Canonical

CVE	Summary	Severity	CVSS	EPSS	Priority	Signals
CVE-2026-33309	An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.	CRITICAL	9.9	0.1%	70	PoC
CVE-2026-32731	Path traversal in ApostropheCMS import-export module allows authenticated users with content modification permissions to write files outside the intended export directory via malicious archive entries containing directory traversal sequences. An attacker with editor-level access can exploit this vulnerability to overwrite arbitrary files on the system with CVSS 9.9 critical severity. No patch is currently available for this vulnerability affecting Node.js environments.	CRITICAL	9.9	0.1%	50
CVE-2026-34177	Privilege escalation in Canonical LXD 4.12-6.7 allows authenticated remote attackers with VM instance editing rights to bypass project restrictions via incomplete denylist validation. Attackers inject AppArmor rules and QEMU chardev configurations through unblocked raw.apparmor and raw.qemu.conf keys, bridging the LXD Unix socket into guest VMs. Successful exploitation enables escalation to LXD cluster administrator and subsequently to host root access. No public exploit identified at time of analysis. Authenticated remote exploitation (PR:H) with cross-scope impact on confidentiality, integrity, and availability.	CRITICAL	9.1	0.1%	46
CVE-2026-34179	Privilege escalation in Canonical LXD 4.12 through 6.7 enables remote authenticated restricted TLS certificate users to gain cluster admin privileges. Exploitation requires high-privilege authentication (PR:H) but no user interaction. The vulnerability stems from missing Type field validation in doCertificateUpdate function when processing PUT/PATCH requests to the certificates API endpoint. Attack scope is changed (S:C), allowing attackers to break containment and achieve full cluster compromise with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis.	CRITICAL	9.1	0.1%	46
CVE-2026-34178	Backup import in Canonical LXD before 6.8 bypasses project security restrictions, enabling privilege escalation to full host compromise. An authenticated remote attacker with instance-creation permission in a restricted project crafts malicious backup archives containing conflicting configuration files: backup/index.yaml passes validation, while backup/container/backup.yaml (never validated) carries forbidden directives like security.privileged=true or raw.lxc commands. Exploiting this dual-file validation gap allows unrestricted container creation that breaks isolation boundaries. No public exploit identified at time of analysis.	CRITICAL	9.1	0.0%	46
CVE-2026-33186	An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTTP/2 requests with malformed :path pseudo-headers that omit the mandatory leading slash (e.g., 'Service/Method' instead of '/Service/Method'). This affects gRPC-Go servers using path-based authorization interceptors like google.golang.org/grpc/authz with deny rules for canonical paths but fallback allow rules. The vulnerability has a CVSS score of 9.1 (Critical) with network-based exploitation requiring no privileges or user interaction, enabling attackers to access restricted services and potentially exfiltrate or modify sensitive data.	CRITICAL	9.1	0.0%	46
CVE-2026-22665	Identity confusion in prompts.chat (prior to commit 1464475) enables authenticated attackers to impersonate users and hijack profile URLs by creating case-variant usernames (e.g., 'Alice' vs 'alice'). Inconsistent case-handling between write and read operations allows bypass of uniqueness validation, letting attackers inject malicious content on canonical victim profiles. EPSS data not available; no public exploit identified at time of analysis, though attack complexity is low (CVSS:4.0 AC:L) requiring only low-privilege access (PR:L). VulnCheck disclosed this vulnerability with vendor patch released via GitHub commit.	HIGH	8.6	0.0%	43
CVE-2026-35525	Path traversal via symlink in LiquidJS npm package allows authenticated template contributors to read arbitrary filesystem content outside configured template roots. The vulnerability affects applications where untrusted users can influence template directories (uploaded themes, extracted archives, repository-controlled templates). LiquidJS validates template paths using string-based directory containment checks but fails to resolve canonical filesystem paths before file access, enabling symlinks placed within allowed partials/layouts directories to reference external files. Publicly available exploit code exists. No EPSS score available, but impact is limited to information disclosure in specific deployment scenarios requiring attacker filesystem access.	HIGH	8.2	0.1%	41
