{"@context":"https://openvex.dev/ns/v0.2.0","@id":"pkg:docker/agent@7.76.3","author":"security@datadoghq.com","author_role":"Vulnerability Management","last_updated":"2026-05-14T11:45:33.063956357Z","statements":[{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent is compiled for Linux, so host_id_bsd.go is excluded at compile time and the kenv invocation is not present in the binary.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:24:45.249457Z","products":[{"@id":"pkg:golang/go.opentelemetry.io/otel/sdk@v1.39.0"}],"status":"affected","timestamp":"2026-05-14T10:21:22.03714Z","vulnerability":{"name":"CVE-2026-39883"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.987591Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.987591Z","products":[{"@id":"pkg:deb/ubuntu/login@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/passwd@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/login@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=shadow"},{"@id":"pkg:deb/ubuntu/passwd@1%3A4.13%2Bdfsg1-4ubuntu3.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=shadow"}],"status":"affected","timestamp":"2026-05-14T10:21:21.98759Z","vulnerability":{"name":"CVE-2024-56433"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.990312Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.990312Z","products":[{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:21.990311Z","vulnerability":{"name":"CVE-2024-2236"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.991161Z","impact_statement":"CVE-2018-10126 represents ZERO security risk to the Datadog Agent running on Ubuntu 24.04. Both Ubuntu and Debian security teams have assessed this as having no security impact, and the vulnerability cannot be reproduced in modern versions of the software.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:21:21.991161Z","products":[{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libjpeg-turbo"},{"@id":"pkg:deb/ubuntu/libjpeg-turbo8@2.1.5-2ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libjpeg-turbo"}],"status":"not_affected","timestamp":"2026-05-14T10:21:21.991161Z","vulnerability":{"name":"CVE-2018-10126"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.991719Z","impact_statement":"The Datadog Agent uses its significantly newer embedded OpenSSL, not the Ubuntu system OpenSSL package.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:21.991719Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-05-14T10:21:21.991719Z","vulnerability":{"name":"CVE-2024-41996"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.993116Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.993116Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:21.993116Z","vulnerability":{"name":"CVE-2026-6100"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.994436Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.994436Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:21.994436Z","vulnerability":{"name":"CVE-2026-42010"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.994547Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.994547Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:21.994547Z","vulnerability":{"name":"CVE-2026-22016"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.994596Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.994596Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:21.994596Z","vulnerability":{"name":"CVE-2025-27587"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.99466Z","impact_statement":"Given the low risk of this vulnerability, since it requires repeated use of the system tar binary and the agent neither invokes /usr/bin/tar nor relies on it for archive handling, instead using Go’s safe archive/tar implementation with path protections, we propose to wait for an official fix from the vendor.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:21:21.99466Z","products":[{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-05-14T10:21:21.994659Z","vulnerability":{"name":"CVE-2025-45582"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.997987Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.997987Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:21.997986Z","vulnerability":{"name":"CVE-2026-3298"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.998033Z","impact_statement":"No agent code uses `imaplib`, the agent is an infrastructure monitoring tool with no email/IMAP functionality","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:21.998033Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"not_affected","timestamp":"2026-05-14T10:21:21.998033Z","vulnerability":{"name":"CVE-2025-15366"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.998057Z","impact_statement":"interpreter. The vulnerability is a command injection via newlines in the `poplib` module (Python's POP3 email client library). No agent code uses `poplib`,","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:21.998056Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"not_affected","timestamp":"2026-05-14T10:21:21.998056Z","vulnerability":{"name":"CVE-2025-15367"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.998118Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.998118Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:21.998118Z","vulnerability":{"name":"CVE-2026-3833"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:21.999924Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:21.999924Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:21.999924Z","vulnerability":{"name":"CVE-2026-39820"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.00018Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.00018Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.00018Z","vulnerability":{"name":"CVE-2026-1502"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.000257Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.000256Z","products":[{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.000256Z","vulnerability":{"name":"CVE-2025-5278"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.000319Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.000319Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.000319Z","vulnerability":{"name":"CVE-2026-33846"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.000361Z","impact_statement":"The ffmpeg-related packages identified in the scan are transitive dependencies introduced through the browser components used by the Synthetics worker. They are not directly invoked by Datadog application code, but are installed as part of the underlying operating system and Chrome dependencies required for browser-based test execution.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:22.000361Z","products":[{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"}],"status":"not_affected","timestamp":"2026-05-14T10:21:22.00036Z","vulnerability":{"name":"CVE-2025-1352"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.000502Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.000502Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-05-14T10:21:22.000502Z","vulnerability":{"name":"CVE-2026-4437"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.00257Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.00257Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-05-14T10:21:22.00257Z","vulnerability":{"name":"CVE-2026-4046"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.002642Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.002642Z","products":[{"@id":"pkg:pypi/lxml@6.0.1"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.002641Z","vulnerability":{"name":"CVE-2026-41066"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.002724Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.002724Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.002724Z","vulnerability":{"name":"CVE-2026-22013"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.002779Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.002779Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.002779Z","vulnerability":{"name":"CVE-2026-22018"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.002833Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.002833Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.002833Z","vulnerability":{"name":"CVE-2026-22021"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.002898Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.002898Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.002898Z","vulnerability":{"name":"CVE-2026-34282"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.005479Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.005479Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.005479Z","vulnerability":{"name":"CVE-2026-7210"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.005538Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.005538Z","products":[{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.1?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/coreutils@9.4-3ubuntu6.2?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:22.005538Z","vulnerability":{"name":"CVE-2016-2781"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.005602Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.005602Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.005601Z","vulnerability":{"name":"CVE-2026-5450"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.007317Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.007317Z","products":[{"@id":"pkg:generic/curl@8.18.0"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.007317Z","vulnerability":{"name":"CVE-2026-5545"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.00745Z","impact_statement":"The vulnerability only affects applications that use the `altchars` parameter or `urlsafe_b64decode()` with a custom alphabet. Neither pattern are used in the agent.