5.5
CVE-2026-46751
- EPSS 0.32%
- Veröffentlicht 25.06.2026 08:01:00
- Zuletzt bearbeitet 25.06.2026 13:27:40
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service.
A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerApache Software Foundation
≫
Produkt
Apache Kvrocks
Default Statusunaffected
Version <=
2.15.0
Version
2.2.0
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.241 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@apache.org | 5.5 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Green
|
https://lists.apache.org/thread/cjjk4gq1nkb7pooqc37gz0blvdkqgv5z
http://www.openwall.com/lists/oss-security/2026/06/25/3