CVE-2026-30914	SFTPGo versions prior to 2.7.1 contain a path normalization vulnerability (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) that allows authenticated attackers to bypass folder-level permissions and escape Virtual Folder boundaries through crafted file paths. An attacker with valid credentials can exploit this authorization bypass to access files and directories beyond their intended scope. The vulnerability has been patched in version 2.7.1 with strict edge-level path normalization, and while no public POC or KEV status has been disclosed, the CVSS 5.3 (network-accessible, low complexity) and requirement for prior authentication suggest this is a real but moderate-priority issue.	HIGH	8.1	0.1%	41
CVE-2026-23171	The Linux kernel bonding driver contains a use-after-free vulnerability in the slave device initialization path that allows local attackers with user privileges to cause memory corruption or denial of service. The flaw occurs when slave array updates happen before XDP setup completion, enabling the new slave to be used for transmission before being freed by error cleanup handlers. This affects Debian, Ubuntu, and other Linux distributions running vulnerable kernel versions.	HIGH	7.8	0.0%	39
CVE-2026-35409	Server-Side Request Forgery (SSRF) in Directus headless CMS allows authenticated attackers (or unauthenticated users with public file-import permissions) to bypass IP address deny-list protections and access internal network resources. Attackers exploit IPv4-Mapped IPv6 address notation (e.g., ::ffff:127.0.0.1) to circumvent validation logic, enabling unauthorized requests to localhost services, internal databases, caches, APIs, and cloud instance metadata endpoints (AWS/GCP/Azure IMDS). With CVSS 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) indicating low attack complexity, network accessibility, and scope change with high confidentiality impact, this represents a significant risk for data exfiltration from cloud environments and internal infrastructure. No public exploit identified at time of analysis, though the technical details in the advisory provide clear exploitation guidance.	HIGH	7.7	0.0%	38
CVE-2026-29181	Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger severe CPU and memory amplification via crafted HTTP baggage headers. The vulnerability allows unauthenticated attackers to send multiple baggage header lines that bypass the 8192-byte per-value parse limit by triggering repeated parsing operations - achieving 77x memory amplification (10.3MB vs 133KB per request) in vendor-provided proof-of-concept testing. Vendor-released patch available in v1.41.0. EPSS data not available; no confirmed active exploitation (not in CISA KEV); publicly available exploit code exists (vendor-provided PoC demonstrating 77x amplification).	HIGH	7.5	0.0%	38
CVE-2026-33895	The digitalbazaar/forge npm package accepts forged Ed25519 signatures due to missing scalar canonicalization checks, allowing authentication and authorization bypass in applications that rely on signature uniqueness. All versions since Ed25519 implementation are affected (confirmed through version 1.3.3), identified as pkg:npm/node-forge. Publicly available exploit code exists with a complete proof-of-concept demonstrating how attackers can create multiple valid signatures for the same message by adding the group order L to the scalar component S, bypassing deduplication, replay protection, and signed-object canonicalization checks. The vendor has released a patch via commit bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85.	HIGH	7.5	0.0%	38
CVE-2026-33894	Signature forgery in node-forge npm package (all versions through v1.3.3) allows remote attackers to bypass RSASSA PKCS#1 v1.5 signature verification for RSA keys using low public exponent (e=3). Attackers can construct Bleichenbacher-style forged signatures by injecting malicious ASN.1 content within DigestInfo structures and exploiting missing padding length validation, enabling authentication bypass in systems relying on forge for cryptographic verification. Proof-of-concept code demonstrates successful forgery against forge while OpenSSL correctly rejects the same signature. CVSS score 7.5 (High) with network attack vector, low complexity, and no privileges required. No public exploit identified at time of analysis beyond the research POC.	HIGH	7.5	0.0%	38
CVE-2026-35172	Repository-scoped authorization bypass in distribution container registry allows restored read access to explicitly deleted blobs when Redis caching is enabled. Affects distribution/distribution v2.8.x and v3.0.x when both storage.cache.blobdescriptor: redis and storage.delete.enabled: true are configured. Unauthenticated remote attackers can retrieve sensitive content deleted from repo A after repo B repopulates the shared Redis descriptor cache, exposing confidential data that operators believed was permanently revoked. CVSS 7.5 (High). Publicly available exploit code exists with deterministic PoC demonstrating the state-machine race condition. EPSS data not provided, but the low attack complexity (AC:L) and no privilege requirement (PR:N) indicate straightforward exploitation once the vulnerable configuration is identified.	HIGH	7.5	0.0%	38

