Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Vulnerabilidades

Con el objetivo de informar, advertir y ayudar a los profesionales sobre las últimas vulnerabilidades de seguridad en sistemas tecnológicos, ponemos a disposición de los usuarios interesados en esta información una base de datos con información en castellano sobre cada una de las últimas vulnerabilidades documentadas y conocidas.

Este repositorio con más de 75.000 registros esta basado en la información de NVD (National Vulnerability Database) – en función de un acuerdo de colaboración – por el cual desde INCIBE realizamos la traducción al castellano de la información incluida. En ocasiones este listado mostrará vulnerabilidades que aún no han sido traducidas debido a que se recogen en el transcurso del tiempo en el que el equipo de INCIBE realiza el proceso de traducción.

Se emplea el estándar de nomenclatura de vulnerabilidades CVE (Common Vulnerabilities and Exposures), con el fin de facilitar el intercambio de información entre diferentes bases de datos y herramientas. Cada una de las vulnerabilidades recogidas enlaza a diversas fuentes de información así como a parches disponibles o soluciones aportadas por los fabricantes y desarrolladores. Es posible realizar búsquedas avanzadas teniendo la opción de seleccionar diferentes criterios como el tipo de vulnerabilidad, fabricante, tipo de impacto entre otros, con el fin de acortar los resultados.

Mediante suscripción RSS o Boletines podemos estar informados diariamente de las últimas vulnerabilidades incorporadas al repositorio.

CVE-2026-57021

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.<br /> <br /> This issue affects Junos OS on SRX Series:<br /> <br /> <br /> * 23.2 versions before 23.2R2-S7,<br /> * 23.4 versions before 23.4R2-S8,<br /> * 24.2 versions before 24.2R2-S4,<br /> * 24.4 versions before 24.4R2-S4,<br /> * 25.2 versions before 25.2R2,<br /> * 25.4 versions before 25.4R1-S1, 25.4R2.
Gravedad CVSS v4.0: MEDIA
Última modificación:
09/07/2026

CVE-2026-57022

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> When an affected device initiates a TCP connection to an attacker-controlled system that responds with a specific packet, this causes a PFE crash and restart, which affects all services until the system has automatically recovered.<br /> This issue can happen among others in the following scenarios: ALG, SSL proxy, UTM, RTLOG, AppQoE probing, AAMW, ICAP, URL filtering.<br /> <br /> This issue affects Junos OS on MX Series with SPC3, SRX5k Series with SPC3, SRX1600 Series, SRX2300 Series, SRX4000 Series, and vSRX Series:<br /> <br /> * all versions before 23.2R2-S4,<br /> * 23.4 versions before 23.4R2-S5,<br /> * 24.2 versions before 24.2R2.
Gravedad CVSS v4.0: ALTA
Última modificación:
09/07/2026

CVE-2026-57023

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service (DoS).<br /> <br /> When TCP proxy is engaged in a flow session, to support ALGs, Advanced Anti-Malware, ICAP or UTM, a TCP packet with specifically malformed TCP header will cause flow processing daemon (flowd) to crash and restart. This causes a complete service outage until the system has automatically recovered.<br /> <br /> <br /> <br /> This issue affects Junos OS on MX with SPC3, and SRX Series: <br /> <br /> <br /> <br /> * 23.4 versions before 23.4R2-S7, <br /> * 24.2 versions before 24.2R2-S4, <br /> * 24.4 versions before 24.4R2-S3,<br /> * 25.2 versions before 25.2R2.<br /> <br /> <br /> <br /> <br /> This issue does not affect releases before 23.4R1.
Gravedad CVSS v4.0: ALTA
Última modificación:
09/07/2026

CVE-2026-57024

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of Juniper Networks Junos OS on MX with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> <br /> <br /> On an MX with SPC3 and SRX devices configured for VPN service, when a large number of VPN negotiations fail a peer index rollover will eventually occur. As a result, new peers are assigned index values that are already in use and the iked process starts to crash repeatedly. This results in failure to establish new VPN connections and rekeying existing ones. To restore service the system must be rebooted.<br /> Please note that the index value can&amp;#39;t be monitored, so customers should monitor tunnel up and down events and if a lot of events occur over an extended period of time it becomes likely that this issue occurs.<br /> <br /> To be exposed to this issue the system needs to run iked (vs. kmd which is not affected), which can be verified with:<br /> <br /> user@host&gt; show system processes extensive | match "KMD|IKED"<br /> This issue affects Junos OS on MX with SPC3, SRX Series:<br /> <br /> <br /> * all versions before 23.2R2-S7,<br /> * 23.4 versions before 23.4R2-S6,<br /> * 24.2 versions before 24.2R2-S3,<br /> * 24.4 versions before 24.4R2-S4,<br /> * 25.2 versions before 25.2R1-S1.
Gravedad CVSS v4.0: MEDIA
Última modificación:
09/07/2026

CVE-2026-57025

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).<br /> <br /> On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific &amp;#39;show l2-learning&amp;#39; command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.<br /> <br /> This issue affects EX Series, QFX Series, MX Series:<br /> Junos OS:<br /> <br /> <br /> * all versions before 23.2R2-S7,<br /> * 23.4 versions before 23.4R2-S7,<br /> * 24.2 versions before 24.2R2,<br /> * 24.4 versions before 24.4R1-S2.<br /> <br /> <br /> <br /> Junos OS Evolved:<br /> * all versions before 23.2R2-S7-EVO,<br /> * 23.4 versions before 23.4R2-S8-EVO,<br /> * 24.2 versions before 24.2R2-EVO,<br /> * 24.4 versions before 24.4R1-S3-EVO.
Gravedad CVSS v4.0: MEDIA
Última modificación:
09/07/2026

