CVE-2026-6968
- EPSS 0.08%
- Veröffentlicht 24.04.2026 19:44:44
- Zuletzt bearbeitet 06.05.2026 15:36:48
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked...
CVE-2026-6967
- EPSS 0.02%
- Veröffentlicht 24.04.2026 19:41:43
- Zuletzt bearbeitet 06.05.2026 15:32:38
Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF specification integrity checks for delegated targ...
CVE-2026-6966
- EPSS 0.02%
- Veröffentlicht 24.04.2026 19:38:24
- Zuletzt bearbeitet 06.05.2026 15:24:56
Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causi...