Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Vulnerabilidades

Con el objetivo de informar, advertir y ayudar a los profesionales sobre las últimas vulnerabilidades de seguridad en sistemas tecnológicos, ponemos a disposición de los usuarios interesados en esta información una base de datos con información en castellano sobre cada una de las últimas vulnerabilidades documentadas y conocidas.

Este repositorio con más de 75.000 registros esta basado en la información de NVD (National Vulnerability Database) – en función de un acuerdo de colaboración – por el cual desde INCIBE realizamos la traducción al castellano de la información incluida. En ocasiones este listado mostrará vulnerabilidades que aún no han sido traducidas debido a que se recogen en el transcurso del tiempo en el que el equipo de INCIBE realiza el proceso de traducción.

Se emplea el estándar de nomenclatura de vulnerabilidades CVE (Common Vulnerabilities and Exposures), con el fin de facilitar el intercambio de información entre diferentes bases de datos y herramientas. Cada una de las vulnerabilidades recogidas enlaza a diversas fuentes de información así como a parches disponibles o soluciones aportadas por los fabricantes y desarrolladores. Es posible realizar búsquedas avanzadas teniendo la opción de seleccionar diferentes criterios como el tipo de vulnerabilidad, fabricante, tipo de impacto entre otros, con el fin de acortar los resultados.

Mediante suscripción RSS o Boletines podemos estar informados diariamente de las últimas vulnerabilidades incorporadas al repositorio.

CVE-2026-47901

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy (CSP), this allows a malicious plugin to execute arbitrary JavaScript in the privileged host context, potentially gaining unauthorized access to filesystem APIs.<br /> While only version v0.10.15 was tested and confirmed as vulnerable, status of other versions is unknown since this issue was not addressed by a patch.
Gravedad CVSS v4.0: MEDIA
Última modificación:
09/06/2026

CVE-2026-46327

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm: fix unlocked test for dm_suspended_md<br /> <br /> The function dm_blk_report_zones tests if the device is suspended with<br /> the "dm_suspended_md" call. However, this function is called without<br /> holding any locks, so the device may be suspended just after it.<br /> <br /> Move the call to dm_suspended_md after dm_get_live_table, so that the<br /> device can&amp;#39;t be suspended after the suspended state was tested.
Gravedad CVSS v3.1: ALTA
Última modificación:
08/07/2026

CVE-2026-46330

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "net/smc: Introduce TCP ULP support"<br /> <br /> This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40.<br /> <br /> As reported by Al Viro, the TCP ULP support for SMC is fundamentally<br /> broken. The implementation attempts to convert an active TCP socket<br /> into an SMC socket by modifying the underlying `struct file`, dentry,<br /> and inode in-place, which violates core VFS invariants that assume<br /> these structures are immutable for an open file, creating a risk of<br /> use after free errors and general system instability.<br /> <br /> Given the severity of this design flaw and the fact that cleaner<br /> alternatives (e.g., LD_PRELOAD, BPF) exist for legacy application<br /> transparency, the correct course of action is to remove this feature<br /> entirely.
Gravedad CVSS v3.1: ALTA
Última modificación:
08/07/2026

CVE-2026-46332

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> greybus: gb-beagleplay: bound bootloader receive buffering<br /> <br /> cc1352_bootloader_rx() appends each serdev chunk into the fixed<br /> rx_buffer before parsing bootloader packets. The helper can keep<br /> leftover bytes between callbacks and may receive multiple packets in one<br /> callback, so a single count value is not constrained by one packet<br /> length.<br /> <br /> Check that the incoming chunk fits in the remaining receive buffer space<br /> before memcpy(). If it does not, drop the staged data and consume the<br /> bytes instead of overflowing rx_buffer.
Gravedad CVSS v3.1: ALTA
Última modificación:
08/07/2026

CVE-2026-46326

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: pressure: mprls0025pa: fix spi_transfer struct initialisation<br /> <br /> Make sure that the spi_transfer struct is zeroed out before use.
Gravedad CVSS v3.1: ALTA
Última modificación:
08/07/2026

