Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-40958

Summary
Assigner-Absolute
Assigner Org ID-b6533044-ea05-4482-8458-7bddeca0d079
Published At-15 Jul, 2026 | 20:02
Updated At-16 Jul, 2026 | 13:11
Rejected At-
Credits

Input validation error in Secure Access clients prior to 14.55

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Absolute
Assigner Org ID:b6533044-ea05-4482-8458-7bddeca0d079
Published At:15 Jul, 2026 | 20:02
Updated At:16 Jul, 2026 | 13:11
Rejected At:
▼CVE Numbering Authority (CNA)
Input validation error in Secure Access clients prior to 14.55

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.

Affected Products
Vendor
Absolute Software CorporationAbsolute Security
Product
Secure Access
Default Status
unaffected
Versions
Affected
  • From 0 before 14.55 (Client)
Metrics
VersionBase scoreBase severityVector
4.02.3LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40958
N/A
Hyperlink: https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40958
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:SecurityResponse@netmotionsoftware.com
Published At:15 Jul, 2026 | 20:17
Updated At:16 Jul, 2026 | 14:16

CVE-2026-40958 is a input validation error in Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.3LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.13.7LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
N/A
Type: Secondary
Version: 4.0
Base score: 2.3
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 3.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Absolute Software Corporation
absolute
>>secure_access>>Versions before 14.55(exclusive)
cpe:2.3:a:absolute:secure_access:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-20Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40958SecurityResponse@netmotionsoftware.com
Vendor Advisory
Hyperlink: https://www.absolute.com/platform/security-information/vulnerability-archive/cve-2026-40958
Source: SecurityResponse@netmotionsoftware.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

14Records found

CVE-2026-55398
Matching Score-8
Assigner-Absolute Software
ShareView Details
Matching Score-8
Assigner-Absolute Software
CVSS Score-6.9||MEDIUM
EPSS-0.25% / 16.63%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 20:17
Updated-16 Jul, 2026 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory management vulnerability in Secure Access clients

CVE-2026-55398 is a memory management vulnerability in Secure Access clients and servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server.

Action-Not Available
Vendor-Absolute Software Corporation
Product-secure_accessSecure Access
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2026-40954
Matching Score-8
Assigner-Absolute Software
ShareView Details
Matching Score-8
Assigner-Absolute Software
CVSS Score-2.1||LOW
EPSS-0.20% / 10.09%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 19:44
Updated-16 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer underflow in Secure Access clients prior to 14.55

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client

Action-Not Available
Vendor-Absolute Software Corporation
Product-secure_accessSecure Access
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-40955
Matching Score-8
Assigner-Absolute Software
ShareView Details
Matching Score-8
Assigner-Absolute Software
CVSS Score-2.1||LOW
EPSS-0.20% / 10.09%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 19:50
Updated-16 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer underflow vulnerability in Secure Access clients

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client.

Action-Not Available
Vendor-Absolute Software Corporation
Product-secure_accessSecure Access
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-33444
Matching Score-8
Assigner-Absolute Software
ShareView Details
Matching Score-8
Assigner-Absolute Software
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 23.17%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 20:10
Updated-16 Jul, 2026 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory management vulnerability in Secure Access servers

CVE-2026-33444 is a memory management vulnerability in Secure Access servers prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against the server.

Action-Not Available
Vendor-Absolute SecutityAbsolute Software Corporation
Product-secure_accessSecure Access
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-37346
Matching Score-6
Assigner-Absolute Software
ShareView Details
Matching Score-6
Assigner-Absolute Software
CVSS Score-4.9||MEDIUM
EPSS-0.40% / 32.28%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 16:51
Updated-07 Aug, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06

There is an insufficient input validation vulnerability in the Warehouse component of Absolute Secure Access prior to 13.06. Attackers with system administrator permissions can impair the availability of certain elements of the Secure Access administrative UI by writing invalid data to the warehouse over the network. There is no loss of warehouse integrity or confidentiality, the security scope is unchanged. Loss of availability is high.

