An gano wasu matsaloli masu haɗari a cikin 'yan kwanakin nan, waɗanda yawancinsu ana iya amfani da su daga nesa:
- A cikin fitowar tsarin multimedia na GStreamer 1.28.2, an gano raunin da ya faru guda 11, uku daga cikinsu sun faru ne sakamakon kwararar buffer kuma yana iya haifar da aiwatar da lambar yayin sarrafa kwantena na multimedia na musamman na MKV (ba a sanya CVE ba) da MOV/MP4 (CVE-2026-5056), da kuma rafukan H.266/VVC (ba a sanya CVE ba). Sauran raunin da ya faru guda takwas suna faruwa ne sakamakon kwararar lamba ko kuma rashin ambaton NULL kuma suna iya haifar da ƙin sabis ko ɓullar bayanai yayin sarrafa bayanai na WAV, JPEG2000, AV1, H.264, MOV, MP4, FLV, mDVDsub, da SRT/WebVTT. Hadarin raunin da ke cikin GStreamer yana ƙaruwa ne saboda ana amfani da shi a cikin GNOME don yin nazarin metadata lokacin da ake nuna sabbin fayiloli ta atomatik, watau Don kai hari, ya isa a sauke fayil zuwa cikin kundin adireshi mai suna ~/Saukewa.
- В uwar garke An gano raunin guda takwas a cikin bugun CUPS, biyu daga cikinsu (CVE-2026-34980 da CVE-2026-34990) ana iya amfani da su don cimma aiwatar da lambar nesa tare da gata ta asali ta hanyar aika buƙatar da aka ƙera musamman zuwa sabar bugawa. Rashin lafiyar farko yana bawa mai hari wanda ba a tabbatar da shi ba damar cimma aiwatar da lambar tare da gata ta mai amfani da lp ta hanyar aika aikin bugawa na musamman (matsalar ta samo asali ne ta hanyar sarrafa haruffan ciyar da layi da suka tsere ba daidai ba). Rashin lafiyar ta biyu yana ba da damar haɓaka gata daga mai amfani da lp zuwa tushen ta hanyar gyara fayiloli masu gata ta asali ta hanyar maye gurbin firintar ƙarya. Sabuntawar CUPS wanda ke gyara waɗannan raunin ba ta samuwa ba tukuna.
- An buga wani faci na ɗakin karatu na ɓoye bayanai na wolfSSL, sigar 5.9.1, wanda ya gyara raunin 21. An kimanta matsala ɗaya a matsayin mai mahimmanci, kuma tara an kimanta su a matsayin masu girma (yana haifar da lalacewar ƙwaƙwalwa). Rashin raunin bayanai mai mahimmanci (CVE-2026-5194) ya faru ne saboda rashin girman hash da kuma tabbatar da OID. Wannan yana ba da damar ƙayyade ƙananan hashs, ta haka yana raunana ƙarfin algorithms na sa hannu na dijital na ECDSA/ECC, DSA, ML-DSA, ED25519, da ED448 da kuma ketare tantancewa bisa ga takardar shaida. Injiniyoyin Anthropic ne suka gano raunin a lokacin bita na lamba tare da samfurin AI.
- An buga fitowar faci na ɗakin karatu na OpenSSL cryptography 3.6.2, 3.5.6, 3.4.5, da 3.3.7, wanda hakan ya gyara raunin da ke tattare da shi guda bakwai. Mafi tsananin raunin da ke tattare da shi (CVE-2026-31790) na iya haifar da zubewar bayanai masu mahimmanci da ke cikin ma'ajiyar bayanai bayan wani aiki da ya gabata. Matsalar ta samo asali ne daga amfani da ƙwaƙwalwar da ba ta fara aiki ba yayin da ake lulluɓe maɓallan RSA KEM (RSASVE).
Wani rauni (CVE-2026-31789) yana faruwa ne sakamakon kwararar ma'ajiyar bayanai (buffer empty) kuma yana iya haifar da aiwatar da lambar yayin gudanar da ayyukan canza layi-zuwa-hexadecimal lokacin sarrafa takaddun shaida na X.509 da aka ƙera musamman. An kimanta wannan matsalar a matsayin mara kyau saboda tana shafar dandamali na bit 32 kawai. Sauran raunin da ya rage suna faruwa ne ta hanyar karanta bayanai daga ma'ajiyar bayanai ta waje, samun damar shiga ƙwaƙwalwar ajiya da aka riga aka 'yantar, da kuma rashin ambaton alamar null.
- An gyara wani mummunan rauni (CVE-2026-32922) tare da ƙimar tsanani na 10 cikin 10 a cikin OpenClaw 2026.3.11, wakilin OpenClaw AI wanda ke ba samfuran AI damar hulɗa da yanayin tsarin (misali, gudanar da kayan aiki da aiki tare da fayiloli). Rashin rauni yana faruwa ne sakamakon umarnin "/pairaapprove" ba tare da duba izini yadda ya kamata ba, yana bawa kowane mai amfani da gata na haɗawa (mafi ƙarancin matakin gata da ake buƙata don shiga OpenClaw) damar tabbatar da haƙƙin mai gudanarwa da kansu da kuma samun cikakken iko akan muhalli. Don yin hari, kawai haɗi zuwa OpenClaw, nemi rajistar na'urar wayo tare da damar operator.admin, sannan amincewa da buƙatarsu tare da umarnin "/pairaapprove", samun cikakken iko akan misalin OpenClaw da duk ayyukan da ke da alaƙa.
Kwanaki kaɗan da suka gabata, an gano irin wannan rauni (CVE-2026-33579) a cikin OpenClaw, wanda ya ba da damar kauce wa binciken shiga da kuma samun damar masu gudanarwa. Masu binciken da suka gano matsalar sun ambaci ƙididdiga da ke nuna misalai 135 na OpenClaw da jama'a ke iya samu akan layi, kashi 63% daga cikinsu suna ba da damar haɗin yanar gizo mara izini.
- An gano rauni (CVE-2026-39860) a cikin manajan kunshin Nix da aka yi amfani da shi a cikin rarrabawar NixOS. An sanya shi matakin tsananin tsanani (9 cikin 10). Rashin rauni yana ba da damar sake rubuta kowane fayil a cikin tsarin, ya danganta da izinin tsarin bayan Nix, wanda ke gudana tare da gata na tushen a cikin NixOS da shigarwar masu amfani da yawa. Matsalar ta samo asali ne daga gyara mara kyau ga rauni CVE-2024-27297 a cikin 2024. Amfani yana faruwa ta hanyar maye gurbin hanyar haɗi ta alama a cikin kundin adireshi a cikin yanayin gini mai keɓewa inda aka rubuta fitowar ginin. An gyara raunin a cikin Nix 2.34.5, 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, da 2.28.6.
- An gyara raunin da ke cikin kernel na Linux guda biyar, waɗanda aka gano a lokacin gwaje-gwajen da aka yi da kayan aikin Claude Code kuma suka shafi tsarin nfsd, io_uring, futex, da ksmbd (1, 2). Rashin raunin da ke cikin direban NFS yana ba da damar gano abubuwan da ke cikin ƙwaƙwalwar kernel ta hanyar aika buƙatun zuwa sabar NFS. Matsalar ta samo asali ne daga kwaro da ke akwai tun kernel 2.6.0 (2003).
source: budenet.ru
