-
Notifications
You must be signed in to change notification settings - Fork 276
ACK Detected Controllers CVEs #2949
Copy link
Copy link
Closed
Labels
kind/cveCategorizes issue or PR as related to CVE.Categorizes issue or PR as related to CVE.prow/auto-genPRs related to prow auto generation automationPRs related to prow auto generation automation
Description
ack-bot
opened on Jul 3, 2026
Issue body actions
| CVE ID | Type | Severity | Installed Version | Fixed Version | Affected Controllers | Title |
|---|---|---|---|---|---|---|
| CVE-2026-25680 | gobinary | MEDIUM | v0.47.0 | 0.55.0 | ALL | golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing |
| CVE-2026-39824 | gobinary | UNKNOWN | v0.38.0 | 0.44.0 | ALL | Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows |
| CVE-2026-39828 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions |
| CVE-2026-39830 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses |
| CVE-2026-39831 | gobinary | MEDIUM | v0.45.0 | 0.52.0 | [acm] | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ... |
| CVE-2026-39834 | gobinary | MEDIUM | v0.45.0 | 0.52.0 | [acm] | When writing data larger than 4GB in a single Write call on an SSH cha ... |
| CVE-2026-46598 | gobinary | MEDIUM | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input |
| CVE-2026-39821 | gobinary | HIGH | v0.47.0 | 0.55.0 | ALL | golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing |
| CVE-2026-39827 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | An authenticated SSH client that repeatedly opened channels which were ... |
| CVE-2026-39832 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions |
| CVE-2026-46595 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation |
| CVE-2026-25681 | gobinary | HIGH | v0.47.0 | 0.55.0 | ALL | golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting |
| CVE-2026-42502 | gobinary | HIGH | v0.47.0 | 0.55.0 | ALL | Parsing arbitrary HTML which is then rendered using Render can result ... |
| CVE-2026-27136 | gobinary | HIGH | v0.47.0 | 0.55.0 | ALL | golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass |
| CVE-2026-33814 | gobinary | HIGH | v0.47.0 | 0.53.0 | ALL | net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame |
| CVE-2026-42506 | gobinary | MEDIUM | v0.47.0 | 0.55.0 | ALL | golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing |
| CVE-2026-39829 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters |
| CVE-2026-39835 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate |
| CVE-2026-42508 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey |
| CVE-2026-46597 | gobinary | HIGH | v0.45.0 | 0.52.0 | [acm] | An incorrectly placed cast from bytes to int allowed for server-side p ... |
| CVE-2026-39833 | gobinary | MEDIUM | v0.45.0 | 0.52.0 | [acm] | golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation |
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
kind/cveCategorizes issue or PR as related to CVE.Categorizes issue or PR as related to CVE.prow/auto-genPRs related to prow auto generation automationPRs related to prow auto generation automation
Type
Fields
No fields configured for issues without a type.