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:22.00745Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"not_affected","timestamp":"2026-05-14T10:21:22.00745Z","vulnerability":{"name":"CVE-2025-12781"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.00754Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.00754Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.00754Z","vulnerability":{"name":"CVE-2026-33845"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.007594Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.007594Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.007594Z","vulnerability":{"name":"CVE-2026-5928"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.007673Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.007673Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.007673Z","vulnerability":{"name":"CVE-2026-42499"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.007839Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.007839Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.007839Z","vulnerability":{"name":"CVE-2026-5435"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.007896Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.007896Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.007896Z","vulnerability":{"name":"CVE-2026-6238"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.007993Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.007992Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-05-14T10:21:22.007992Z","vulnerability":{"name":"CVE-2026-4438"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.008077Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.008077Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.008077Z","vulnerability":{"name":"CVE-2026-40225"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.008235Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.008235Z","products":[{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.008235Z","vulnerability":{"name":"CVE-2025-6141"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.008377Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.008377Z","products":[{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.008377Z","vulnerability":{"name":"CVE-2026-43916"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.008559Z","impact_statement":"While the vulnerable libpam0g package is present in the Datadog Agent's Ubuntu base image, the Agent does not use PAM for authentication operations, making this vulnerability not exploitable in the Agent's context.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:21:22.008558Z","products":[{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-runtime@1.5.3-5ubuntu5.5?arch=all\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam0g@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"},{"@id":"pkg:deb/ubuntu/libpam-modules-bin@1.5.3-5ubuntu5.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=pam"}],"status":"not_affected","timestamp":"2026-05-14T10:21:22.008558Z","vulnerability":{"name":"CVE-2024-10041"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.013143Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.013143Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.013143Z","vulnerability":{"name":"CVE-2026-33814"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.016266Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.016266Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.016266Z","vulnerability":{"name":"CVE-2026-3832"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.016338Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.016337Z","products":[{"@id":"pkg:deb/ubuntu/liblzma5@5.6.1%2Breally5.4.5-1ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=xz-utils"},{"@id":"pkg:deb/ubuntu/liblzma5@5.6.1%2Breally5.4.5-1ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=xz-utils"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.016337Z","vulnerability":{"name":"CVE-2026-34743"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.016655Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.016654Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.016653Z","vulnerability":{"name":"CVE-2026-22008"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.016888Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.016887Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.016887Z","vulnerability":{"name":"CVE-2026-39836"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.017136Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.017136Z","products":[{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/tar@1.35%2Bdfsg-3build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:22.017135Z","vulnerability":{"name":"CVE-2026-5704"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.017255Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.017255Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.017254Z","vulnerability":{"name":"CVE-2026-6019"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.017355Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.017355Z","products":[{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc6@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"},{"@id":"pkg:deb/ubuntu/libc-bin@2.39-0ubuntu8.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=glibc"}],"status":"affected","timestamp":"2026-05-14T10:21:22.017354Z","vulnerability":{"name":"CVE-2016-20013"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.017455Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.017455Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.017454Z","vulnerability":{"name":"CVE-2026-42154"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.018744Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.018744Z","products":[{"@id":"pkg:golang/github.com/moby/spdystream@v0.5.0"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.01874Z","vulnerability":{"name":"CVE-2026-35469"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.018822Z","impact_statement":"This is an incomplete-mitigation bypass of CVE-2026-4519: %action substitution in webbrowser.open() can bypass the leading-dash check and allow command injection. The fix was merged into CPython main via PR #148170 on 2026-04-13. The 3.13 backport PR #148517 is open but not yet merged. This fix did not make it into Python 3.13.13 (released 2026-04-07). We are actively tracking until the 3.13 backport merges and ships in the next 3.13.x release.","justification":"","last_updated":"2026-05-14T10:21:22.018822Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.018822Z","vulnerability":{"name":"CVE-2026-4786"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.023813Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.023813Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.023813Z","vulnerability":{"name":"CVE-2026-42011"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.023862Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.023862Z","products":[{"@id":"pkg:pypi/cryptography@46.0.5"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.023862Z","vulnerability":{"name":"CVE-2026-39892"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.023907Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.023907Z","products":[{"@id":"pkg:generic/curl@8.18.0"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.023906Z","vulnerability":{"name":"CVE-2026-5773"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.024023Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.024023Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.024023Z","vulnerability":{"name":"CVE-2026-33811"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.024532Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.024531Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.024531Z","vulnerability":{"name":"CVE-2026-22007"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.02459Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.02459Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.02459Z","vulnerability":{"name":"CVE-2026-34268"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.024793Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.024792Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.024792Z","vulnerability":{"name":"CVE-2026-40227"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.025051Z","impact_statement":"The Datadog Agent reads dpkg status metadata files (`/var/lib/dpkg/status`) in Go for SBOM and compliance purposes but never invokes `dpkg-deb` or processes .deb archives at runtime. No fix is available for Ubuntu 24.04 yet.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:21:22.025051Z","products":[{"@id":"pkg:deb/ubuntu/dpkg@1.22.6ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/dpkg@1.22.6ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"not_affected","timestamp":"2026-05-14T10:21:22.02505Z","vulnerability":{"name":"CVE-2026-2219"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.025228Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.025228Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.025228Z","vulnerability":{"name":"CVE-2026-33997"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.02531Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.02531Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.025309Z","vulnerability":{"name":"CVE-2026-39826"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.025572Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.025571Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.025571Z","vulnerability":{"name":"CVE-2026-39817"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.031492Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.031492Z","products":[{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.4"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.4?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.4"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.4?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/bsdutils@1%3A2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux%402.39.3-9ubuntu6.5"},{"@id":"pkg:deb/ubuntu/libblkid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libmount1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libsmartcols1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/libuuid1@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/mount@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=util-linux"},{"@id":"pkg:deb/ubuntu/util-linux@2.39.3-9ubuntu6.5?arch=amd64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:22.031492Z","vulnerability":{"name":"CVE-2026-27456"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.031935Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.031935Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.031935Z","vulnerability":{"name":"CVE-2026-40223"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.032047Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.032046Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.032046Z","vulnerability":{"name":"CVE-2026-42501"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.032195Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.032195Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.032195Z","vulnerability":{"name":"CVE-2026-39825"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.03416Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.03416Z","products":[{"@id":"pkg:pypi/pip@25.3"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.034159Z","vulnerability":{"name":"CVE-2026-6357"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.034293Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.034293Z","products":[{"@id":"pkg:pypi/pip@25.3"}],"status":"affected","timestamp":"2026-05-14T10:21:22.034292Z","vulnerability":{"name":"CVE-2026-3219"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.034448Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.034448Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.034448Z","vulnerability":{"name":"CVE-2026-22003"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.034643Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.034643Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.034643Z","vulnerability":{"name":"CVE-2026-40228"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.034911Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.034911Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.034911Z","vulnerability":{"name":"CVE-2026-39823"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.035289Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.035289Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.035288Z","vulnerability":{"name":"CVE-2026-42151"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.036779Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.036779Z","products":[{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libgcrypt20@1.10.3-2build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.036779Z","vulnerability":{"name":"CVE-2026-41989"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.036825Z","impact_statement":"The datadog-agent uses docker exclusively as a client library. It never runs dockerd, never loads or exposes AuthZ plugins, and never executes the daemon-side authorization plugins where the vulnerability lives.