Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-9151
Publication date:
10/06/2026
An OS<br /> command injection vulnerability exists in the VPN module of TP-Link Archer AX12<br /> v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an<br /> adjacent, authenticated attacker to execute arbitrary commands on the device by<br /> importing a specially crafted VPN client configuration file. The issue stems<br /> from improper filtering of special characters. <br /> <br /> <br /> <br /> <br /> <br /> Successful<br /> exploitation of this vulnerability may enable an attacker to gain full control<br /> of the affected device, potentially compromising configuration integrity,<br /> network security, and service availability.
Severity CVSS v4.0: HIGH
Last modification:
10/06/2026

CVE-2026-50566
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability containers in the Fission function or builder namespace, scheduled under the executor&amp;#39;s high-privilege service account — enabling container-sandbox escape, host filesystem and network access, and potential node- and cluster-level compromise. This issue has been patched in version 1.24.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-50567
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry name with the destination directory via filepath.Join and wrote the result without checking whether the resolved path stayed under the destination. A zip entry named ../../tmp/evil therefore landed at /tmp/evil. An attacker who could control a Package.Spec.Source.URL or Deployment.URL archive could induce the fetcher (running as the per-environment pod&amp;#39;s fission-fetcher sidecar) to write files anywhere that process could reach: into other tenants&amp;#39; /packages// directories, into mounted secret/config volumes, or into the fetcher&amp;#39;s own binary. This issue has been patched in version 1.25.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-50568
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefix(path, safedir). This is a lexical check, not a directory boundary check: /packages-extra/evil starts with /packages, so it passed. The function did not enforce a path-separator boundary, so any sibling directory whose name began with the safe-directory string was accepted. Callers included the builder&amp;#39;s Clean handler (pkg/builder/builder.go:208) and the fetcher&amp;#39;s Fetch / Upload handlers (pkg/fetcher/fetcher.go). A tenant who could pre-create or control a sibling directory under the fetcher / builder&amp;#39;s shared volume could induce a write or read outside the intended safe directory. This issue has been patched in version 1.25.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-50569
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeURL and Prefix. Those two fields were validated at the CLI level only (pkg/fission-cli/cmd/httptrigger/create.go:83). The post-CRD-modernization webhook for HTTPTrigger was retired in favor of API-server CEL — and CEL had no rules on those fields either — so an HTTPTrigger created via kubectl apply or a direct Kubernetes REST API call bypassed every URL-level check. This issue has been patched in version 1.25.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-50570
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs (ValidatePodSpecSafety / ValidateContainerSafety admission webhook + sanitizeContainerSecurityContext executor merge layer), but the capability check was implemented as a fixed denylist of six Linux capabilities (SYS_ADMIN, NET_ADMIN, SYS_PTRACE, SYS_MODULE, DAC_READ_SEARCH, DAC_OVERRIDE). The denylist omitted CAP_SYS_TIME, among others. As a result, a tenant who could create a Function or Environment CRD could request securityContext.capabilities.add: ["SYS_TIME"], pass Fission&amp;#39;s admission validation and merge-layer sanitization, and run attacker-controlled code with CAP_SYS_TIME in the resulting function or runtime container. This issue has been patched in version 1.25.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-50545
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. This issue has been patched in version 1.24.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-50563
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission&amp;#39;s Container Executor path lets a tenant supply Function.spec.podspec directly; the executor merges it into the executor-built podspec and creates a Deployment whose pods run the user&amp;#39;s container image. This issue has been patched in version 1.24.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-50565
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod — including the user-supplied builder image. This issue has been patched in version 1.24.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-49821
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission&amp;#39;s buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. This issue has been patched in version 1.24.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-49822
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger (KWT) in their own namespace was able to establish a persistent surveillance channel over any other namespace. This issue has been patched in version 1.24.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-49823
Publication date:
10/06/2026
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by the admission webhook; PackageRef.Namespace was not. This issue has been patched in version 1.24.0.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026
Subscribe to Vulnerabilities