CVE-2026-57026

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If the SIP ALG is enabled on an affected device, the processing of a malformed SIP invite packet will cause a flow processing daemon (flowd) crash and restart. This leads to a complete service outage until the system has automatically recovered.<br /> <br /> <br /> <br /> This issue affects Junos OS on MX Series with SPC3 and SRX Series:<br /> <br /> <br /> * all versions before 23.2R2-S7,<br /> * 23.4 versions before 23.4R2-S8,<br /> * 24.2 versions before 24.2R2-S5,<br /> * 24.4 versions before 24.4R2-S4,<br /> * 25.2 versions before 25.2R2,<br /> * 25.4 versions before 25.4R1-S2.
Gravedad CVSS v4.0: ALTA
Última modificación:
09/07/2026

CVE-2026-55424

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a topic "featured link" was not sufficiently normalized and escaped before being rendered in the topic list, allowing a user who can set a featured link to inject JavaScript when default Content Security Policy protections were modified or disabled. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.
Gravedad CVSS v4.0: ALTA
Última modificación:
09/07/2026

CVE-2026-55604

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.7.0, the process-global `SessionStore` accepts caller-supplied `session_id` values without binding them to any authenticated principal or transport session. An attacker can enumerate active session IDs via `deepseek_sessions`, then reuse a victim-controlled `session_id` in `deepseek_chat` to retrieve and continue the victim&amp;#39;s conversation context. Version 1.7.0 contains a patch.
Gravedad CVSS v3.1: ALTA
Última modificación:
09/07/2026

CVE-2026-55689

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA&amp;#39;s OIDC authenticator skipped JWT audience validation when authn.method was set to oidc, authn.oidc.issuer was configured, and authn.oidc.audience was not set, allowing a token minted for an unrelated service by the same identity provider to authenticate to OpenFGA. This issue is fixed in 1.18.0.
Gravedad CVSS v3.1: MEDIA
Última modificación:
09/07/2026

CVE-2026-55605

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of `@arikusi/deepseek-mcp-server` exposes `POST /mcp` without any authentication: `createMcpExpressApp` is called without an `authProvider` and no middleware guards the route, so any network-reachable client can issue an unauthenticated `initialize` request and obtain a valid MCP session identifier. In reproduced testing against commit `5e1302171e99`, an unauthenticated client was able to initialize a session, enumerate tools, and invoke the local `deepseek_sessions` tool with no credentials. The same unauthenticated session also exposes `deepseek_chat`, whose handler uses the server-side `DEEPSEEK_API_KEY` when self-hosted deployments configure one. This issue applies to self-hosted HTTP mode, not the separately documented hosted BYOK endpoint in `README.md`, which expects an `Authorization: Bearer ...` header. Upstream self-hosted container assets enable HTTP mode by default (`Dockerfile`) and publish port `3000` (`docker-compose.yml`). Version 1.8.0 contains a patch for this issue.
Gravedad CVSS v3.1: MEDIA
Última modificación:
10/07/2026

CVE-2026-57019

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> <br /> When a specific packet is received from device in the same broadcast domain, an affected system calculates the packet size incorrectly. This causes further packet processing to fail, which triggers an FPC major error, resulting in a FPC reset impacting traffic until the FPC has automatically recovered.<br /> <br /> Affected scenarios are: MAP-T, or non-IP traffic encapsulated in IP (e.g. MPLS over GRE).<br /> <br /> When this issue happens the following logs can be observed:<br /> <br /> fpc CMError: /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb), scope: pfe, category: functional, severity: major, module: MQSS(0), type: LI: Unroll TAIL length overflow, oc_category: default<br /> fpc Performing action reset-fru for error /fpc/0/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_LI_INT_REG_UNROLL_TAIL_LENGTH_OVF (0x2205eb) in module: MQSS(0) with scope: pfe category: functional level: major, oc_category: default<br /> <br /> <br /> <br /> <br /> This issue affects Junos OS on MX Series:<br /> <br /> <br /> * all versions before 23.2R2-S6,<br /> * 23.4 versions before 23.4R2-S7,<br /> * 24.2 versions before 24.2R2-S4,<br /> * 24.4 versions before 24.4R2-S4,<br /> * 25.2 versions before 25.2R2.
Gravedad CVSS v4.0: ALTA
Última modificación:
10/07/2026

CVE-2026-57020

Fecha de publicación:
09/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on QFX10000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).<br /> <br /> On all QFX10000 platforms in an EVPN-VxLAN scenario, if an attacker sends IPv6 multicast traffic and these packets reach the non-IRB interface of a spine switch it floods the packet to other spines and all Ethernet Segment Identifier (ESI) leaf switches. This flooding causes the packet to be forwarded in a endless loop, which can lead to saturation of the involved links and in turn impact to legitimate traffic.<br /> <br /> <br /> <br /> This issue affects Junos OS on QFX10000 Series:<br /> <br /> <br /> * all versions before 23.2R2-S7,<br /> * 23.4 versions before 23.4R2-S8,<br /> * 24.2 versions before 24.2R2-S4,<br /> * 24.4 versions before 24.4R2-S4.<br /> <br /> <br /> <br /> This issue does not affect Junos version after 24.4 as the QFX10000 Series devices are not supported on newer versions anymore.
Gravedad CVSS v4.0: ALTA
Última modificación:
10/07/2026