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:22.036825Z","products":[{"@id":"pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible"}],"status":"not_affected","timestamp":"2026-05-14T10:21:22.036824Z","vulnerability":{"name":"CVE-2026-34040"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.037091Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.037091Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.037091Z","vulnerability":{"name":"CVE-2026-40224"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.037622Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.037622Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.037622Z","vulnerability":{"name":"CVE-2026-40179"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.037923Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.037923Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.037923Z","vulnerability":{"name":"CVE-2026-40226"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.038066Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.038066Z","products":[{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"},{"@id":"pkg:deb/ubuntu/gpgv@2.4.4-2ubuntu17.4?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnupg2"}],"status":"affected","timestamp":"2026-05-14T10:21:22.038065Z","vulnerability":{"name":"CVE-2022-3219"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.038287Z","impact_statement":"While libbpf1 version 1.3.0-2build2 is installed and IS vulnerable, the Datadog Agent does not use libbpf. Additionally, the vulnerability is disputed by maintainers as it requires root privileges to trigger.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:21:22.038287Z","products":[{"@id":"pkg:deb/ubuntu/libbpf1@1%3A1.3.0-2build2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libbpf%401.3.0-2build2"},{"@id":"pkg:deb/ubuntu/libbpf1@1%3A1.3.0-2build2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libbpf%401.3.0-2build2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:22.038286Z","vulnerability":{"name":"CVE-2025-29481"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.038352Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.038352Z","products":[{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp@v0.14.0"},{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp@v1.39.0"},{"@id":"pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.39.0"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.038351Z","vulnerability":{"name":"CVE-2026-39882"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.038444Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.038444Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.038444Z","vulnerability":{"name":"CVE-2026-39819"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.038624Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.038624Z","products":[{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-base@6.4%2B20240113-1ubuntu2?arch=all\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libncursesw6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/libtinfo6@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"},{"@id":"pkg:deb/ubuntu/ncurses-bin@6.4%2B20240113-1ubuntu2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=ncurses"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.038624Z","vulnerability":{"name":"CVE-2025-69720"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.038826Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.038826Z","products":[{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"},{"@id":"pkg:deb/ubuntu/libelf1t64@0.190-1.1ubuntu0.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=elfutils"}],"status":"affected","timestamp":"2026-05-14T10:21:22.038826Z","vulnerability":{"name":"CVE-2025-1376"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.039082Z","impact_statement":"The Datadog Agent's Go binary uses Go's standard library `compress/zlib` (pure Go, no linkage to system libz), and Python's `zlib` module, while linking against system libz, does not expose `crc32_combine64` to Python userspace.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:21:22.039082Z","products":[{"@id":"pkg:deb/ubuntu/zlib1g@1%3A1.3.dfsg-3.1ubuntu2.1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=zlib"},{"@id":"pkg:generic/zlib@1.3.1"},{"@id":"pkg:deb/ubuntu/zlib1g@1%3A1.3.dfsg-3.1ubuntu2.1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=zlib"}],"status":"not_affected","timestamp":"2026-05-14T10:21:22.039082Z","vulnerability":{"name":"CVE-2026-27171"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.039728Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.039728Z","products":[{"@id":"pkg:pypi/paramiko@3.5.1"}],"status":"affected","timestamp":"2026-05-14T10:21:22.039728Z","vulnerability":{"name":"CVE-2026-44405"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.039834Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.039834Z","products":[{"@id":"pkg:pypi/urllib3@2.6.3"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.039834Z","vulnerability":{"name":"CVE-2026-44431"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.039871Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.039871Z","products":[{"@id":"pkg:pypi/urllib3@2.6.3"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.039871Z","vulnerability":{"name":"CVE-2026-44432"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.039904Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.039904Z","products":[{"@id":"pkg:golang/github.com/prometheus/prometheus@v0.309.2-0.20260113170727-c7bc56cf6c8f"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.039904Z","vulnerability":{"name":"CVE-2026-44903"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.039953Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.039953Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.039952Z","vulnerability":{"name":"CVE-2026-42009"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.040003Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.040002Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.040002Z","vulnerability":{"name":"CVE-2026-42012"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.040047Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.040046Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.040046Z","vulnerability":{"name":"CVE-2026-42013"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.040103Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.040103Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.040103Z","vulnerability":{"name":"CVE-2026-42014"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.040156Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.040156Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.040155Z","vulnerability":{"name":"CVE-2026-42015"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.040196Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.040196Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.040196Z","vulnerability":{"name":"CVE-2026-5260"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.040239Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.040239Z","products":[{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"},{"@id":"pkg:deb/ubuntu/libgnutls30t64@3.8.3-1.1ubuntu3.5?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=gnutls28"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.040239Z","vulnerability":{"name":"CVE-2026-5419"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.040295Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.040295Z","products":[{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"},{"@id":"pkg:deb/ubuntu/openjdk-11-jre-headless@11.0.30%2B7-1ubuntu1~24.04?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openjdk-lts"}],"status":"under_investigation","timestamp":"2026-05-14T10:21:22.040295Z","vulnerability":{"name":"CVE-2026-22020"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:22.045594Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.045594Z","products":[{"@id":"pkg:pypi/setuptools@75.1.0?catalog_name=setuptools3\u0026download_url=https%3A%2F%2Fgithub.com%2Fpypa%2Fsetuptools%2Farchive%2Fv75.1.0.tar.gz\u0026checksum=sha256:514dc60688d3118c9883a3dd54a38b28128ea912c01ea325d6e204a93da3b524"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045593Z","vulnerability":{"name":"CVE-2025-47273"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.2818Z","products":[{"@id":"pkg:deb/ubuntu/libnss3@2%3A3.98-1build1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=nss"},{"@id":"pkg:deb/ubuntu/libnss3@2%3A3.98-1build1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=nss"}],"status":"fixed","timestamp":"2026-05-14T10:21:22.281799Z","vulnerability":{"name":"CVE-2026-2781"}},{"action_statement":"","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:21:22.281896Z","products":[{"@id":"pkg:golang/github.com/cloudflare/circl@v1.6.2-0.20250618153321-aa837fd1539d"}],"status":"fixed","timestamp":"2026-05-14T10:21:22.281896Z","vulnerability":{"name":"CVE-2026-1229"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.64859Z","products":[{"@id":"pkg:generic/openssl@3.5.5"},{"@id":"pkg:generic/openssl@3.5.5?catalog_name=openssl3\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.5.5.tar.gz\u0026checksum=sha256:b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"}],"status":"affected","timestamp":"2026-05-14T10:21:22.02393Z","vulnerability":{"name":"CVE-2026-2673"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648605Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.024341Z","vulnerability":{"name":"CVE-2026-27140"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.64861Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.024727Z","vulnerability":{"name":"CVE-2026-2297"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648581Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.022737Z","vulnerability":{"name":"CVE-2026-32280"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648586Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.023291Z","vulnerability":{"name":"CVE-2026-32283"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648627Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.037232Z","vulnerability":{"name":"CVE-2026-32289"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648632Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.037657Z","vulnerability":{"name":"CVE-2026-32282"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648637Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:generic/openssl@3.5.5"},{"@id":"pkg:generic/openssl@3.5.5?catalog_name=openssl3\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.5.5.tar.gz\u0026checksum=sha256:b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:22.037863Z","vulnerability":{"name":"CVE-2026-31789"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648641Z","products":[{"@id":"pkg:deb/ubuntu/libcap2@1%3A2.66-5ubuntu2.2?