CVE-2026-33309

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

CRITICAL

9.9

0.1%

70

PoC

CVE-2026-32731

Path traversal in ApostropheCMS import-export module allows authenticated users with content modification permissions to write files outside the intended export directory via malicious archive entries containing directory traversal sequences. An attacker with editor-level access can exploit this vulnerability to overwrite arbitrary files on the system with CVSS 9.9 critical severity. No patch is currently available for this vulnerability affecting Node.js environments.

CRITICAL

9.9

0.1%

50

CVE-2026-34177

Privilege escalation in Canonical LXD 4.12-6.7 allows authenticated remote attackers with VM instance editing rights to bypass project restrictions via incomplete denylist validation. Attackers inject AppArmor rules and QEMU chardev configurations through unblocked raw.apparmor and raw.qemu.conf keys, bridging the LXD Unix socket into guest VMs. Successful exploitation enables escalation to LXD cluster administrator and subsequently to host root access. No public exploit identified at time of analysis. Authenticated remote exploitation (PR:H) with cross-scope impact on confidentiality, integrity, and availability.

CRITICAL

9.1

0.1%

46

CVE-2026-34179

Privilege escalation in Canonical LXD 4.12 through 6.7 enables remote authenticated restricted TLS certificate users to gain cluster admin privileges. Exploitation requires high-privilege authentication (PR:H) but no user interaction. The vulnerability stems from missing Type field validation in doCertificateUpdate function when processing PUT/PATCH requests to the certificates API endpoint. Attack scope is changed (S:C), allowing attackers to break containment and achieve full cluster compromise with high impact to confidentiality, integrity, and availability. No public exploit identified at time of analysis.

CRITICAL

9.1

0.1%

46

CVE-2026-34178

Backup import in Canonical LXD before 6.8 bypasses project security restrictions, enabling privilege escalation to full host compromise. An authenticated remote attacker with instance-creation permission in a restricted project crafts malicious backup archives containing conflicting configuration files: backup/index.yaml passes validation, while backup/container/backup.yaml (never validated) carries forbidden directives like security.privileged=true or raw.lxc commands. Exploiting this dual-file validation gap allows unrestricted container creation that breaks isolation boundaries. No public exploit identified at time of analysis.

CRITICAL

9.1

0.0%

46

CVE-2026-33186

An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTTP/2 requests with malformed :path pseudo-headers that omit the mandatory leading slash (e.g., 'Service/Method' instead of '/Service/Method'). This affects gRPC-Go servers using path-based authorization interceptors like google.golang.org/grpc/authz with deny rules for canonical paths but fallback allow rules. The vulnerability has a CVSS score of 9.1 (Critical) with network-based exploitation requiring no privileges or user interaction, enabling attackers to access restricted services and potentially exfiltrate or modify sensitive data.

CRITICAL

9.1

0.0%

46

CVE-2026-22665

Identity confusion in prompts.chat (prior to commit 1464475) enables authenticated attackers to impersonate users and hijack profile URLs by creating case-variant usernames (e.g., 'Alice' vs 'alice'). Inconsistent case-handling between write and read operations allows bypass of uniqueness validation, letting attackers inject malicious content on canonical victim profiles. EPSS data not available; no public exploit identified at time of analysis, though attack complexity is low (CVSS:4.0 AC:L) requiring only low-privilege access (PR:L). VulnCheck disclosed this vulnerability with vendor patch released via GitHub commit.

HIGH

8.6

0.0%

43

CVE-2026-35525

Path traversal via symlink in LiquidJS npm package allows authenticated template contributors to read arbitrary filesystem content outside configured template roots. The vulnerability affects applications where untrusted users can influence template directories (uploaded themes, extracted archives, repository-controlled templates). LiquidJS validates template paths using string-based directory containment checks but fails to resolve canonical filesystem paths before file access, enabling symlinks placed within allowed partials/layouts directories to reference external files. Publicly available exploit code exists. No EPSS score available, but impact is limited to information disclosure in specific deployment scenarios requiring attacker filesystem access.

HIGH

8.2

0.1%

41

CVE-2026-30914

SFTPGo versions prior to 2.7.1 contain a path normalization vulnerability (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) that allows authenticated attackers to bypass folder-level permissions and escape Virtual Folder boundaries through crafted file paths. An attacker with valid credentials can exploit this authorization bypass to access files and directories beyond their intended scope. The vulnerability has been patched in version 2.7.1 with strict edge-level path normalization, and while no public POC or KEV status has been disclosed, the CVSS 5.3 (network-accessible, low complexity) and requirement for prior authentication suggest this is a real but moderate-priority issue.