Action-Not Available
Vendor-Absolute Software Corporation
Product-secure_accessSecure Access
CWE ID-CWE-20
Improper Input Validation
CVE-2025-59595
Matching Score-6
Assigner-Absolute Software
ShareView Details
Matching Score-6
Assigner-Absolute Software
CVSS Score-8.2||HIGH
EPSS-0.33% / 25.06%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 22:46
Updated-08 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVE-2025-59595 is an internally discovered denial of service vulnerability in versions of Secure Access prior to 14.12. An attacker can send a specially crafted packet to a server in a non-default configuration and cause the server to crash.

Action-Not Available
Vendor-Absolute Software Corporation
Product-secure_accessSecure Access
CWE ID-CWE-20
Improper Input Validation
CVE-2025-59596
Matching Score-6
Assigner-Absolute Software
ShareView Details
Matching Score-6
Assigner-Absolute Software
CVSS Score-6||MEDIUM
EPSS-0.20% / 9.66%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 22:51
Updated-10 Feb, 2026 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVE-2025-59596 is a denial-of-service vulnerability in Secure Access Windows client versions 12.0 to 14.10 that is addressed in version 14.12. If a local networking policy is active, attackers on an adjacent network may be able to send a crafted packet and cause the client system to crash.

Action-Not Available
Vendor-Absolute Software Corporation
Product-secure_accessSecure Access
CWE ID-CWE-20
Improper Input Validation
CVE-2025-49081
Matching Score-6
Assigner-Absolute Software
ShareView Details
Matching Score-6
Assigner-Absolute Software
CVSS Score-6.9||MEDIUM
EPSS-0.41% / 33.22%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 17:25
Updated-16 Jun, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Input validation vulnerability in the Secure Access prior to version 13.55

There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse over the network. The attack complexity is low, there are no attack requirements, privileges required are high, and there is no user interaction required. There is no impact on confidentiality or integrity; the impact on availability is high.

Action-Not Available
Vendor-Absolute Software Corporation
Product-Secure Access
CWE ID-CWE-20
Improper Input Validation
CVE-2022-29562
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-3.7||LOW
EPSS-0.75% / 50.71%
||
7 Day CHG+0.18%
Published-11 Jul, 2023 | 09:07
Updated-12 Nov, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.

Action-Not Available
Vendor-Siemens AG
Product-ruggedcom_rox_mx5000reruggedcom_rox_rx1511ruggedcom_rox_rx1512_firmwareruggedcom_rox_rx1512ruggedcom_rox_mx5000_firmwareruggedcom_rox_rx1511_firmwareruggedcom_rox_rx1510ruggedcom_rox_rx1400_firmwareruggedcom_rox_rx1400ruggedcom_rox_rx1510_firmwareruggedcom_rox_rx1500ruggedcom_rox_rx1524_firmwareruggedcom_rox_rx5000ruggedcom_rox_rx1501ruggedcom_rox_rx1536ruggedcom_rox_mx5000ruggedcom_rox_rx1536_firmwareruggedcom_rox_rx1524ruggedcom_rox_rx1500_firmwareruggedcom_rox_mx5000re_firmwareruggedcom_rox_rx1501_firmwareruggedcom_rox_rx5000_firmwareRUGGEDCOM ROX MX5000RERUGGEDCOM ROX RX1511RUGGEDCOM ROX RX1536RUGGEDCOM ROX RX1400RUGGEDCOM ROX RX1501RUGGEDCOM ROX RX1500RUGGEDCOM ROX RX5000RUGGEDCOM ROX MX5000RUGGEDCOM ROX RX1524RUGGEDCOM ROX RX1510RUGGEDCOM ROX RX1512
CWE ID-CWE-20
Improper Input Validation
CVE-2018-1000002
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-1.08% / 61.37%
||
7 Day CHG~0.00%
Published-22 Jan, 2018 | 18:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.

Action-Not Available
Vendor-nicn/a
Product-knot_resolvern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25471
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-3.7||LOW
EPSS-0.39% / 30.77%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:08
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2026-2391
Matching Score-4
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
ShareView Details
Matching Score-4
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
CVSS Score-6.3||MEDIUM
EPSS-0.48% / 38.11%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 04:39
Updated-24 Feb, 2026 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
qs's arrayLimit bypass in comma parsing allows denial of service