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcap2-bin@1%3A2.66-5ubuntu2.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libcap2"},{"@id":"pkg:deb/ubuntu/libcap2@1%3A2.66-5ubuntu2.2?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcap2-bin@1%3A2.66-5ubuntu2.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libcap2"}],"status":"affected","timestamp":"2026-05-14T10:21:22.037995Z","vulnerability":{"name":"CVE-2026-4878"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648647Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.038112Z","vulnerability":{"name":"CVE-2026-27144"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent image neither calls webbrowser.open() as part of its runtime nor has a web browser installed.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T11:09:53.648651Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.038311Z","vulnerability":{"name":"CVE-2026-4519"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648657Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.038788Z","vulnerability":{"name":"CVE-2025-13462"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648663Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.039283Z","vulnerability":{"name":"CVE-2026-32288"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648667Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.039793Z","vulnerability":{"name":"CVE-2026-3479"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:57:34.551799Z","products":[{"@id":"pkg:golang/go.opentelemetry.io/otel@v1.39.1-0.20260115134311-f809f7d71e2d"}],"status":"affected","timestamp":"2026-05-14T10:21:21.999773Z","vulnerability":{"name":"CVE-2026-29181"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:57:34.551838Z","products":[{"@id":"pkg:golang/github.com/buger/jsonparser@v1.1.1"}],"status":"affected","timestamp":"2026-05-14T10:21:22.008141Z","vulnerability":{"name":"CVE-2026-32285"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:57:34.551846Z","products":[{"@id":"pkg:pypi/pyasn1@0.4.8"}],"status":"affected","timestamp":"2026-05-14T10:21:22.010887Z","vulnerability":{"name":"CVE-2026-30922"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The datadog-agent and the code of the integrations in use do not call the set_cookie_generate_callback function at any point, so it is not exploitable in our context.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:57:34.551851Z","products":[{"@id":"pkg:pypi/pyopenssl@25.3.0"}],"status":"affected","timestamp":"2026-05-14T10:21:22.013019Z","vulnerability":{"name":"CVE-2026-27459"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:57:34.551855Z","products":[{"@id":"pkg:golang/github.com/go-jose/go-jose/v4@v4.1.3"}],"status":"affected","timestamp":"2026-05-14T10:21:22.016169Z","vulnerability":{"name":"CVE-2026-34986"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:57:34.551869Z","products":[{"@id":"pkg:pypi/pyopenssl@25.3.0"}],"status":"affected","timestamp":"2026-05-14T10:21:22.025193Z","vulnerability":{"name":"CVE-2026-27448"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:57:34.551893Z","products":[{"@id":"pkg:pypi/cryptography@46.0.5"}],"status":"affected","timestamp":"2026-05-14T10:21:22.038858Z","vulnerability":{"name":"CVE-2026-34073"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:57:34.551902Z","products":[{"@id":"pkg:pypi/requests@2.32.5"}],"status":"affected","timestamp":"2026-05-14T10:21:22.03924Z","vulnerability":{"name":"CVE-2026-25645"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The vulnerability affects the `mimetypes` module's use of Unix-style paths on Windows, requiring a local user to plant malicious files. No agent code uses `mimetypes`, no local users exist in the container, and the CVSS score is 2.3/Low","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:57:34.551917Z","products":[{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"},{"@id":"pkg:generic/python@3.13.11"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04923Z","vulnerability":{"name":"CVE-2024-3220"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241785Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:21.994235Z","vulnerability":{"name":"CVE-2026-0672"}},{"action_statement":"This vulnerability was fixed in: 7.78.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:57:34.551923Z","products":[{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"},{"@id":"pkg:generic/python@3.13.11"}],"status":"affected","timestamp":"2026-05-14T10:21:22.049395Z","vulnerability":{"name":"CVE-2026-3087"}},{"action_statement":"This vulnerability was fixed in: 7.77.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:51:56.783204Z","products":[{"@id":"pkg:pypi/pip@25.3"}],"status":"affected","timestamp":"2026-05-14T10:21:22.037198Z","vulnerability":{"name":"CVE-2026-1703"}},{"action_statement":"This vulnerability was fixed in: 7.77.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:44:28.456732Z","products":[{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libsystemd0@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"},{"@id":"pkg:deb/ubuntu/libudev1@255.4-1ubuntu8.12?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=systemd"}],"status":"affected","timestamp":"2026-05-14T10:21:22.024981Z","vulnerability":{"name":"CVE-2026-29111"}},{"action_statement":"This vulnerability was fixed in: 7.77.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:44:28.456762Z","products":[{"@id":"pkg:pypi/pyjwt@2.10.1"}],"status":"affected","timestamp":"2026-05-14T10:21:22.02511Z","vulnerability":{"name":"CVE-2026-32597"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:16.800357Z","products":[{"@id":"pkg:generic/curl@8.18.0"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:21:22.000443Z","vulnerability":{"name":"CVE-2026-1965"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:16.800387Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.002088Z","vulnerability":{"name":"CVE-2026-25679"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:16.800401Z","products":[{"@id":"pkg:generic/curl@8.18.0"}],"status":"affected","timestamp":"2026-05-14T10:21:22.008182Z","vulnerability":{"name":"CVE-2026-3805"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:16.800408Z","products":[{"@id":"pkg:golang/google.golang.org/grpc@v1.78.0"}],"status":"affected","timestamp":"2026-05-14T10:21:22.013326Z","vulnerability":{"name":"CVE-2026-33186"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:16.800421Z","products":[{"@id":"pkg:generic/curl@8.18.0"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:21:22.024243Z","vulnerability":{"name":"CVE-2026-3784"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:16.800428Z","products":[{"@id":"pkg:generic/curl@8.18.0"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:21:22.02466Z","vulnerability":{"name":"CVE-2026-3783"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:16.800442Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.03692Z","vulnerability":{"name":"CVE-2026-27142"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:16.800464Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.039459Z","vulnerability":{"name":"CVE-2026-27139"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241816Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:21.994493Z","vulnerability":{"name":"CVE-2026-0865"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241831Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.005662Z","vulnerability":{"name":"CVE-2025-15282"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241836Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.007015Z","vulnerability":{"name":"CVE-2026-1299"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241848Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.008663Z","vulnerability":{"name":"CVE-2025-11468"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The installed orjson version is vulnerable, but the vulnerability affects orjson.dumps() which the agent does NOT use making this vulnerability risk NEGLIGIBLE.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:33:02.241853Z","products":[{"@id":"pkg:pypi/orjson@3.11.3"}],"status":"affected","timestamp":"2026-05-14T10:21:22.013082Z","vulnerability":{"name":"CVE-2025-67221"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"the CVE is macOS-only","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:33:02.241873Z","products":[{"@id":"pkg:golang/go.opentelemetry.io/otel/sdk@v1.39.0"}],"status":"affected","timestamp":"2026-05-14T10:21:22.024901Z","vulnerability":{"name":"CVE-2026-24051"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241921Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.041677Z","vulnerability":{"name":"CVE-2014-0224"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.24193Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.041761Z","vulnerability":{"name":"CVE-2016-2106"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241934Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.041823Z","vulnerability":{"name":"CVE-2016-2109"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241939Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.041875Z","vulnerability":{"name":"CVE-2015-0204"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241943Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.041925Z","vulnerability":{"name":"CVE-2014-3470"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241947Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.041973Z","vulnerability":{"name":"CVE-2016-2107"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.24195Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042011Z","vulnerability":{"name":"CVE-2016-2108"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241954Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042061Z","vulnerability":{"name":"CVE-2015-4000"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241959Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042108Z","vulnerability":{"name":"CVE-2011-1473"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241963Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042155Z","vulnerability":{"name":"CVE-2021-4044"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241966Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042198Z","vulnerability":{"name":"CVE-2013-6449"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241969Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042245Z","vulnerability":{"name":"CVE-2009-3245"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241974Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042286Z","vulnerability":{"name":"CVE-2010-0742"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241985Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042327Z","vulnerability":{"name":"CVE-2014-8176"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241989Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042365Z","vulnerability":{"name":"CVE-2014-3567"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241993Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042407Z","vulnerability":{"name":"CVE-2014-3571"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.241997Z","products":[{"@id":"pkg:generic/nghttp2@1.58.0?download_url=https%3A%2F%2Fgithub.com%2Fnghttp2%2Fnghttp2%2Freleases%2Fdownload%2Fv1.58.0%2Fnghttp2-1.58.0.tar.gz\u0026checksum=sha256:9ebdfbfbca164ef72bdf5fd2a94a4e6dfb54ec39d2ef249aeb750a91ae361dfb"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042464Z","vulnerability":{"name":"CVE-2024-28182"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04251Z","vulnerability":{"name":"CVE-2015-0286"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242004Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.042555Z","vulnerability":{"name":"CVE-2009-4355"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242007Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.043802Z","vulnerability":{"name":"CVE-2010-0433"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242017Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04389Z","vulnerability":{"name":"CVE-2015-1788"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242023Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.043955Z","vulnerability":{"name":"CVE-2012-2110"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242027Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044004Z","vulnerability":{"name":"CVE-2003-0078"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242035Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044048Z","vulnerability":{"name":"CVE-2010-5298"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.24204Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044086Z","vulnerability":{"name":"CVE-2015-1792"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242044Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044121Z","vulnerability":{"name":"CVE-2015-1791"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242048Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04416Z","vulnerability":{"name":"CVE-2016-2176"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242052Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044201Z","vulnerability":{"name":"CVE-2009-0590"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242055Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044242Z","vulnerability":{"name":"CVE-2015-0292"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.24206Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04429Z","vulnerability":{"name":"CVE-2015-1790"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242067Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044333Z","vulnerability":{"name":"CVE-2014-3572"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242071Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04437Z","vulnerability":{"name":"CVE-2014-8275"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242074Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044403Z","vulnerability":{"name":"CVE-2012-2333"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242078Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044439Z","vulnerability":{"name":"CVE-2014-3570"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242086Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044477Z","vulnerability":{"name":"CVE-2015-0293"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242089Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044514Z","vulnerability":{"name":"CVE-2015-1789"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242097Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044548Z","vulnerability":{"name":"CVE-2016-0704"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.2421Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044582Z","vulnerability":{"name":"CVE-2015-0289"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242106Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044618Z","vulnerability":{"name":"CVE-2015-0287"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242111Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044656Z","vulnerability":{"name":"CVE-2016-0703"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242116Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044691Z","vulnerability":{"name":"CVE-2006-4339"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.24212Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044744Z","vulnerability":{"name":"CVE-2015-0288"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242126Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04478Z","vulnerability":{"name":"CVE-2012-1165"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242131Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044863Z","vulnerability":{"name":"CVE-2010-4180"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242135Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04492Z","vulnerability":{"name":"CVE-2015-3195"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242142Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.044975Z","vulnerability":{"name":"CVE-2014-3568"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242145Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045009Z","vulnerability":{"name":"CVE-2011-4619"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242149Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045045Z","vulnerability":{"name":"CVE-2012-0884"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242155Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045094Z","vulnerability":{"name":"CVE-2009-0789"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242158Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045131Z","vulnerability":{"name":"CVE-2011-1945"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242162Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045165Z","vulnerability":{"name":"CVE-2010-4252"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242165Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045198Z","vulnerability":{"name":"CVE-2011-4577"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242172Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04523Z","vulnerability":{"name":"CVE-2015-0209"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242176Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045269Z","vulnerability":{"name":"CVE-2009-3555"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.24218Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04531Z","vulnerability":{"name":"CVE-2006-7250"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242186Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045385Z","vulnerability":{"name":"CVE-2008-7270"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.24219Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045424Z","vulnerability":{"name":"CVE-2011-4108"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242194Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04546Z","vulnerability":{"name":"CVE-2011-4576"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242202Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045499Z","vulnerability":{"name":"CVE-2000-1254"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242207Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045539Z","vulnerability":{"name":"CVE-2012-0027"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242212Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045627Z","vulnerability":{"name":"CVE-1999-0428"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242218Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.045662Z","vulnerability":{"name":"CVE-2016-7056"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242222Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.04885Z","vulnerability":{"name":"CVE-2005-2946"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242225Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.048945Z","vulnerability":{"name":"CVE-2008-5077"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242232Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.048992Z","vulnerability":{"name":"CVE-2011-4354"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242237Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.049052Z","vulnerability":{"name":"CVE-2014-0076"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242245Z","products":[{"@id":"pkg:generic/unixodbc@2.3.9"}],"status":"affected","timestamp":"2026-05-14T10:21:22.049297Z","vulnerability":{"name":"CVE-2024-1013"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242251Z","products":[{"@id":"pkg:generic/openssl@0.0.1?catalog_name=openssl-fips-provider\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.0.9.tar.gz\u0026checksum=sha256:eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90"}],"status":"affected","timestamp":"2026-05-14T10:21:22.049481Z","vulnerability":{"name":"CVE-2007-3108"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:33:02.242258Z","products":[{"@id":"pkg:generic/nghttp2@1.58.0?download_url=https%3A%2F%2Fgithub.com%2Fnghttp2%2Fnghttp2%2Freleases%2Fdownload%2Fv1.58.0%2Fnghttp2-1.58.0.tar.gz\u0026checksum=sha256:9ebdfbfbca164ef72bdf5fd2a94a4e6dfb54ec39d2ef249aeb750a91ae361dfb"},{"@id":"pkg:deb/ubuntu/libnghttp2-14@1.59.0-1ubuntu0.2?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=nghttp2"},{"@id":"pkg:deb/ubuntu/libnghttp2-14@1.59.0-1ubuntu0.2?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=nghttp2"}],"status":"affected","timestamp":"2026-05-14T10:21:22.049823Z","vulnerability":{"name":"CVE-2026-27135"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:24:45.249488Z","products":[{"@id":"pkg:deb/ubuntu/sed@4.9-2build1?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/sed@4.9-2build1?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:22.039178Z","vulnerability":{"name":"CVE-2026-5958"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"This vulnerability is a NULL pointer dereference in OpenSSL's CMS EnvelopedData processing (CMS_decrypt function), exploitable only by applications that process attacker-controlled S/MIME or CMS messages. The Datadog Agent uses the embedded OpenSSL library exclusively for TLS connections to Datadog endpoints and performs no CMS or S/MIME processing. The vulnerable code path is not reachable at runtime. A fix will be included in a future agent release.