3.7
CVE-2026-56355
- EPSS 0.35%
- Veröffentlicht 20.06.2026 20:08:05
- Zuletzt bearbeitet 22.06.2026 20:43:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerGNU
≫
Produkt
Savane
Default Statusunaffected
Version <=
3.17
Version
3.14
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.266 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-696 Incorrect Behavior Order
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.
https://cgit.git.savannah.gnu.org/cgit/administration/savane.git/tree/frontend/php/file.php?h=release-3.17#n113
https://cgit.git.savannah.gnu.org/cgit/administration/savane.git/tree/frontend/php/file.php?h=release-3.17#n123
https://www.fsf.org/news/statement-regarding-gnu-savannah-security-reports
https://www.hacktron.ai
https://www.mallory.ai/stories/019ee445-bdd4-7775-93b5-a8faaf5c2eb7
https://news.ycombinator.com/item?id=48605220