CVE-2026-46325

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE<br /> <br /> The current implementation incorrectly handles memory regions (MRs) with<br /> page sizes different from the system PAGE_SIZE. The core issue is that<br /> rxe_set_page() is called with mr-&gt;page_size step increments, but the<br /> page_list stores individual struct page pointers, each representing<br /> PAGE_SIZE of memory.<br /> <br /> ib_sg_to_page() has ensured that when i&gt;=1 either<br /> a) SG[i-1].dma_end and SG[i].dma_addr are contiguous<br /> or<br /> b) SG[i-1].dma_end and SG[i].dma_addr are mr-&gt;page_size aligned.<br /> <br /> This leads to incorrect iova-to-va conversion in scenarios:<br /> <br /> 1) page_size iova = 0x181800<br /> sg[0]: dma_addr=0x181800, len=0x800<br /> sg[1]: dma_addr=0x173000, len=0x1000<br /> <br /> Access iova = 0x181800 + 0x810 = 0x182010<br /> Expected VA: 0x173010 (second SG, offset 0x10)<br /> Before fix:<br /> - index = (0x182010 &gt;&gt; 12) - (0x181800 &gt;&gt; 12) = 1<br /> - page_offset = 0x182010 &amp; 0xFFF = 0x10<br /> - xarray[1] stores system page base 0x170000<br /> - Resulting VA: 0x170000 + 0x10 = 0x170010 (wrong)<br /> <br /> 2) page_size &gt; PAGE_SIZE (e.g., MR: 64K, system: 4K):<br /> ibmr-&gt;iova = 0x18f800<br /> sg[0]: dma_addr=0x18f800, len=0x800<br /> sg[1]: dma_addr=0x170000, len=0x1000<br /> <br /> Access iova = 0x18f800 + 0x810 = 0x190010<br /> Expected VA: 0x170010 (second SG, offset 0x10)<br /> Before fix:<br /> - index = (0x190010 &gt;&gt; 16) - (0x18f800 &gt;&gt; 16) = 1<br /> - page_offset = 0x190010 &amp; 0xFFFF = 0x10<br /> - xarray[1] stores system page for dma_addr 0x170000<br /> - Resulting VA: system page of 0x170000 + 0x10 = 0x170010 (wrong)<br /> <br /> Yi Zhang reported a kernel panic[1] years ago related to this defect.<br /> <br /> Solution:<br /> 1. Replace xarray with pre-allocated rxe_mr_page array for sequential<br /> indexing (all MR page indices are contiguous)<br /> 2. Each rxe_mr_page stores both struct page* and offset within the<br /> system page<br /> 3. Handle MR page_size != PAGE_SIZE relationships:<br /> - page_size &gt; PAGE_SIZE: Split MR pages into multiple system pages<br /> - page_size
Gravedad CVSS v3.1: CRÍTICA
Última modificación:
08/07/2026

CVE-2026-46329

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: handle end of filesystem properly for file-backed mounts<br /> <br /> I/O requests beyond the end of the filesystem should be zeroed out,<br /> similar to loopback devices and that is what we expect.
Gravedad CVSS v3.1: MEDIA
Última modificación:
08/07/2026

CVE-2026-46328

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> apparmor: fix rlimit for posix cpu timers<br /> <br /> Posix cpu timers requires an additional step beyond setting the rlimit.<br /> Refactor the code so its clear when what code is setting the<br /> limit and conditionally update the posix cpu timers when appropriate.
Gravedad CVSS v3.1: ALTA
Última modificación:
08/07/2026

CVE-2026-11792

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged (requiring non-default CLEAR password storage or a compromised replication peer), the copy overflows the buffer, corrupting heap memory and audit log output.
Gravedad CVSS v3.1: BAJA
Última modificación:
30/06/2026

CVE-2026-11793

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can crash the LDAP server by storing a crafted credential with an oversized algorithm ID. FORTIFY_SOURCE mitigates this to denial of service only.
Gravedad CVSS v3.1: MEDIA
Última modificación:
30/06/2026

CVE-2026-11789

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.
Gravedad CVSS v3.1: MEDIA
Última modificación:
30/06/2026

CVE-2026-11790

Fecha de publicación:
09/06/2026
Idioma:
Inglés
*** Pendiente de traducción *** A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user&amp;#39;s password hash can cause excessive CPU consumption during authentication, resulting in denial of service.
Gravedad CVSS v3.1: MEDIA
Última modificación:
30/06/2026