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:09:53.648491Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:generic/openssl@3.5.5"},{"@id":"pkg:generic/openssl@3.5.5?catalog_name=openssl3\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.5.5.tar.gz\u0026checksum=sha256:b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:21.994687Z","vulnerability":{"name":"CVE-2026-28389"}},{"action_statement":"This vulnerability was fixed in: 7.78.2","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:17:44.412605Z","products":[{"@id":"pkg:deb/ubuntu/liblcms2-2@2.14-2build1?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=lcms2"},{"@id":"pkg:deb/ubuntu/liblcms2-2@2.14-2build1?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=lcms2"}],"status":"affected","timestamp":"2026-05-14T10:21:22.0175Z","vulnerability":{"name":"CVE-2026-41254"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"he Datadog Agent does not use EVP_PKEY_encapsulate function. The embedded OpenSSL is used solely for standard TLS connections to Datadog ingestion endpoints. The vulnerable code path is not reachable at runtime. A fix is available in OpenSSL 3.5.6 and will be included in a future agent release.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:09:53.64854Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:generic/openssl@3.5.5"},{"@id":"pkg:generic/openssl@3.5.5?catalog_name=openssl3\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.5.5.tar.gz\u0026checksum=sha256:b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:22.002932Z","vulnerability":{"name":"CVE-2026-31790"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.64855Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.007412Z","vulnerability":{"name":"CVE-2026-3644"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648562Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.012948Z","vulnerability":{"name":"CVE-2026-4224"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648566Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.016405Z","vulnerability":{"name":"CVE-2026-27143"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648571Z","products":[{"@id":"pkg:generic/python@3.13.11"},{"@id":"pkg:generic/python@3.13.11?catalog_name=python3\u0026download_url=https%3A%2F%2Fpython.org%2Fftp%2Fpython%2F3.13.11%2FPython-3.13.11.tgz\u0026checksum=sha256:03cfedbe06ce21bc44ce09245e091a77f2fee9ec9be5c52069048a181300b202"}],"status":"affected","timestamp":"2026-05-14T10:21:22.017199Z","vulnerability":{"name":"CVE-2026-3446"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648577Z","products":[{"@id":"pkg:golang/stdlib@1.25.7"}],"status":"affected","timestamp":"2026-05-14T10:21:22.020804Z","vulnerability":{"name":"CVE-2026-32281"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648527Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:generic/openssl@3.5.5"},{"@id":"pkg:generic/openssl@3.5.5?catalog_name=openssl3\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.5.5.tar.gz\u0026checksum=sha256:b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:21.997901Z","vulnerability":{"name":"CVE-2026-28390"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:09:53.648535Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:generic/openssl@3.5.5"},{"@id":"pkg:generic/openssl@3.5.5?catalog_name=openssl3\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.5.5.tar.gz\u0026checksum=sha256:b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:22.001943Z","vulnerability":{"name":"CVE-2026-28387"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent does not set X509_V_FLAG_USE_DELTAS making the vulnerable code path unreachable at runtime. A fix is available in OpenSSL 3.5.6 and will be included in a future agent release.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T11:09:53.648544Z","products":[{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:generic/openssl@3.5.5"},{"@id":"pkg:generic/openssl@3.5.5?catalog_name=openssl3\u0026download_url=https%3A%2F%2Fwww.openssl.org%2Fsource%2Fopenssl-3.5.5.tar.gz\u0026checksum=sha256:b28c91532a8b65a1f983b4c28b7488174e4a01008e29ce8e69bd789f28bc2a89"},{"@id":"pkg:deb/ubuntu/libssl3t64@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=openssl"},{"@id":"pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=arm64\u0026distro=ubuntu-24.04"}],"status":"affected","timestamp":"2026-05-14T10:21:22.00296Z","vulnerability":{"name":"CVE-2026-28388"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799907Z","impact_statement":"The Datadog Agent does not load or run untrusted Java code and is not a sandboxed Java runtime for customer applications. Accordingly, under normal and supported usage, Datadog has identified no viable exploit path for these vulnerabilities","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:14:16.799907Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.799907Z","vulnerability":{"name":"CVE-2025-30754"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799453Z","impact_statement":"The product is not affected by CVE-2019-16294 as the vulnerable component SciLexer.dll is not present","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:14:16.799453Z","products":[{"@id":"pkg:generic/scintilla@4.4.6"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.799452Z","vulnerability":{"name":"CVE-2019-16294"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.802464Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.802463Z","products":[{"@id":"pkg:generic/sqlite3@3.50.4.0"},{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"under_investigation","timestamp":"2026-05-14T10:14:16.802463Z","vulnerability":{"name":"CVE-2025-70873"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.802524Z","impact_statement":"The detected artifact (`libpq.dll`) is the PostgreSQL client connection library bundled with the psycopg3 binary wheel and does not contain the vulnerable dump/restore code","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:14:16.802524Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.802524Z","vulnerability":{"name":"CVE-2025-8714"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.80277Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:14:16.80277Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.80277Z","vulnerability":{"name":"CVE-2026-2006"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.802937Z","impact_statement":"Oracle advisory explicitly excludes server deployments; AWT/JavaFX not used; UI:R unsatisfiable","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:14:16.802937Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.802936Z","vulnerability":{"name":"CVE-2026-21932"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799488Z","impact_statement":"The agent uses Java for JMXFetch which runs only trusted, administrator-installed code to gather metrics from JMX-enabled applications making the exploitation scenario described in this CVE inapplicable to the agent's use case.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:14:16.799487Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.799487Z","vulnerability":{"name":"CVE-2025-30749"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.79958Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.79958Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-05-14T10:14:16.79958Z","vulnerability":{"name":"CVE-2025-6965"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799642Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.799642Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T10:14:16.799642Z","vulnerability":{"name":"CVE-2025-50106"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799692Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.799692Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-05-14T10:14:16.799692Z","vulnerability":{"name":"CVE-2025-3277"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799733Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.799733Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T10:14:16.799733Z","vulnerability":{"name":"CVE-2025-21587"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.803076Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:14:16.803076Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.803076Z","vulnerability":{"name":"CVE-2026-2005"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799779Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.799779Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T10:14:16.799778Z","vulnerability":{"name":"CVE-2025-50059"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799819Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.799819Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T10:14:16.799818Z","vulnerability":{"name":"CVE-2025-30698"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.799864Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.799864Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T10:14:16.799863Z","vulnerability":{"name":"CVE-2025-30761"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.79995Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.799949Z","products":[{"@id":"pkg:generic/sqlite@3.43.2"},{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"affected","timestamp":"2026-05-14T10:14:16.799949Z","vulnerability":{"name":"CVE-2025-29087"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.80315Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.80315Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"under_investigation","timestamp":"2026-05-14T10:14:16.80315Z","vulnerability":{"name":"CVE-2025-12818"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.804285Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.804285Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"under_investigation","timestamp":"2026-05-14T10:14:16.804285Z","vulnerability":{"name":"CVE-2026-21925"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.805171Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.805171Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"under_investigation","timestamp":"2026-05-14T10:14:16.805171Z","vulnerability":{"name":"CVE-2025-12817"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.805842Z","impact_statement":"None of the Windows-specific triggering conditions involving plugin discovery apply to the Datadog Agent binary.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:14:16.805842Z","products":[{"@id":"pkg:golang/github.com/docker/cli@v29.0.3%2Bincompatible"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.805842Z","vulnerability":{"name":"CVE-2025-15558"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.80636Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.806359Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"under_investigation","timestamp":"2026-05-14T10:14:16.806359Z","vulnerability":{"name":"CVE-2025-8713"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.807914Z","impact_statement":"The Datadog Agent uses libpq as a client only and does not host PostgreSQL server code.