### Summary The `arrayLimit` option in qs does not enforce limits for comma-separated values when `comma: true` is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in GHSA-6rw7-vpxm-498p (CVE-2025-15284). ### Details When the `comma` option is set to `true` (not the default, but configurable in applications), qs allows parsing comma-separated strings as arrays (e.g., `?param=a,b,c` becomes `['a', 'b', 'c']`). However, the limit check for `arrayLimit` (default: 20) and the optional throwOnLimitExceeded occur after the comma-handling logic in `parseArrayValue`, enabling a bypass. This permits creation of arbitrarily large arrays from a single parameter, leading to excessive memory allocation. **Vulnerable code** (lib/parse.js: lines ~40-50): ```js if (val && typeof val === 'string' && options.comma && val.indexOf(',') > -1) {     return val.split(','); } if (options.throwOnLimitExceeded && currentArrayLength >= options.arrayLimit) {     throw new RangeError('Array limit exceeded. Only ' + options.arrayLimit + ' element' + (options.arrayLimit === 1 ? '' : 's') + ' allowed in an array.'); } return val; ``` The `split(',')` returns the array immediately, skipping the subsequent limit check. Downstream merging via `utils.combine` does not prevent allocation, even if it marks overflows for sparse arrays.This discrepancy allows attackers to send a single parameter with millions of commas (e.g., `?param=,,,,,,,,...`), allocating massive arrays in memory without triggering limits. It bypasses the intent of `arrayLimit`, which is enforced correctly for indexed (`a[0]=`) and bracket (`a[]=`) notations (the latter fixed in v6.14.1 per GHSA-6rw7-vpxm-498p). ### PoC **Test 1 - Basic bypass:** ``` npm install qs ``` ```js const qs = require('qs'); const payload = 'a=' + ','.repeat(25); // 26 elements after split (bypasses arrayLimit: 5) const options = { comma: true, arrayLimit: 5, throwOnLimitExceeded: true }; try {   const result = qs.parse(payload, options);   console.log(result.a.length); // Outputs: 26 (bypass successful) } catch (e) {   console.log('Limit enforced:', e.message); // Not thrown } ``` **Configuration:** - `comma: true` - `arrayLimit: 5` - `throwOnLimitExceeded: true` Expected: Throws "Array limit exceeded" error. Actual: Parses successfully, creating an array of length 26. ### Impact Denial of Service (DoS) via memory exhaustion.

Action-Not Available
Vendor-qs_project
Product-qs
CWE ID-CWE-20
Improper Input Validation
CVE-2025-15284
Matching Score-4
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
ShareView Details
Matching Score-4
Assigner-7ffcee3d-2c14-4c3e-b844-86c6a321a158
CVSS Score-6.3||MEDIUM
EPSS-0.41% / 33.20%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 22:56
Updated-26 Feb, 2026 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
arrayLimit bypass in bracket notation allows DoS via memory exhaustion

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit should apply uniformly across all array notations. Note: The default parameterLimit of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly. Details The arrayLimit option only checked limits for indexed notation (a[0]=1&a[1]=2) but did not enforce it for bracket notation (a[]=1&a[]=2). Vulnerable code (lib/parse.js:159-162): if (root === '[]' && options.parseArrays) { obj = utils.combine([], leaf); // No arrayLimit check } Working code (lib/parse.js:175): else if (index <= options.arrayLimit) { // Limit checked here obj = []; obj[index] = leaf; } The bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays. PoC const qs = require('qs'); const result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 }); console.log(result.a.length); // Output: 6 (should be max 5) Note on parameterLimit interaction: The original advisory's "DoS demonstration" claimed a length of 10,000, but parameterLimit (default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000. Impact Consistency bug in arrayLimit enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit is explicitly set to a very high value.

Action-Not Available
Vendor-qs_project
Product-qs
CWE ID-CWE-20
Improper Input Validation
CVE-2022-35252
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-3.7||LOW
EPSS-1.84% / 76.56%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 00:00
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

Action-Not Available
Vendor-n/aCURLSplunk LLC (Cisco Systems, Inc.)Apple Inc.NetApp, Inc.Debian GNU/Linux
Product-h410smacosdebian_linuxh500s_firmwarehci_compute_nodeh700s_firmwarecurlsolidfirebootstrap_osh410s_firmwareh700sh300s_firmwareh500suniversal_forwarderelement_softwareclustered_data_ontaph300shci_management_nodehttps://github.com/curl/curl
CWE ID-CWE-20
Improper Input Validation
Details not found