HIGH

8.1

0.1%

41

CVE-2026-23171

The Linux kernel bonding driver contains a use-after-free vulnerability in the slave device initialization path that allows local attackers with user privileges to cause memory corruption or denial of service. The flaw occurs when slave array updates happen before XDP setup completion, enabling the new slave to be used for transmission before being freed by error cleanup handlers. This affects Debian, Ubuntu, and other Linux distributions running vulnerable kernel versions.

HIGH

7.8

0.0%

39

CVE-2026-35409

Server-Side Request Forgery (SSRF) in Directus headless CMS allows authenticated attackers (or unauthenticated users with public file-import permissions) to bypass IP address deny-list protections and access internal network resources. Attackers exploit IPv4-Mapped IPv6 address notation (e.g., ::ffff:127.0.0.1) to circumvent validation logic, enabling unauthorized requests to localhost services, internal databases, caches, APIs, and cloud instance metadata endpoints (AWS/GCP/Azure IMDS). With CVSS 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) indicating low attack complexity, network accessibility, and scope change with high confidentiality impact, this represents a significant risk for data exfiltration from cloud environments and internal infrastructure. No public exploit identified at time of analysis, though the technical details in the advisory provide clear exploitation guidance.

HIGH

7.7

0.0%

38

CVE-2026-29181

Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger severe CPU and memory amplification via crafted HTTP baggage headers. The vulnerability allows unauthenticated attackers to send multiple baggage header lines that bypass the 8192-byte per-value parse limit by triggering repeated parsing operations - achieving 77x memory amplification (10.3MB vs 133KB per request) in vendor-provided proof-of-concept testing. Vendor-released patch available in v1.41.0. EPSS data not available; no confirmed active exploitation (not in CISA KEV); publicly available exploit code exists (vendor-provided PoC demonstrating 77x amplification).

HIGH

7.5

0.0%

38

CVE-2026-33895

The digitalbazaar/forge npm package accepts forged Ed25519 signatures due to missing scalar canonicalization checks, allowing authentication and authorization bypass in applications that rely on signature uniqueness. All versions since Ed25519 implementation are affected (confirmed through version 1.3.3), identified as pkg:npm/node-forge. Publicly available exploit code exists with a complete proof-of-concept demonstrating how attackers can create multiple valid signatures for the same message by adding the group order L to the scalar component S, bypassing deduplication, replay protection, and signed-object canonicalization checks. The vendor has released a patch via commit bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85.

HIGH

7.5

0.0%

38

CVE-2026-33894

Signature forgery in node-forge npm package (all versions through v1.3.3) allows remote attackers to bypass RSASSA PKCS#1 v1.5 signature verification for RSA keys using low public exponent (e=3). Attackers can construct Bleichenbacher-style forged signatures by injecting malicious ASN.1 content within DigestInfo structures and exploiting missing padding length validation, enabling authentication bypass in systems relying on forge for cryptographic verification. Proof-of-concept code demonstrates successful forgery against forge while OpenSSL correctly rejects the same signature. CVSS score 7.5 (High) with network attack vector, low complexity, and no privileges required. No public exploit identified at time of analysis beyond the research POC.

HIGH

7.5

0.0%

38

CVE-2026-35172

Repository-scoped authorization bypass in distribution container registry allows restored read access to explicitly deleted blobs when Redis caching is enabled. Affects distribution/distribution v2.8.x and v3.0.x when both storage.cache.blobdescriptor: redis and storage.delete.enabled: true are configured. Unauthenticated remote attackers can retrieve sensitive content deleted from repo A after repo B repopulates the shared Redis descriptor cache, exposing confidential data that operators believed was permanently revoked. CVSS 7.5 (High). Publicly available exploit code exists with deterministic PoC demonstrating the state-machine race condition. EPSS data not provided, but the low attack complexity (AC:L) and no privilege requirement (PR:N) indicate straightforward exploitation once the vulnerable configuration is identified.

HIGH

7.5

0.0%

38

Severity Breakdown

Monthly CVE Trend

Affected Products (22)

Top Risky CVEs