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:14:16.807913Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.807913Z","vulnerability":{"name":"CVE-2026-2003"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.808458Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.808458Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"under_investigation","timestamp":"2026-05-14T10:14:16.808457Z","vulnerability":{"name":"CVE-2026-23865"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.809562Z","impact_statement":"The UI:R (user interaction required) prerequisite is structurally unsatisfiable in a containerized agent service, and the attack path described targets sandboxed client deployments","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:14:16.809562Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.809562Z","vulnerability":{"name":"CVE-2026-21933"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.800299Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.800299Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T10:14:16.800298Z","vulnerability":{"name":"CVE-2025-21502"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.800738Z","impact_statement":"The detected artifact (`libpq.dll`) is the PostgreSQL client connection library bundled with the psycopg3 binary wheel and does not contain the vulnerable dump/restore code","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:14:16.800738Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.800738Z","vulnerability":{"name":"CVE-2025-8715"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.800774Z","impact_statement":"This vulnerability detection is a false positive caused by overly broad CPE matching in vulnerability databases. The CVE does not apply to the Windows Datadog Agent.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:14:16.800774Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.800774Z","vulnerability":{"name":"CVE-2017-8806"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.801217Z","impact_statement":"Oracle's advisory explicitly exempts server-side Java deployments running trusted code and the Datadog Agent JMX fetcher is a server-side process running only the trusted jmxfetch.jar","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:14:16.801217Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.801216Z","vulnerability":{"name":"CVE-2026-21945"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.80127Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.80127Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T10:14:16.801269Z","vulnerability":{"name":"CVE-2025-53066"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.801307Z","impact_statement":"The Datadog Agent uses libpq exclusively as a client library for database connections; it does not host a PostgreSQL server or load server extensions","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:14:16.801307Z","products":[{"@id":"pkg:generic/postgresql@16.9"}],"status":"not_affected","timestamp":"2026-05-14T10:14:16.801306Z","vulnerability":{"name":"CVE-2026-2004"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.802412Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.802411Z","products":[{"@id":"pkg:generic/oracle/openjdk@11.0.25%2B9?repository_url=https%3A%2F%2Fgithub.com%2Fadoptium%2Fjdk11u.git"}],"status":"affected","timestamp":"2026-05-14T10:14:16.802411Z","vulnerability":{"name":"CVE-2025-53057"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:26:40.36389Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:26:40.36389Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@9.0.10"},{"@id":"pkg:nuget/System.Security.Cryptography.Xml@9.0.13"}],"status":"under_investigation","timestamp":"2026-05-14T10:26:40.36389Z","vulnerability":{"name":"CVE-2026-33116"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:26:40.36406Z","impact_statement":"The Datadog Agent has no MimeKit dependency and sends no SMTP mail","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:26:40.36406Z","products":[{"@id":"pkg:nuget/MimeKit@4.3.0.0"}],"status":"not_affected","timestamp":"2026-05-14T10:26:40.36406Z","vulnerability":{"name":"CVE-2026-30227"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:26:40.364257Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:26:40.364257Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@9.0.10"},{"@id":"pkg:nuget/System.Security.Cryptography.Xml@9.0.13"}],"status":"under_investigation","timestamp":"2026-05-14T10:26:40.364256Z","vulnerability":{"name":"CVE-2026-26171"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent does not host any ASP.NET Core web application, making this vulnerability unexploitable under normal agent operation","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:34:10.789673Z","products":[{"@id":"pkg:nuget/Microsoft.AspNetCore.App.Runtime.win-x64@9.0.13"}],"status":"affected","timestamp":"2026-05-14T10:26:40.363763Z","vulnerability":{"name":"CVE-2026-26130"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:19:49.79218Z","products":[{"@id":"pkg:nuget/NuGet.Packaging@6.14.0.116"},{"@id":"pkg:nuget/NuGet.Protocol@6.14.0.116"}],"status":"affected","timestamp":"2026-05-14T10:26:40.383206Z","vulnerability":{"name":"GHSA-g4vj-cjjj-v7hg"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by CVE-2025-53816 as the vulnerable component is not present","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:34:10.789722Z","products":[{"@id":"pkg:generic/7-zip@24.09"}],"status":"affected","timestamp":"2026-05-14T10:26:40.364523Z","vulnerability":{"name":"CVE-2025-53816"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by CVE-2025-53817 due to the absence of the vulnerable component","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:34:10.789731Z","products":[{"@id":"pkg:generic/7-zip@24.09"}],"status":"affected","timestamp":"2026-05-14T10:26:40.364585Z","vulnerability":{"name":"CVE-2025-53817"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"Not exploitable through agent's normal operation","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:34:10.789736Z","products":[{"@id":"pkg:generic/7-zip@24.09"}],"status":"affected","timestamp":"2026-05-14T10:26:40.36462Z","vulnerability":{"name":"CVE-2025-11001"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"Not exploitable through agent's normal operation","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:34:10.789741Z","products":[{"@id":"pkg:generic/7-zip@24.09"}],"status":"affected","timestamp":"2026-05-14T10:26:40.365028Z","vulnerability":{"name":"CVE-2025-11002"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The Datadog Agent does not use .NET networking at runtime, making exploitation near-zero under normal agent operation.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:34:10.789755Z","products":[{"@id":"pkg:nuget/Microsoft.NETCore.App.Runtime.win-x64@9.0.13"}],"status":"affected","timestamp":"2026-05-14T10:26:40.366447Z","vulnerability":{"name":"CVE-2026-26127"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"The product is not affected by CVE-2025-55188 as the component related to symbolic link handling in 7-Zip is not present.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:34:10.789782Z","products":[{"@id":"pkg:generic/7-zip@24.09"}],"status":"affected","timestamp":"2026-05-14T10:26:40.372118Z","vulnerability":{"name":"CVE-2025-55188"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:26:40.367562Z","impact_statement":"This vulnerability cannot be exploited in the Datadog Agent container. MinGit is an unused component from the PowerShell base image with proper ACL protections. The container security model eliminates the attack surface required for exploitation.","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:26:40.367562Z","products":[{"@id":"pkg:generic/msys2@3.6.6-1cdd4371f24a23dbc385d950806502a872ef79f0"}],"status":"not_affected","timestamp":"2026-05-14T10:26:40.367561Z","vulnerability":{"name":"CVE-2022-37172"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:26:40.382989Z","impact_statement":"The agent does not perform S/MIME message processing or X.509 certificate imports via email libraries","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:26:40.382988Z","products":[{"@id":"pkg:nuget/MimeKit@4.3.0.0"}],"status":"not_affected","timestamp":"2026-05-14T10:26:40.382988Z","vulnerability":{"name":"GHSA-gmc6-fwg3-75m5"}},{"action_statement":"This vulnerability was fixed in: 7.78.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:19:49.792129Z","products":[{"@id":"pkg:nuget/Microsoft.NETCore.App.Runtime.win-x64@9.0.13"}],"status":"affected","timestamp":"2026-05-14T10:26:40.37579Z","vulnerability":{"name":"CVE-2026-32178"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.983324Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.983324Z","products":[{"@id":"pkg:golang/github.com/apache/thrift@v0.22.0"}],"status":"under_investigation","timestamp":"2026-05-14T10:14:16.983323Z","vulnerability":{"name":"CVE-2026-41602"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:14:16.984368Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:14:16.984368Z","products":[{"@id":"pkg:golang/github.com/antchfx/xpath@v1.3.5"}],"status":"affected","timestamp":"2026-05-14T10:14:16.984367Z","vulnerability":{"name":"CVE-2026-32287"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.669708Z","impact_statement":"The product is not affected by CVE-2018-20506 as the vulnerable FTS3 component is not present.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:51.669708Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.669708Z","vulnerability":{"name":"CVE-2018-20506"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.669786Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.669786Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.669786Z","vulnerability":{"name":"CVE-2018-20505"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.669861Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.669861Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.669861Z","vulnerability":{"name":"CVE-2020-11656"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.669955Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.669955Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.669955Z","vulnerability":{"name":"CVE-2020-11655"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.670018Z","impact_statement":"PowerShell's Newtonsoft.Json is unused. No exploitation path exists for CVE-2024-21907 in the agent's actual operation.