Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Vulnerabilidades

Con el objetivo de informar, advertir y ayudar a los profesionales sobre las últimas vulnerabilidades de seguridad en sistemas tecnológicos, ponemos a disposición de los usuarios interesados en esta información una base de datos con información en castellano sobre cada una de las últimas vulnerabilidades documentadas y conocidas.

Este repositorio con más de 75.000 registros esta basado en la información de NVD (National Vulnerability Database) – en función de un acuerdo de colaboración – por el cual desde INCIBE realizamos la traducción al castellano de la información incluida. En ocasiones este listado mostrará vulnerabilidades que aún no han sido traducidas debido a que se recogen en el transcurso del tiempo en el que el equipo de INCIBE realiza el proceso de traducción.

Se emplea el estándar de nomenclatura de vulnerabilidades CVE (Common Vulnerabilities and Exposures), con el fin de facilitar el intercambio de información entre diferentes bases de datos y herramientas. Cada una de las vulnerabilidades recogidas enlaza a diversas fuentes de información así como a parches disponibles o soluciones aportadas por los fabricantes y desarrolladores. Es posible realizar búsquedas avanzadas teniendo la opción de seleccionar diferentes criterios como el tipo de vulnerabilidad, fabricante, tipo de impacto entre otros, con el fin de acortar los resultados.

Mediante suscripción RSS o Boletines podemos estar informados diariamente de las últimas vulnerabilidades incorporadas al repositorio.

CVE-2026-45848

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> apparmor: fix NULL sock in aa_sock_file_perm<br /> <br /> Deal with the potential that sock and sock-sk can be NULL during<br /> socket setup or teardown. This could lead to an oops. The fix for NULL<br /> pointer dereference in __unix_needs_revalidation shows this is at<br /> least possible for af_unix sockets. While the fix for af_unix sockets<br /> applies for newer mediation this is still the fall back path for older<br /> af_unix mediation and other sockets, so ensure it is covered.
Gravedad: Pendiente de análisis
Última modificación:
27/05/2026

CVE-2026-45849

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()<br /> <br /> ocelot_port_xmit_inj() calls ocelot_can_inject() and<br /> ocelot_port_inject_frame() without holding the injection group lock.<br /> Both functions contain lockdep_assert_held() for the injection lock,<br /> and the correct caller felix_port_deferred_xmit() properly acquires<br /> the lock using ocelot_lock_inj_grp() before calling these functions.<br /> <br /> Add ocelot_lock_inj_grp()/ocelot_unlock_inj_grp() around the register<br /> injection path to fix the missing lock protection. The FDMA path is not<br /> affected as it uses its own locking mechanism.
Gravedad: Pendiente de análisis
Última modificación:
27/05/2026

CVE-2026-45850

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipvs: skip ipv6 extension headers for csum checks<br /> <br /> Protocol checksum validation fails for IPv6 if there are extension<br /> headers before the protocol header. iph-&gt;len already contains its<br /> offset, so use it to fix the problem.
Gravedad: Pendiente de análisis
Última modificación:
27/05/2026

CVE-2026-42791

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid.<br /> <br /> OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib/public_key/src/pubkey_ocsp.erl does not check the validity period (notBefore/notAfter) of the OCSP responder certificate. An attacker who has obtained the private key of an expired CA-designated OCSP responder certificate can forge OCSP responses that Erlang/OTP accepts as valid.<br /> <br /> This affects TLS clients using OCSP stapling via the ssl application: a malicious or compromised server can present a revoked TLS certificate together with a forged OCSP response signed by an expired responder key, and the client will accept the revoked certificate as valid. It also affects applications calling public_key:pkix_ocsp_validate/5 directly, where the impact depends on the use case — server-side client certificate validation using this API may allow authentication bypass with a revoked client certificate.<br /> <br /> This issue affects OTP from OTP 27.0 before OTP 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.16 before 1.17.1.3, 1.20.3.1, and 1.21.1.
Gravedad CVSS v4.0: MEDIA
Última modificación:
02/06/2026

CVE-2026-42789

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** Improper Following of a Certificate&amp;#39;s Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery.<br /> <br /> In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_extensions/7 contains two flaws that together allow a certificate with basicConstraints cA:false and no keyUsage extension to be used as an intermediate issuer in a chain passed to public_key:pkix_path_validation/3: the cA:false clause recurses into the remaining extensions without rejecting the certificate when it is in issuer position, and the keyUsage check only fires when the extension is present, so a certificate lacking keyUsage entirely bypasses the keyCertSign enforcement.<br /> <br /> Any party holding an end-entity certificate with basicConstraints cA:false and no keyUsage extension, issued by any CA in the victim&amp;#39;s trust store, can use that certificate&amp;#39;s private key to sign forged leaf certificates for arbitrary identities. public_key:pkix_path_validation/3 accepts the resulting chain, and by extension every TLS or mTLS endpoint built on the OTP ssl application that relies on the default verifier is affected, including server identity verification on the client side and client certificate verification on mTLS servers.<br /> <br /> This issue affects OTP from OTP 17.0 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 0.22 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.
Gravedad CVSS v4.0: ALTA
Última modificación:
30/06/2026

CVE-2026-3676

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.
Gravedad CVSS v3.1: MEDIA
Última modificación:
02/06/2026

CVE-2026-3623

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.
Gravedad CVSS v3.1: ALTA
Última modificación:
02/06/2026

CVE-2026-38427

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t variable; values above 65535 wrap around, causing allocation of a smaller buffer than the data actually read.
Gravedad CVSS v3.1: ALTA
Última modificación:
27/05/2026

CVE-2026-3366

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system
Gravedad CVSS v3.1: ALTA
Última modificación:
02/06/2026

CVE-2026-35090

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel. This vulnerability is independent of the telephone exchanges configuration. If remote access is disabled, calling with this caller ID will temporarily enable it.<br /> <br /> This issue was fixed in versions below:<br /> - IPL-256: version 6.61.0040<br /> - IPM-032: version 6.61.0040<br /> - CCT-1668: version 6.56.0430<br /> - MAC-6400: version 6.56.0430<br /> - CXS-0424: version 6.30.0510<br /> <br /> The issue STILL EXISTS in End-Of-Life telephone exchanges in versions 4.xx and below:<br /> - CCT-1668 (CCT1CPU)<br /> - MAC-6400<br /> - CXS-0424<br /> These products were discontinued in 2011 and 2012 and and will not receive updates. These products require a hardware update in order to receive a software update. The vendor recommends that users of these devices contact the their service department directly to determine the options for upgrading.
Gravedad CVSS v4.0: CRÍTICA
Última modificación:
27/05/2026

CVE-2026-38426

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() function.
Gravedad CVSS v3.1: ALTA
Última modificación:
27/05/2026

CVE-2026-36539

Fecha de publicación:
27/05/2026
Idioma:
Inglés
*** Pendiente de traducción *** Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi passwords, PPPoE credentials, DDNS credentials, and a full map of all connected devices.
Gravedad CVSS v3.1: ALTA
Última modificación:
28/05/2026