Several dangerous vulnerabilities have been discovered in recent days, most of which can be exploited remotely:
- In the patch release of the GStreamer 1.28.2 multimedia framework, 11 vulnerabilities were identified, three of which are caused by buffer overflows and can potentially lead to code execution when processing specially crafted MKV (CVE not assigned) and MOV/MP4 (CVE-2026-5056) multimedia containers, as well as H.266/VVC streams (CVE not assigned). The remaining eight vulnerabilities are caused by integer overflows or NULL pointer dereferences and can lead to denial of service or information leaks when processing WAV, JPEG2000, AV1, H.264, MOV, MP4, FLV, mDVDsub, and SRT/WebVTT data. The danger of the vulnerabilities in GStreamer is aggravated by the fact that it is used in GNOME to parse metadata when automatically indexing new files, i.e. To attack, it is enough to download a file into the indexed directory ~/Downloads.
- В server Eight vulnerabilities have been identified in CUPS printing, two of which (CVE-2026-34980 and CVE-2026-34990) can be exploited to achieve remote code execution with root privileges by sending a specially crafted request to the print server. The first vulnerability allows an unauthenticated attacker to achieve code execution with the privileges of the lp user by sending a specially crafted print job (the issue is caused by incorrect handling of escaped line feed characters). The second vulnerability allows privilege escalation from the lp user to root by modifying files with root privileges through the substitution of a fictitious printer. A CUPS update that fixes these vulnerabilities is not yet available.
- A patch release of the wolfSSL cryptographic library, version 5.9.1, has been published, fixing 21 vulnerabilities. One issue has been rated as critical, and nine are rated as high (causing memory corruption). The critical vulnerability (CVE-2026-5194) is caused by a lack of hash size and OID validation. This allows smaller hashes to be specified, thereby weakening the strength of the ECDSA/ECC, DSA, ML-DSA, ED25519, and ED448 digital signature algorithms and bypassing certificate-based authentication. The vulnerability was discovered by Anthropic engineers during a code review with an AI model.
- Patching releases of the OpenSSL cryptographic library 3.6.2, 3.5.6, 3.4.5, and 3.3.7 have been published, fixing seven vulnerabilities. The most severe vulnerability (CVE-2026-31790) can lead to the leak of sensitive data remaining in the buffer after a previous operation. The issue is caused by the use of uninitialized memory when encapsulating RSA KEM keys (RSASVE).
Another vulnerability (CVE-2026-31789) is caused by a buffer overflow and can potentially lead to code execution when performing string-to-hexadecimal conversion operations when processing specially crafted X.509 certificates. This issue is rated as benign because it only affects 32-bit platforms. The remaining vulnerabilities are caused by reading data from an out-of-bounds buffer, accessing memory that has already been freed, and dereferencing a null pointer.
- A critical vulnerability (CVE-2026-32922) with a severity rating of 10 out of 10 has been fixed in OpenClaw 2026.3.11, the OpenClaw AI agent that allows AI models to interact with system environments (e.g., run utilities and work with files). The vulnerability is caused by the "/pairapprove" command not properly checking permissions, allowing any user with pairing privileges (the lowest privilege level required to access OpenClaw) to assert administrator rights for themselves and gain complete control of the environment. To perform an attack, simply connect to OpenClaw, request registration of a dummy device with operator.admin access, and then approve their own request with the "/pairapprove" command, gaining complete control of the targeted OpenClaw instance and all associated services.
A few days earlier, a similar vulnerability (CVE-2026-33579) was discovered in OpenClaw, allowing for bypassing access checks and gaining administrator privileges. The researchers who discovered the issue cite statistics showing 135 publicly accessible OpenClaw instances online, 63% of which allow unauthenticated connections.
- A vulnerability (CVE-2026-39860) has been identified in the Nix package manager used in the NixOS distribution. It has been assigned a critical severity level (9 out of 10). The vulnerability allows any file in the system to be overwritten, depending on the permissions of the Nix background process, which runs with root privileges in NixOS and multi-user installations. The issue is caused by an improper fix for vulnerability CVE-2024-27297 in 2024. Exploitation occurs through the substitution of a symbolic link in a directory within an isolated build environment where the build output was written. The vulnerability was fixed in Nix 2.34.5, 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, and 2.28.6.
- Five vulnerabilities in the Linux kernel, identified during experiments with the Claude Code toolkit and affecting the nfsd, io_uring, futex, and ksmbd subsystems (1, 2), have been fixed. The vulnerability in the NFS driver allows kernel memory contents to be discovered by sending requests to an NFS server. The issue is caused by a bug that has been present since kernel 2.6.0 (2003).
Source: opennet.ru
