9194https://git.kernel.org/stable/c/cea15f66b7b68b2c50943a6660e0692c6635e4ebhttps://git.kernel.org/stable/c/d0e877810baf613b018fd9747440b9d4d9db1428https://git.kernel.org/stable/c/d3ff0c121bbaef026df6248ab7ef6f0b068b0647https://git.kernel.org/stable/c/ea3ab43a1f3cf2c7cecd75c8be1ee99a5e94a92e

Dernières Vulnérabilités

CVE-2026-55069

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computation speed to recover the administrator password offline. In Kubernetes deployments, a successful crack further enables reading of the cluster ServiceAccount Token and all K8s Secrets, achieving vertical privilege escalation. This vulnerability is fixed in 1.3.24.

VOIR DÉTAILS

CVE-2026-53577

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains an access control bypass that allows any authenticated user to read output files from any other execution within the same tenant, bypassing execution-level and namespace-level isolation. This vulnerability is fixed in 1.0.45 and 1.3.21.

VOIR DÉTAILS

CVE-2026-53576

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authentication filter for the REST API (@Filter("/api/v1/**")) treats any request whose path ends in /configs as the public instance-config endpoint and forwards it without a credential check. kestra addresses its resources by URL path segments that the caller chooses (/api/v1/{tenant}/flows/{namespace}, /api/v1/{tenant}/executions/{namespace}/{id}, /api/v1/{tenant}/namespaces/{namespace}/kv/{key}). An anonymous caller picks the literal configs as the final segment, and the request bypasses Basic-Auth entirely. Because the bypass reaches the flow-create and execution-trigger routes, an unauthenticated caller creates a flow containing a Shell or Process task and runs it. The task executes as root inside the kestra container. The official docker-compose.yml mounts /var/run/docker.sock, so root in the container reaches the host Docker daemon. This vulnerability is fixed in 1.0.45 and 1.3.21.

VOIR DÉTAILS