Уязвимости

1. CVE-2026-26017 CoreDNS ACL Bypass

   Information published.

2. CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

   Information published.

3. CVE-2026-23868

   Information published.

4. CVE-2026-31802 node-tar Symlink Path Traversal via Drive-Relative Linkpath

   Information published.

5. CVE-2026-3381 Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib

   Information published.

6. CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass

   Information published.

7. CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509

   Information published.

8. CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509

   Information published.

9. CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net

   Information published.

10. CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

    Information published.

11. CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences

    Information published.

12. Chromium: CVE-2026-3942 Incorrect security UI in PictureInPicture

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

13. Chromium: CVE-2026-3931 Heap buffer overflow in Skia

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

14. CVE-2026-25172 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

    The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.

15. CVE-2026-25173 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

    The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.

16. CVE-2026-26111 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

    The hotpatch has been re‑released to ensure comprehensive coverage across all affected scenarios. Customers are advised to apply the updated release to ensure full protection.

17. Chromium: CVE-2026-3941 Insufficient policy enforcement in DevTools

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

18. Chromium: CVE-2026-3940 Insufficient policy enforcement in DevTools

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

19. Chromium: CVE-2026-3939 Use after free in WebView

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.

20. Chromium: CVE-2026-3938 Insufficient policy enforcement in Clipboard

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information.