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.670018Z","products":[{"@id":"pkg:nuget/Newtonsoft.Json@12.0.3"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.670018Z","vulnerability":{"name":"CVE-2024-21907"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.670042Z","impact_statement":"CVE-2021-41355 ONLY affects Linux and macOS systems, NOT Windows. The vulnerability was detected in PowerShell's dependencies on a Windows container image where it poses ZERO risk","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:51.670042Z","products":[{"@id":"pkg:nuget/System.DirectoryServices.Protocols@5.0.0"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.670042Z","vulnerability":{"name":"CVE-2021-41355"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.670086Z","impact_statement":"The agent does not perform S/MIME message processing or X.509 certificate imports via email libraries","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:51.670086Z","products":[{"@id":"pkg:nuget/System.Formats.Asn1@5.0.20.51904"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.670086Z","vulnerability":{"name":"CVE-2024-38095"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.670289Z","impact_statement":"This vulnerability poses ZERO risk to the Windows Datadog Agent because the CVE explicitly excludes Windows systems.","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:51.670289Z","products":[{"@id":"pkg:nuget/System.Drawing.Common@5.0.0"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.670289Z","vulnerability":{"name":"CVE-2021-24112"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.670378Z","impact_statement":"The agent's SQL Server monitoring capability uses completely different libraries (Python ADODB/ODBC) and is not affected by .NET SQL Client vulnerabilities. The vulnerable component is present but never invoked","justification":"vulnerable_code_not_present","last_updated":"2026-05-14T10:21:51.670378Z","products":[{"@id":"pkg:nuget/System.Data.SqlClient@4.8.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.670377Z","vulnerability":{"name":"CVE-2024-0056"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.670527Z","impact_statement":"While System.Security.Cryptography.Xml is present as a PowerShell dependency, the Datadog Agent has no code that could trigger this vulnerability","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.670526Z","products":[{"@id":"pkg:nuget/System.Security.Cryptography.Xml@5.0.0"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.670526Z","vulnerability":{"name":"CVE-2022-34716"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.670552Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.670552Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.670551Z","vulnerability":{"name":"CVE-2019-16168"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.669215Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.669215Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.669215Z","vulnerability":{"name":"CVE-2022-35737"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.669286Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.669285Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.669285Z","vulnerability":{"name":"CVE-2019-8457"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.669518Z","impact_statement":"The Agent doesn't use winsqlite3.dll as it bundles go-sqlite3 with SQLite.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.669518Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.669518Z","vulnerability":{"name":"CVE-2018-20346"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.669634Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.669634Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.669633Z","vulnerability":{"name":"CVE-2019-19646"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.670988Z","impact_statement":"The product is not affected by CVE-2019-19645 as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.670988Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.670988Z","vulnerability":{"name":"CVE-2019-19645"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.672266Z","impact_statement":"The agent's SQL Server monitoring capability uses completely different libraries (Python ADODB/ODBC) and is not affected by .NET SQL Client vulnerabilities. The vulnerable component is present but never invoked","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.672266Z","products":[{"@id":"pkg:nuget/System.Data.SqlClient@4.8.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.672266Z","vulnerability":{"name":"CVE-2022-41064"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.672387Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.672387Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.672387Z","vulnerability":{"name":"CVE-2023-7104"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.673455Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.673455Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.673455Z","vulnerability":{"name":"CVE-2020-13630"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.676654Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.676654Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.676654Z","vulnerability":{"name":"CVE-2020-13434"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.679943Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.679943Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.679942Z","vulnerability":{"name":"CVE-2020-13631"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.683099Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.683099Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.683099Z","vulnerability":{"name":"CVE-2020-15358"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.689077Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.689077Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.689077Z","vulnerability":{"name":"CVE-2020-13632"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:21:51.692521Z","impact_statement":"The product is not affected by this CVE as the vulnerable SQLite component is not in execution path.","justification":"vulnerable_code_not_in_execute_path","last_updated":"2026-05-14T10:21:51.692521Z","products":[{"@id":"pkg:generic/sqlite@3.23.2"}],"status":"not_affected","timestamp":"2026-05-14T10:21:51.692521Z","vulnerability":{"name":"CVE-2020-13435"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:30:54.168328Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:30:54.168327Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.1.0"}],"status":"under_investigation","timestamp":"2026-05-14T10:30:54.168327Z","vulnerability":{"name":"CVE-2026-33252"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:30:54.161727Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:30:54.161727Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.1.0"}],"status":"under_investigation","timestamp":"2026-05-14T10:30:54.161727Z","vulnerability":{"name":"CVE-2026-34742"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:30:54.162004Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:30:54.162004Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"under_investigation","timestamp":"2026-05-14T10:30:54.162004Z","vulnerability":{"name":"CVE-2026-40355"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:30:54.16222Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:30:54.16222Z","products":[{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libk5crypto3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5-3@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"},{"@id":"pkg:deb/ubuntu/libkrb5support0@1.20.1-6ubuntu2.6?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=krb5"}],"status":"under_investigation","timestamp":"2026-05-14T10:30:54.16222Z","vulnerability":{"name":"CVE-2026-40356"}},{"action_statement":"","action_statement_timestamp":"2026-05-14T10:30:54.169227Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:30:54.169227Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.1.0"}],"status":"under_investigation","timestamp":"2026-05-14T10:30:54.169227Z","vulnerability":{"name":"GHSA-q382-vc8q-7jhj"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:33:02.597214Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:30:54.169046Z","vulnerability":{"name":"CVE-2026-6276"}},{"action_statement":"This vulnerability was fixed in: 7.77.1","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:46:13.865936Z","products":[{"@id":"pkg:golang/github.com/modelcontextprotocol/go-sdk@v1.1.0"}],"status":"affected","timestamp":"2026-05-14T10:30:54.162974Z","vulnerability":{"name":"CVE-2026-27896"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T10:37:32.010505Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:30:54.161311Z","vulnerability":{"name":"CVE-2025-0167"}},{"action_statement":"This vulnerability was fixed in: 7.77.0","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"libssh-4 0.10.6-2ubuntu0.3 is present in the cluster-agent image as a transitive dependency of libcurl4 (installed via `curl` in the Dockerfile). CVE-2026-3731 is an out-of-bounds read in libssh's SFTP Extension Name Handler (`sftp_extensions_get_name`/`sftp_extensions_get_data`), triggered when an SFTP client processes crafted extension data from a malicious server. The Datadog Cluster Agent is a pure-Go binary with no libssh linkage and performs no SSH or SFTP operations. The `curl` binary that carries the libssh dependency is present but never invoked with SFTP URLs by the cluster-agent. A fix is available: `libssh-4 0.10.6-2ubuntu0.4` (Ubuntu 24.04, released 2026-03-17).","justification":"vulnerable_code_cannot_be_controlled_by_adversary","last_updated":"2026-05-14T10:37:32.010543Z","products":[{"@id":"pkg:deb/ubuntu/libssh-4@0.10.6-2ubuntu0.3?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=libssh"},{"@id":"pkg:deb/ubuntu/libssh-4@0.10.6-2ubuntu0.3?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=libssh"}],"status":"affected","timestamp":"2026-05-14T10:30:54.161804Z","vulnerability":{"name":"CVE-2026-3731"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:33:02.59717Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:30:54.166016Z","vulnerability":{"name":"CVE-2026-7168"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:33:02.597182Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:30:54.167071Z","vulnerability":{"name":"CVE-2026-6429"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:33:02.597186Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:30:54.167262Z","vulnerability":{"name":"CVE-2026-6253"}},{"action_statement":"This vulnerability was fixed in: 7.78.3","action_statement_timestamp":"0001-01-01T00:00:00Z","impact_statement":"","justification":"","last_updated":"2026-05-14T11:33:02.597206Z","products":[{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=amd64\u0026distro=ubuntu-24.04\u0026upstream=curl"},{"@id":"pkg:deb/ubuntu/curl@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04"},{"@id":"pkg:deb/ubuntu/libcurl4t64@8.5.0-2ubuntu10.7?arch=arm64\u0026distro=ubuntu-24.04\u0026upstream=curl"}],"status":"affected","timestamp":"2026-05-14T10:30:54.168679Z","vulnerability":{"name":"CVE-2026-4873"}}],"timestamp":"2026-03-09T15:54:54.103649393Z","tooling":"","version":20}