Skip to content

Commit 4119f0c

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-8xcr-6f99-hm7w GHSA-wg6h-5fm8-5gmj
1 parent d2a3941 commit 4119f0c

2 files changed

Lines changed: 88 additions & 0 deletions

File tree

advisories/unreviewed/2026/03/GHSA-8xcr-6f99-hm7w/GHSA-8xcr-6f99-hm7w.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8xcr-6f99-hm7w",
4+
"modified": "2026-03-25T09:31:36Z",
5+
"published": "2026-03-25T09:31:36Z",
6+
"aliases": [
7+
"CVE-2026-3608"
8+
],
9+
"details": "Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error.\nThis issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3608"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://downloads.isc.org/isc/kea/2.6.5"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://downloads.isc.org/isc/kea/3.0.3"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://kb.isc.org/docs/cve-2026-3608"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-617"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-03-25T09:16:25Z"
43+
}
44+
}

advisories/unreviewed/2026/03/GHSA-wg6h-5fm8-5gmj/GHSA-wg6h-5fm8-5gmj.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wg6h-5fm8-5gmj",
4+
"modified": "2026-03-25T09:31:36Z",
5+
"published": "2026-03-25T09:31:36Z",
6+
"aliases": [
7+
"CVE-2026-32326"
8+
],
9+
"details": "SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32326"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://global.sharp/corporate/info/product-security/advisory-list/2026-002"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://jvn.jp/en/jp/JVN49524110"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-306"
38+
],
39+
"severity": "MODERATE",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2026-03-25T08:16:22Z"
43+
}
44+
}

0 commit comments

Comments
 (0)